#ubuntu-server 2006-06-12
<mgalvin> fabbione: ping?
<_paulbart> ow do i config mysql to allow outsied connections?
<_paulbart> (typo) how
<_paulbart> ill ask on the mysql channel
<_paulb> i have a laptop that i would like to use mysql-admin on but the mysql server is set up to only allow connections from 127.0.0.1(its loopback address) how do i cange it so it allows connections fromall computers?
<A-Kaser> 'lo
<A-Kaser> no european people here ?
<J_P> hi all
<A-Kaser> hi
<edneymatias> morning!
<A-Kaser> ... afternoon
<jsgotangco> good evening =)
<A-Kaser> .be and you ?
<jsgotangco> .ph =)
<A-Kaser> oh !
<edneymatias> .doc?!
<edneymatias> :)
<jsgotangco> hah
<A-Kaser> tss :)
<mpathy> Hi There.. Much changed since the last release, heh? :) Because I try to get ssh started and feel a little bit dumb because the "usual" ways didnt work.. ?!
<J_P> hi all
<J_P> hey, I was have onde redir working ok: "redir --laddr=200.xxx.xxx.xxx --lport=9000 --caddr=192.168.0.25 --cport=9000 --syslog --debug".
<J_P> This redir were working for many months, so this weekend he stop of work. I try kill redir, start it agaim, comment all in /etc/hosts.deny but not works.
<J_P> So I reboot machine and that redir come back to work. This is very strange, and this is not windows to need reboot.
<J_P> This, I'm do nothing diferent before I restart machine. really NOTHING. Anyone can tell somethig for me have attnetion or anyone cause becouse this is ocurred ?
<J_P> ahh this server was uptime 95 days. Only today i reboot it as last alternative to redir works.
<A-Kaser> zombi process may be
<A-Kaser> have you make : netstat -lna
<A-Kaser> before the reboot ?
<A-Kaser> or iptables -L -n
<A-Kaser> to be sure you don't have a firewall rules or zombi process
<A-Kaser> iptables stay in memory only , so if you reboot the iptables rules are empty
<J_P> A-Kaser: humm not!
<J_P> A-Kaser: I'm not use iptables in that machine,
<J_P> really i'm not use iptables in that machine
<A-Kaser> try iptables -L -n in sudo or root
<A-Kaser> just to list the rules
<A-Kaser> and the same with -t mangle
<A-Kaser> -t nat
<A-Kaser> may be you have try a software which have change iptables
<A-Kaser> I don't know if you need enable ip_forward to use redir
<J_P> A-Kaser: not, to redir works do not need ip_forward enabled. So iptables -L -n not help to debug if I'm nit use iptables for nothing is this machine right.
<A-Kaser> right but maybe another software have change iptables
<A-Kaser> but in all cases you cannot to know this after the reboot :)
<J_P> A-Kaser: yes, you are right.. I think si somethink in network software problema (bug) in ubuntu (layer 3)
<A-Kaser> a zombi process is not impossible
<panthar> If I configure dhclient to send a hostname to the DHCP server, should I be seeing that on the command line?  I used to see "-h blahblah" on an older distro I had.
<neuralis> panthar: that's the host-name parameter in /etc/dhcp3/dhclient.conf
<panthar> Hm, it's set there, but no dice
<neuralis> one second.
<neuralis> seems to work fine here.
<panthar> shoot - my old server used the -h option and it was working.
<neuralis> you have the line uncommented in the conf file, right??
<panthar> Yeah :)
<neuralis> er, one question mark.
<panthar> *stop yelling at me*
<panthar> heh
<panthar> Would I see the hostname request in any logs?
<neuralis> not sure, to be honest. the #ltsp folks might know, or you can try sniffing your dhcp packets and seeing if the hostname is being sent.
<panthar> Might be easier to harass someone at the noc for a static :)
<panthar> Thank you for the suggestions though.
<neuralis> sure.
#ubuntu-server 2006-06-13
<edneymatias> bye!
<TrioTorus> guys and gals, I want to install phpldapadmin but it depends on apache1 and php4. Does somebody have it running with apache2 and php5 or is that too adventurous? Just trying this on a home network for now.
<ajmitch> TrioTorus: you should be able to install it with apache2 & php5
<TrioTorus> any doc/pointers on this?
<ajmitch> just install the package :)
<TrioTorus> how do I overwrite dependency check?
<ajmitch> apt-get install phpldapadmin libapache2-mod-php5
<ajmitch> you don't need to
<TrioTorus> ah ok
<TrioTorus> I started editing the ldapserver wiki page, but it lacks a lot of info right now. I'll try to update it with my findings soon. Anyone wants to cross-check?
<lionelp> TrioTorus: I ma the original author of the page, so yes, I am volonteer to cross-check :)
<TrioTorus> lionelp: ah ok, thanks, lovely to meet you
<lionelp> :)
<lionelp> What kind of info was missing for you (just for my personal info to write beter doc next time :-))
<TrioTorus> lionelp: I would like a wiki guide that helps to set up a basic but very usable ldap server for somebody who has never set up such a thing before
<TrioTorus> lionelp: like what gui are u using for it?
<lionelp> Maybe that can be the topic of a second page
<lionelp> more directive
<TrioTorus> lionelp: I agree
<lionelp> "LDAPServerForDummies"
<lionelp> A page where we propose a basic configuration without to many explanations for those who are in a hurry
<TrioTorus> lionelp: like that would contain me to be honest
<TrioTorus> lionelp: yes
<lionelp> TrioTorus: I am using gq and a lot a command line
<TrioTorus> lionelp: but gq is just a ldap browser, right?
<lionelp> yes, it can edit entries too
<lionelp> You wantes a GUi for setting the LDAP directory ?
<TrioTorus> lionelp: "how to set up ldap, user admin, group admin, bookmarks, adressbook, dnsldap for dummies" something like that.
<TrioTorus> lionelp: well, there is a directive for edgy eft to include network authentication over ldap in an easy manner. I would just like to make a start.
<lionelp> the problem is to find the good granularity
<lionelp> yes
<lionelp> ajmitch will do it for us :)
<TrioTorus> well, now that I know you guys hang around in here, I'll report back.
<TrioTorus> Like for a start, wouldn't you agree that phpldapadmin is a good tool for administering?
<lionelp> You're welcome
<lionelp> It a tool, like another :)
<lionelp> I had problem with it last time i tried it (not on a dapper)
<lionelp> but yest, that is a good option
<TrioTorus> lionelp: it is, but I want the ldap-noob tool
<lionelp> you can give it a try
<TrioTorus> ok
<edney_brasil> morning all!
<TrioTorus> phpldapadmin still depends on libapache-mod-php4 even when installing libapache2-mod-php5 with it. See http://paste.ubuntu-nl.org/15651
<TrioTorus> how can I make it not install the php4 module?
<lionelp> TrioTorus: apt-get install php5-ldap phpldapadmin
<TrioTorus> lionelp: great, thanks, that worked.
<TrioTorus> lionelp: how did you figure this out? Can I see dependancy tree easily with apt-get (gentoo convert)
<lionelp> Check package Depends information with apt-cache show phpldapadmin
<lionelp> You can see the tree with apt-cache depends phpldapadmin
<TrioTorus> lionelp: would it be wise to only include users with uid>1000 ubuntu LDAP server?
<lionelp> yes !
<TrioTorus> so, for ubuntu non-system users and non-system-groups > 1000? I was reading somewhere that some distro's consider everything >100 as non-system
<lionelp> Debian policy say that non system users are users > 1000
<lionelp> (same for group)
<TrioTorus> k, what about if you authenticate against LDAP, but you need to be a member of the video group (gid: 44), will I be able to assign gid 44 to that user, even though this group will not have an entry in the LDAP tree?
<lionelp> sure
<TrioTorus> the reason I'm asking is: I also want to use the ldap server with a mac client, the system groups might all have different numbers.
<lionelp> TrioTorus: ok, that's not a problem
<lionelp> for example, my user on my workstation is on my company LDAP
<lionelp> but I ma the member of some local groups (audio, video, etc.)
<TrioTorus> but that means on the ldap server, those gid's are assigned to you, right? Or is there a more dynamic system?
<lionelp> no, I added my LDAP user to local group
<lionelp> in /etc/group file
<lionelp> my LDAP server ignore all of my local groups
<TrioTorus> but that means you have to maintain your /etc/group file on every client.
<TrioTorus> which surpassed the aim of setting up an ldap server.
<lionelp> Depends on how your clients are the same
<lionelp> In the case they are all the same, you can move group in LDAP
<lionelp> or change groups for acceding audio/video
<lionelp> On another network I administer, audio and video devices are associated to the group of which all users are member of
<lionelp> So, everybody can access it
<TrioTorus> that's what I would be aiming for. Say you name the audio group 'audio' with gid '1010' this would mean I have to change the gid on the client machine to 1010 for all files that need to acces 1010. This seems like at least the same amount of work. I'm just fishing for a more elegant technique here, but i might be way off.
<lionelp> There is not really one way to do that
<lionelp> (now I understand what you wanted in howto)
<TrioTorus> :-) yeah, these are the questions a noob would want to see huh?
<lionelp> :)
<TrioTorus> but I'm glad to be able to chat about it
<TrioTorus> so, what would you say the choice for a beginner should be: just use id's > 1000 and keep maintaining your /etc/groups file?
<lionelp> I personnaly find this is the easier way to acheive
<lionelp> You will have to modify all clients (or by hand,  or a framework) for LDAP configuration
<lionelp> so...
<lionelp> That's only one more line to add
<lionelp> On your network, does all your users have to connect to all the workstations ?
<lionelp> do you have numerous users ?
<TrioTorus> good point, no, I only have a 5 users, but they should be able to acces all machines. And I'm only setting this up as proof of concept.
<lionelp> Ok
<lionelp> I will add a wiki page with some notes I have on another wiki about configuration on workstations
<TrioTorus> wonderfull
<TrioTorus> Let me maybe paint the bigger picture: I'm leading a small special fx company that uses linux for the creation of 3D graphics. Unfortunately, for compositing and editing, the mac is unbeatable on this field for now. So transparancy between os x and linux would be wonderfull (it's so close already). This is specific to my shop, but I'm sure others would vastly benefit from transparent os x and linux accounts.
<lionelp> It can be integrated
<lionelp> but I do not owned a Mac myself
<thefish> TrioTorus: have a look here, i think thats everything you need: http://times.usefulinc.com/2005/09/25-ldap
<TrioTorus> lionelp: thanks for the link. I'll read it. I just thought of this though: a solution would be to make group a member of a group then I could have in /etc/group this for example: audio:x:29:ldapusers where ldapusers is a group in itself
<thefish> TrioTorus: why not just keep the groups in ldap as well
<TrioTorus> thefish: because I was reading a directive on debian wiki to only include non-system uid and gid's. Moreover, if I combine with local groups on a completely different system (like os x in my case), the results are unpredictable.
<TrioTorus> thefish: mind you, this is a thinking exercise
<thefish> kay
<thefish> i am guessing you want groups for file access permissions?
<thefish> if so, you could make custom groups for those
<TrioTorus> thefish: on os x, some local groups involve: admin, lpadmin,mail, dialer and so on, and they map to other gid's.
<thefish> ye
<thefish> so you could make a group called fileaccess in ldap
<TrioTorus> thefish: yes I could, but that means on I have to change groups on the client machine to the new gid.
<thefish> why?
<thefish> if its an ldap group, just change permissions on the files
<thefish> those groups will come from ldap, not from local machines
<TrioTorus> thefish: that's right, but isn't that a dangerous thing to do? All files that have plugdev need changing to the plugdev_ldap group.
<TrioTorus> What if I plug in a usb device? Will it automatically have plugdev_ldap assigned?
<thefish> or you could use acls, and just add the groups as well as whatever existing groups
<lionelp> thefish: it is more complicated than just changing files permissions
<lionelp> you have to change udev permissions in dynamic devices creation
<thefish> i see for usb disks etc ye
<lionelp> change some groupe of some executables that are setuid
<lionelp> thefish: absolutely
<thefish> but for nfs or samba it would be fine
<lionelp> yes
<thefish> ive never tried with usb stuff, sounds fun
<lionelp> but the original question of TrioTorus concern audio & video group
<lionelp> For 5 users, that's why I advised him to alter local group
<TrioTorus> well, as I said, I was thinking out loud.
<lionelp> That was to my mind the easiest quand quickest solution to setup
<TrioTorus> I want to set it up so that as many people can benefit from this easy setup.
<TrioTorus> lionelp: yes, so id>1000 only for now then :-)
<lionelp> I'll start writing a more complete page on the wiki later this night
<TrioTorus> lionelp: ok, that is already nice. I'll be here tomorrow too.
<TrioTorus> one last thought: there should be a mechanism to map gid to other gid and save that in ldap
<TrioTorus> If openldap wants to be this big overall authentication tool, man that would be wonderfull
<TrioTorus> (if the machine that is connecting is os x, then use this mapping)
<edney_ToTheHEXA> see ya!
<dwight> need help getting amavis to scan emails
<usual> neuralis: I think I figured out my problem witht he HP DL140G2 server. If you remember. I had a problem with the broadcom nic's
<usual> neuralis: I havn't tried it yet because the driver download from broadcom is down, but it seems due to GPL violations the tg3 driver in debian is not complete. I have to use their driver. I hope it works
<usual> neuralis: I don't know if ubuntu shares that issue or not
<usual> I'm going to build the non-free driver with module assistant
<dwight> Can anyonr tell me why amavisd no longer use the amavis.conf file? Yes the conf.d directory is easier to work with, but it does not work. WTF?
#ubuntu-server 2006-06-14
<Matthewv> trying to install ubuntu-server (LAMP) on a celeron 233 with 64 mb ram --- drops down to low memory mode, and then, when tryign to detect cd, i get Kernel panic - not syncing: Fatal exception in interrupt
<Matthewv> or is this the wrong channel?
<Matthewv> does this channel exist?
<neuralis> interesting. i haven't tried a very low memory ubuntu install, but that doesn't sound like an OOM error.
<neuralis> are you able to glean anything else from the output before the error?
<Matthewv> neuralis, not really, i just installed more memory :) and now almost the same happens, xept it hangs and doesn't display the error... maybe cause framebuffer is now running?
<neuralis> could be. were you previously able to install another distribution on this machine?
<Matthewv> seemed to be a few problems linking /dev/discs/something to /hda something
<Matthewv> neuralis, yes it had breezy on it
<Matthewv> i wanted to try the lamp installation :)
<Matthewv> hang on, i'll try the normal installation, not lamp, and see what happens
<neuralis> Matthewv: the lamp installation is a plain ubuntu server install that automatically adds five packages at the end. shh, it's a secret.
<Matthewv> neuralis, so that wouldn't make a diff.?
<neuralis> no.
<Matthewv> oh ok :)
<neuralis> i'd hate to think we regressed on minimum memory for the server install, but it's possible.
<Matthewv> Missing module 'hd-sometih'
<Matthewv> create_node: symlink(hda5, /dev/disc1) failed : File exists
<Matthewv> cdrom-detect: searching for ubuntu installation media...
<neuralis> this is after you already launched into d-i?
<Matthewv> d-i?
<neuralis> the installer?
<Matthewv> this is after i run the installer normally, i hit ctrl-alt-f4 and watch errors...
<Matthewv> now its got the kernel panic error
<Matthewv> preceded by a whole stack of cdrom_stuff, ide stuff...
<neuralis> ah. reboot, go to the console when the installer opens, and see what the memory usage is like.
<Matthewv> ok
<Matthewv> i put extra memory in now though, so it isnt running in low mem. mode any more
<neuralis> how much is in there now?
<Matthewv> 128M
<Matthewv> there was 64M i think
<neuralis> have you run the integrity checker on the cd?
<Matthewv> neuralis, no
<Matthewv> how do i check memory usage?
<neuralis> run 'free'.
<Matthewv> 23920 used
<neuralis> yeah, doesn't sound like a memory thing. i'd run the integrity check to make sure it isn't a bad burn.
<Matthewv> ok... thanks neuralis i'll do that
<Matthewv> btw neuralis is this a dev or support channel.. topic sounds like dev. but chanserv tells me its support + dev
<neuralis> development only. but we tend to take *interesting* support questions.
<Matthewv> ok, so chanserv is wrong?
<neuralis> yeah, we should get that fixed.
<Matthewv> cd integrity checker has kernel panic
<neuralis> well then :)
<Matthewv> reburn??
<neuralis> yeah. do a verify round after burning, if you can.
<Matthewv> ok... and i deleted is .iso :(
<neuralis> you can do a minimal breezy install and just upgrade.
<Matthewv> ok... i think I'd rather have a dedicated iso, as both will require about the same amount of download wont they?
<neuralis> yeah. i assumed you still had breezy burns on hand.
<Matthewv> what i mean is upgrading all those packages to dapper will require the same amount of download as downloading the iso, right?
<neuralis> a lot less, actually.
<Matthewv> really?? ok... and then i suppose its a sudo apt-get install apache2 mysql5 php5 and?
<neuralis> apache2, php5, mysql-server, linux-image-server
<Matthewv> ok, thanks a lot for all the help neuralis
<neuralis> sure.
<blanky> hey guys
<blanky> if I install an ubuntu server, CLI only, is there a way to make the text smaller, like, higher resolution terminal?
<blanky> anyone, please
<lionelp> blanky: you mean a frame buffer console ?
<blanky> lionelp, yeah that! :)
<blanky> lionelp, somebody at #ubuntu told me to get svgatextmode, is that correct?
<lionelp> I do not remember on server CD, I remmember it was easily possible on the alternate CD
<blanky> lionelp, that's what I'm using, a xubuntu alternate cd, with boot option 'server'
<lionelp> You should so have an option menu on the first screen to select the resolution
<lionelp> btw, when you have finished, juste edit /boot/grub/menu.lst
<blanky> lionelp, okay cool, er, what for?
<lionelp> change the line # defoptions
<blanky> okay
<lionelp> to something like # defoptions=quiet splash vga=0x317
<blanky> oh okay, thanks sir
<lionelp> I do not remmeber the correspondance betwen vga=values and resolution
<lionelp> but sure google will help you :)
<blanky> thanks, i'll look it up :)
<TrioTorus> lionelp: Hey, why is it in the wiki that you chose to delete the initial database?
<TrioTorus> I think this is a bit confusing because when you install slapd, you get asked questions that relate to your initial setup
<TrioTorus> lionelp: but let me also ask: how r u today? :-)
<TrioTorus> For ldap, do I need the rootdn to be an entry in the database? Or is the configuration in slapd.conf enough?
<lionelp> Hi TrioTorus
<lionelp> Fine thanks and you ?
<lionelp> I choose to delete to have a full LDIF import
<lionelp> If all the database was not in the LDIF, we can not delete the content
<TrioTorus> true, but isn't it true when installing slapd, you get asked base dn and root password?
<lionelp> yes, that's true
<lionelp> But my setup is a more general process
<TrioTorus> lionelp: think we should at least inform the noob installer about that. I'll have a look at what is there initially, and maybe for the example we better build on that?
<lionelp> For exemple, if I want a o=my_company as suffix, I can't with installer
<TrioTorus> lionelp: think we should then inform the package maintainer to make that possible?
<lionelp> TrioTorus: LDAP will always need some knowledge of the LDAP protocol and fine tuning
<lionelp> everything can not be done at install
<lionelp> all the person I know that install slapd do a by hand tuning after the install
<lionelp> yes, we can inform the user in the howto, but I love simple howto
<lionelp> this is not a copy-paste of the man page
<lionelp> I hate howto that make me afraid when I see how long they are
<lionelp> but that is a personnal POV
<TrioTorus> no, it should be ubuntu specific, that's why I think we should inform that there is stuff there already
<TrioTorus> I can see of course that starting from scratch has its advantages
<TrioTorus> just thought to open up discussion
<TrioTorus> because for edgy eft, there is a directive I would like to see evolve: authenticating against a directory
<lionelp> As we said yesterday, a network authentication specification is under work
<lionelp> and will be implemented as Google SoC
<TrioTorus> ok, wasn't here anymore then. Where can I read up on this?
<lionelp> https://launchpad.net/distros/ubuntu/+spec/network-authentication
<TrioTorus> ok, so with this spec in mind, shouldn't people be setting up an ubuntu OpenLDAP server with certain directives?
<lionelp> If you have a look at implementation plan, you'll see that the server part is quite reduced
<TrioTorus> yes, it is quite general, it doesn't say what directory is going to be used, or is auth-server a tool that comes with fedora directory server?
<lionelp> I do not know which tools have been choosen
<lionelp> I dot not even know if tools have been choosen
<TrioTorus> ok, no, "a metapackage to depend on slapd & krb5" implies, OpenLDAP
* ajmitch will talk about it tomorrow, if you care..
<ajmitch> since I'm going off to sleep now :)
<lionelp> hh
<lionelp> so have a good night ajmitch
<TrioTorus> ajmitch: nice, good night
<atomic007za> hi
<atomic007za> Ihave a question
<TrioTorus> lionelp: ok, so you have to forgive for being so anxious. I'm all new to this community, but it rocks.
<TrioTorus> lionelp: specific to your wiki page, in the last line of the init.ldif file you propose, there is the displayName attribute for a posixGroup objectclass. I got an error stating that displayName is not allowed. Is this correct?
<atomic007za> I know this is a ubuntu IRC channel but can anyone help me to get fedora support or point me in the right direction?
<shawarma> atomic007za: Try #fedora
<atomic007za> thx
<atomic007za> ##fedora-join-instructions :Please register with services and use the IDENTIFY command (/msg nickserv help) to speak in this channel
<atomic007za> sorry new to IRC what does this mean
<atomic007za> ?
<atomic007za> where r the services?
<lionelp> atomic007za: you need to type "/msg NickServ register your_password"
<atomic007za> i c
<atomic007za> thx
<lionelp> TrioTorus: let me just few second to check :)
<lionelp> TrioTorus: displayName is an attribute of the inetorgPerson class
<TrioTorus> lionelp: yes, but as it stands now, groups is only posixGroup objectClass
<TrioTorus> lionelp: I'm referring to dn: cn=example,ou=groups,dc=example,dc=com on the wiki
<lionelp> oh yes, sorry i see
<lionelp> that's a typo
<lionelp> corrected
<TrioTorus> cool
<atomic007za> no luck at fedora, no one home, or jst not answering. Is it ok to ask a dansguardian question here?
<atomic007za> been to #dansguardian but dead there to
<flo> Hi ! Should a webcam basicly work on ubuntu-server or is there maybe something missing from the kernel ?
<mgalvin> flo: i would image it would work (especially if you install the desktop kernel)  if you have capture software installed
<mgalvin> haven't tried it though
<flo> ok then it's probably something else i just wanted to make sure before i keep searching for a solution...
<VonGeist> I just finished installing ubuntu server and for some reason its not letting me log in. I've re-installed to make sure I put in the right uid and pwd but it keeps telling me login incorrect. Any ideas why it would be doing that? Is there something I'm missing?
<VonGeist> anyone?
<mark105> i just updated from breezy to dapper, i see dapper has a new kernel, i have a smp server box so does the dapper kernel support smp?
<neuralis> mark105: the server kernel certainly does.
<mark105> im not sure which kernel i have
<mark105> i just got my breezy install and edited sources.list from everything breezy to dapper and dist-updated
#ubuntu-server 2006-06-15
<flo> Hi ! How do i install the kernel sources in ubuntu-server ?
<neuralis> mark105: install linux-image-server.
<edneymatias> see ya!
<edneymatias> bye!
<gpd> is there an easy way to reinstall a file from a .deb package - without 1) purging & reinstalling or 2) downloading the .deb, extracting the file with ar ?
<gpd> i want to reinstall /etc/mysql/debian.cnf without purging mysql-server
<ninian> Hi, I need to install apache2.2, can't find a package. Can anyone help me build from source ?
<fabbione> infinity: i just saw the server/tasks spec to add more simplified install targets. It is something that the sab was talking about when i was in London and i added it to my todo list for edgy. Do you want to be the "manager" for it and i do the dirty work, or you prefer to take care of it?
<infinity> fabbione: I suspect I'll end up owning the grnut work on that one.
<fabbione> infinity: ok
<fabbione> infinity: then you need to join the sparc porting team as manager...
<fabbione> or we will break the loop since i am out of X ;)
<infinity> fabbione: *laugh*... I'm on the sparc porting team anyway, as I'm on every porting team. :P
<fabbione> infinity: meh :(
<ajmitch> lucky you
<ninian> hello
<ninian> sorry... wrong channel
<lionelp> fabbione: has sparc Dapper been released ? I have not seen the announce
<fabbione> clearly if there was no announcement it has not been released.
<fabbione> it might happen tomorrow
<lionelp> I may have missed it :)
<lionelp> thanks
#ubuntu-server 2006-06-16
<stian> Greetings, I've installed ubuntu dapper server just now, but my php5 script is unable to send any mail
<stian> I don't get any errors from the script, but I've been waiting for an hour for mail
<stian> Anyone got any suggestions on this topic? I'm really stuck :S http://ubuntuforums.org/showthread.php?t=197496
<infinity> stian: "apt-get install postfix"
<stian> yes, done that
<stian> that was suggested in the post, I've done it, as I've written in the reply to the reply
<infinity> oh, I see, and now your postfix hates you.
<stian> in deed
<infinity> Not exactly much I can do about your "Connection timed out" issue.
<stian> Well
<infinity> If I had to guess, I'd say your ISP is blocking port 25 outgoing.  That's pretty common.
<stian> hmm
<stian> how can I check that?
<infinity> It's certainly not an Ubuntu issue that you can't connect to port 25 on some random computers on the internet.
<fabbione> stian: telnet smtp.fabbione.net 25
<fabbione> stian: if you cannot get there, there is nothing we can do
<stian> OMG
<stian> damn them
<stian> stian@x303:~$ telnet smtp.fabbione.net 25
<stian> Trying 195.22.207.161...
<stian> that's all I get :(
<fabbione> stian: it's your ISP problem
<stian> guess that means they're blocking :(
<stian> could it be my router? even though I haven't had these problems before, I switched ISP yesterday
<fabbione> stian: whatever is the issue, it's not an Ubuntu problem :)
<stian> hehe
<fabbione> stian: you want to talk with the ISP and ask them
<stian> okay
<stian> I'll give em a royal beating
<fabbione> a workaround is to use their smtpd as forward
<stian> ah well, how would I do that then? :)
<fabbione> configuring postfix to do it
<fabbione> but you get to read the manpage for postfix or google for it
<stian> Allright, that worked excellent :)
<stian> thanks :)
<stian> but I'll still mail them to see if there's anything else their blocking :/
<J_P> hey, I think dapper server has a bug when use raid on install.. my server congeals system after tell me to get out cd... in f4 console is ok, sync hds ok, but in f1 not pass of 86%... so I reboot in console 4 and works fine..
<peanutb> anyone know how to allow mysql connections that arent from 127.0.0.1
<gpd> peanutb: edit /etc/mysql/my.conf - comment bind-address line
<gpd> [WARNING] 
<peanutb> if i do that mysql wont start
<gpd> what errors in /var/log/syslog ?
<peanutb> ok now mysql starts but it still dosnt work
<peanutb> it dosnt broadcast on the mysql port
<peanutb> ok turns out i was trying to connect as root and he didnt have permissions to be from anywhere other than localhost.
<peanutb> thanks to mooseman
<J_P> hey, I think dapper server has a bug when use raid on install.. my server congeals system after tell me to get out cd... in f4 console is ok, sync hds ok, but in f1 not pass of 86%... so I reboot in console 4 and works fine..  anyone have this problem ?
<infinity> J_P: Never seen the problem, no.  Can you file a bug with a bit more info?
<J_P> infinity: ok
<edneymatias> morning!
<martoss> hi there
<martoss> anybody with pxe and nfs booting experinece here?
<tmarble> congratulations everyone: http://blogs.sun.com/roller/page/jonathan?entry=ubuntu_on_niagara_and_platinum
#ubuntu-server 2006-06-17
<javaTard> I am installing the 64 version onto a new system, is there a good bit of supported software for this version?
#ubuntu-server 2006-06-18
<andre> I can't get apache to run... When I etc/init.d/apache2 start it doesn't give any error message, but ther is no apache process running. theres also nothing in the apche logs.
<fabbione> andre: check /etc/defaults/apache2
<fabbione> and see if it's configured to start
<andre> its empty.
<fabbione> can't be empty
<fabbione> cat /etc/default/apache2
<fabbione> # 0 = start on boot; 1 = don't start on boot
<fabbione> NO_START=0
<andre> cat: /etc/defaults/apache2: No such file or directory
<fabbione> defaults -> default
<andre> ok
<andre> i set it to start on boot, but how do I start it now?
<fabbione>  /etc/init.d/apache2 start
<fabbione> anyway i am out here
* fabbione -> weekend
<andre> I see..... so set it to start on boot is required to make it start ta alll...
<andre> how logical. lol
<andre> thanks!
<andre> have fun
<A-Kaser> poy poy
#ubuntu-server 2007-06-11
<qiyong> what tool is used to configure the NIC besides ifconfig?
<shawarma> qiyong: What are you trying to do?
<qiyong> shawarma, configure nic
<shawarma> qiyong: So use ifconfig?
<qiyong> i expect some tool to store conf somewhere
<qiyong> shawarma, ^
<shawarma> shawarma: You probably want to edit /etc/network/interfaces
<shawarma> qiyong: ^^
<qiyong> btw, i noticed a bug of linux ifconfig shawarma 
<shawarma> qiyong: ifup/ifdown reads that file and uses ifconfig to configure your nic.
<qiyong> shawarma,  the first time you ifconfig ip/number it doesn't get the netmask and broadcast right. the subsequent ifconfig ip/number can get it right
<shawarma> qiyong: Could you give an example?
<qiyong> # ifconfig eth1 192.168.0.1/28
<qiyong> # ifconfig eth1
<qiyong> eth1      Link encap:Ethernet  HWaddr 00:18:8B:F8:A0:9D  
<qiyong>           inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
<qiyong> # ifconfig eth1 192.168.0.1/28
<qiyong> # ifconfig eth1
<qiyong> eth1      Link encap:Ethernet  HWaddr 00:18:8B:F8:A0:9D  
<qiyong>           inet addr:192.168.0.1  Bcast:192.168.0.15  Mask:255.255.255.240
<qiyong> shawarma, see, the first try doesn't get it right, the second does
<shawarma> Hm... I didn't even know you could use CIDR notation.
<shawarma> qiyong: Could you file a bug on launchpad about that?
<Pumpernickel> What'd the time delay between each of those commands?
<qiyong> shawarma, i was tryping to find the net-tools official site to report to htem
<qiyong> s/htem/them/
<qiyong> shawarma, cidr?
<Kamping_Kaiser> qiyong, using /28
<shawarma> qiyong: Yeah, ip_address/number_of_ones_in_the_netmask
<Kamping_Kaiser> ip/mask 
<qiyong> Kamping_Kaiser, what cidr stands for?
<coNP> Classless Inter-Domain Routing, I guess
<qiyong> i don't realise any relations between ip/mask and cidr coNP 
<Kamping_Kaiser> qiyong, the format 192.168.0.1/28 is called cidr
<coNP> qiyong: I did not see your original question just answered what CIDR stands for
<ivoks> hi
<shawarma> hi, ivoks.
<ivoks> i saw your post
<bkudria> is php5(-cgi) in feisty compiled with fastcgi support?
<ivoks> shawarma: mysql will be very hard to fix, since that's a design bug :)
<ivoks> libapache2-mod-fcgid - an alternative module compat with mod_fastcgi
<ivoks> meh... php5 :)
<ivoks> sorry
<bkudria> ivoks:right, that's the fcgid module.  is php4 (and 4) compiled with fastcgi support?
<bkudria> i assume php5-cgi is, but i wanted to check
<bkudria> i meant php5 and php4
<shawarma> ivoks: It's not necessarily that difficult. It should be a matter of checking if the connecting user is root (system root, not mysql root) and thus grant him full privileges.
<shawarma> ivoks: That will do away with cleartext passwords in config files and all the other questionable bits.
<ivoks> shawarma: yeah, but sometime you want to give root access to mysql to non-root user
<ivoks> shawarma: so fix whould check if password is empty and uid is 0
<ivoks> shawarma: basicly, if pass is empty, only uid=0 can be mysql root
<ivoks> otherwise, everybody can connect as root
<shawarma> ivoks: Sure we need to give (mysql) root access to non-root users. We just want to special case the system root user.
<ivoks> so, system root should access mysql without password, even if it is set?
<shawarma> ivoks: Yes.
<ivoks> ok, that's ok...
<ivoks> then, random password for mysql root by default?
<shawarma> ivoks: Actually, rather a disabled password.
<ivoks> even better
<shawarma> ivoks: Since a random password could potentially be "thepassword"
<ivoks> right
<shawarma> ivoks: Which is always my second guess :)
<shawarma> (the first one being "password")
<ivoks> but, if password is not set...
<ivoks> does that mean 'no password'?
<shawarma> Yes.
<ivoks> then we are back at start :)
<shawarma> I didn't say "no password".
<shawarma> I said "disabled password2.
<ivoks> right...
<shawarma> s/2/"/
<ivoks> my bad
<ivoks> that's fine
<ivoks> and result would be 'even better than by default'
<ivoks> cause i hate to remember all those password on single machine :)
<ivoks> with such setup, creating mysql root password would be pointless, except we want to give another user full permisions...
<ivoks> when we want..
<ivoks> shawarma: i like your idea :)
<bkudria> i want to run several apache2 vhosts with php4 and php5 using fcgid. i can't seem to find any tutorials that describe the ubuntu way of doing this.  can anyone help, or point me in the right direction?
<ivoks> bkudria: in /etc/apache2/sites-available create your vhosts file
<bkudria> ivoks: ok.
<ivoks> and create virtual hosts in it
<ivoks> you know how to do that?
<bkudria> yep :)
<ivoks> then, after you create them
<bkudria> a2ensite?
<ivoks> right
<ivoks> and... that's it
<bkudria> what about fcgid, and php5?
<ivoks> well, there is php5-cgi, but i don't know if it is compiled with fastcgi
<mralphabet> I don't think it is, I looked at the module list and it doesn't list fastcgi
<ivoks> well... this is README:
<ivoks>    PHP for any webservers.  Our recommendation is that, if you need
<ivoks>    to use a threaded webserver, you should use php5-cgi in either
<ivoks>    'normal' CGI mode, or in FastCGI mode.
<bkudria> nope, its compiled with fastcgi
<ivoks> this is README.Debian.gz, so I guess
<ivoks> right
<bkudria> php5-cgi -v shows (cgi-fcgi)
<ivoks> bkudria: it is
<ivoks> since 2005.
<bkudria> so,do i need to do anything other than installing it and a2enmodding it?
<ivoks> yes
<ivoks> write web pages :)
<bkudria> oh, ok, i'll try testing it.  
<bkudria> now, next question
<J_P> hi all
<bkudria> i need php4 and php5 both running under apache, php4 for one set of vhosts, and php5 for another.  how can i do this?  how would i switch between the two?
<ivoks> bkudria: it's possible
<J_P> people, I have a problem :  I install ubuntu-server with RAID1, but quando machine are rebooting show this : "Stopping MD array md0...                          [ fail ]  " Anyone could help me why this ?
<bkudria> ivoks: do you know how to do it?
<ivoks> i have example for mod_rewrite
<ivoks> oh, i don't :)
<mralphabet> J_P: you reboot your machine?
<mralphabet> J_P: ;)
<J_P> mralphabet: yes.
<ivoks> bkudria: load modules which you need in vhost you need
<bkudria> ivoks: ok, i'll try that, i guess
<bkudria> thanks
<ivoks> AddType application/x-httpd-php4 .php
<ivoks> something like that
<mralphabet> J_P: I have the same thing happen, it isn't something I worry about
<J_P> mralphabet: you have this message too ?
<ivoks> well, maybe you don't have md0?
<J_P> ivoks: yes, I have!
<J_P> Filesystem            Size  Used Avail Use% Mounted on
<J_P> /dev/md0              293G  562M  278G   1% /
<bkudria> ivoks: hmm, would it be possible to create two subdirs under sites-available, and have one be php4, and the other be php5?
<ivoks> bkudria: i don't see why not
<bkudria> ivoks: ok, i'll try playing with it.  thanks
<bkudria> ivoks: but then i'd have to wrap or rewrite a2ensite.  all it does is make the symlink, right?
<ivoks> a2ensite does links yes
<J_P> are there two mdadm on  init.d: mdadm-raid and mdadm. why two ?
<ivoks> but you were asking about design of file which a2ensite would link
<ivoks> bbl bye
<J_P> mralphabet: are here ?
<mralphabet> J_P: yes
<J_P> mralphabet: on 6.10 don't have this problem, only in 7.04, and for you ?
<mralphabet> 7.04 and yes
<J_P> mralphabet: I
<J_P> mralphabet: I'm curious, because this machine is for postgresql production....  
<J_P> dangerous.... maybe
<J_P> ?
<mralphabet> perhaps
<mralphabet> The machine I run it on is lower priority and takes less the 15 minutes to set back up if a drive fails
<mralphabet> so it wasn't something that I worried about, not saying that *you* shouldn't worry about it
<J_P> mralphabet: where/who we can know better  about this ? I try see /etc/init.d/mdadm and mdadm-raid scripts.. but not sucess to know why taht message (fail)....
<mralphabet> J_P: I don't know actually, I haven't found an mdadm expert to chat with about it
<J_P> mralphabet: this moment I think in debian (confiability/stability)... I yet have somes debian servers...
<mralphabet> J_P: I'm looking at one of the debian mailing lists with somebody mentioning the same problem
<J_P> mralphabet: with etch ?
<mralphabet> J_P: http://readlist.com/lists/lists.debian.org/debian-user/28/144659.html
<mralphabet> J_P: click on Next Msg on the right hand side to read through responses
<mralphabet> FYI - found that thread from http://www.google.com/search?q=Stopping+md+array+md0+fail
<J_P> mralphabet:  > Should I simply ignore the message?
<J_P> > "topping MD array md0... failed (busy)"  Yes, unless it is *causing* a real and noticeable problem. But so far from the discussion I've read, it isn't. So yes, ignore it.
<J_P> mralphabet: He told that problem is because is / fs...
<J_P> mralphabet: so if that raid is not on / fs. In /home for example.. maybe don't have this message (fail) right ?
<bkudria> can someone walk me through enableing php5 support with fcgid and apache2? i've already got all the packages installed, and a vhost setup.  how do i enabled php5?
<mralphabet> J_P: right
<mralphabet> bkudria: try #apache
<bkudria> mralphabet: they'll point me to #php, who'll point me to my distro's channel.  :)
<mralphabet> hahahaha
<mralphabet> well that's no help
<mralphabet> I just don't know how many apache experts there are  in here
<bkudria> grumble, grumble
<ivoks> what's the problem?
<bkudria> (I tried asking in #debian, too)
<bkudria> ivoks: you're back!
<bkudria> ivoks: php doesn't work
<ivoks> well, you can't expect everything would get solved pro bono :)
<bkudria> ivoks: well,you said it would "just work"
<ivoks> well, php really just works
<bkudria> except when on exotic setups like mine
<ivoks> you want php for apache, right?
<bkudria> right
<bkudria> but running under fcgid
<ivoks> does it realy have to be php5-cgi?
<bkudria> or php4-cgi
<bkudria> the problemis, we have some clients that need php4, and some that need php5, and we need to be able to support both
<ivoks> and it realy have to cgi?
<ivoks> or we are talking about normal php web pages
<bkudria> unless you know another method to run both php4 and php5?
<bkudria> because mod_php4 and mod_php5 cannot coexist
<bkudria> so, yes, cgi
<bkudria> is that a problem?
<mralphabet> can't you run seperate httpd.conf's?
<bkudria> mralphabet: then i'd have run seperate apaches, and i don't want to do that
<bkudria> plus, fcgid is a more elegant method
<ivoks> hm, why are they in conflict? :/
<mralphabet> elegant and "working right now" are two different things, I agree, but "working right now" solves your problem while you work on elegant
<bkudria> ivoks: so, any clue?
<bkudria> mralphabet: well, i have a nother server running freebsd and php4 "working right now" :)
<mralphabet> fair enough
<bkudria> ivoks: no clue.  they use the same c++ symbol or somethign
<bkudria> ivoks: they don't work together
<ivoks> bkudria: you get ubuntu with working php5 'right now' just by installing libapache2-mod-php5
<ivoks> bkudria: so your argument with freebsd is not fair
<ivoks> or correct
<bkudria> ivoks: ok, fine.
<ivoks> but...
<bkudria> ivoks: is that to say running php5 under fcgid with ubuntu is impossible?
<ivoks> did you try installing php4-cgi and apache2 php5 module?
<bkudria> i'd rather run both under cgi, not just one
<bkudria> to simplify configuration
<ivoks> bkudria: again, you are trying to have php4 and php5 in the same time
<bkudria> ivoks: correct
<ivoks> is that working on freebsd?
<bkudria> ivoks: no, on freebsd, we just run mod_php4.  anyway, we are transitioning from freebsd, because i like debian/ubuntu better
<bkudria> :)
<ivoks> hm...
<ivoks> http://www.howtoforge.com/apache2_with_php5_and_php4
<ivoks> that's, as i said, php4-cgi and php5 module :/
<bkudria> huh. i'll take a look at that
<bkudria> except i'll run both as cgi
<bkudria> to simplify configuration
<ivoks> ok, then install both php5-cgi and php4-cgi
<bkudria> well, first i'll get php5 working
<bkudria> then i'll focus on php4
<ivoks> you need:
<ivoks> AddHandler php-script .php
<bkudria> and then Action php-script /cgi-bin/php5 ?
<bkudria> except i'll do php5-script
<bkudria> and php4-script
<bkudria> and change them per vhost
<bkudria> ok, i'll try that, thanks
<bkudria> hmm, "Invalid command 'Action', perhaps misspelled or defined by a module not included in the server configuration" .
<bkudria> any idea?
<ivoks> http://www.howtoforge.com/apache2_suphp_php4_php5_p3
<ivoks> there, both cgi
<ivoks> + bonus - suexec
<ivoks> err... suphp
<bkudria> aah, actions module wasn't loaded
* mralphabet thinks ivoks googlefu is strong
<bkudria> ivoks: nice, thanks
<ivoks> lol
<bkudria> mralphabet: i searched that site too,you know!
<bkudria> indeed, the googlefu.
<ivoks> google is grep of 21st century
<bkudria> ivoks: yep, it works. thanks a lot
<bkudria> ivoks: i need to do something else before i continue with php4, but i'll comeback and bother you if i run into any trouble, ok?
<ivoks> :)
<ivoks> php4 isn't supported anymore
<bkudria> hmm, does ubuntu include php4?  at all?
<malakhi> bkudria: Pretty sure it was removed for feisty
<bkudria> hmm, i need it.
<bkudria> where would be the best place to get it?
<shawarma> bkudria: What do you need it for? I'm just curious..
<bkudria> shawarma: we have some client that require php4for some apps
<bkudria> shawarma: for example,oscommerce doesn't work with php5
<shawarma> bkudria: Yes, it does.
<shawarma> :)
<bkudria> not last time i checked...
<bkudria> anyway, i'dlike to have the option of php4
<bkudria> or, the versionwe are running doesn't
<bkudria> and i'd like to do one upgrade at a time
<bkudria> so, the current requirement is that we need to have php4
<bkudria> how can i get, say, php4 packages from edgy?
<bkudria> can i just include the repository?
<malakhi> bkudria: I don't know if installing the php4 packages from edgy would work or not. If you go that route, I'd try it on a test server first.
<malakhi> Why not just used edgy or dapper?
<bkudria> malakhi: this *is* a test server
<bkudria> malakhi: because i already have feisty,and i don't want to reinstall
<malakhi> ok. You can give it a shot. No idea if it will work or not.
<bkudria> hmm.  if it doesn't work, i guess i'll have to downgrade
<bkudria> eww
<bkudria> can i just add the edgy repo?
<malakhi> bkudria: You can try it. I don't see why it wouldn't work ok.
<malakhi> bkudria: Just be mindful of any depends it might bring with it. (wouldn't want to break current packages)
<bkudria> right, i'll watch for that
<bkudria> malakhi: although it would be strange if php4 depended on something, but restricted it to "version x.y.z or lower"
<malakhi> bkudria: Not so strange as you might think. I run into funny depends like that all the time on my Debian Sid box, but expect it there.
<bkudria> ok, i'll watch for it
<bkudria> thanks
<malakhi> np
<bkudria> yay,it works!
<bkudria> thanks a lot!
<bkudria> ok, i am going out to lunch
<malakhi> enjoy
<bkudria> mm, i did
<bkudria> chicken tacos :)
<Panzer_> would setting up server to get time from ntp server be hard?
<mralphabet> Panzer_: no
<Panzer_> ok cool
<bkudria> :)
<Panzer_> still new to linux.  and decided to start at command line.  so got a install of dapper on a server
<Panzer_> well of course dapper server.
<bkudria> i just installed mysql-server anf phpmyadmin. how do i login?
<bkudria> to phpmyadmin, i mean
<shawarma> What have you tried yet?
<bkudria> i haven't tried anything :)
<bkudria> hmm, i see also now scripts/setup.php
<bkudria> going there shows this warning: 
<bkudria> Please create web server writable folder config in phpMyAdmin toplevel directory as described in documentation. Otherwise you will be only able to download or display it. 
<bkudria> and /var/www/phpmyadmin/config/config.inc.phpis a symlink to /var/lib/phpmyadmin/config.inc.php
<bkudria> which nis owned by www-data
<bkudria> so it should be able to work, no?
<bkudria> there is a blowfish cookie in that file, what is the default password?
<bkudria> or, how should i be making it work?
<shawarma> You're much more likely to get good help here if you actually try first and the ask when you run into trouble.
<shawarma> phpmyadmin has no password of its own.
<shawarma> Your authenticating against mysql.
<bkudria> oh, ok
<bkudria> how do i set the mysql password?
<bkudria> or, do i need to create a user?
<shawarma> You can probably just log in as root without a password.
<shawarma> I've got to go now.
<shawarma> Cheers.
<bkudria> ok
<bkudria> root without a password doesn't work!
<bkudria> shawarma: wait,don't go!
<bkudria> help!
<bkudria> aah, i got it, nm
#ubuntu-server 2007-06-12
<chila> hello
<chila> i need some help
<chila> with ispconfig
<chila> can someone help me
<chila_> can anyone help with configuring ispconfig
<chila_> am I doing this right
<chila_> or is no one really talking
<chila> hello again
<chila> hello
<chila> i need help still
<heno> Hi. would bug 19889 and bug 65047 typically be the domain of the server team?
<heno> (ah, no ubugtu here)
<heno> https://bugs.launchpad.net/ubuntu/+source/sysklogd/+bug/19889 https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/65047
<heno> shawarma: ^ ?
* shawarma looks
<shawarma> snmp and sysklogd smells like server stuff, so I'd say yes.
<shawarma> heno: ^^
<heno> shawarma: ok, thanks. These are high impact bugs that we should consider SRUsfor, so if anyone on the team has a chance to poke at them, that'd be great
<heno> (it will also make elmo very happy :) )
<shawarma> heno: ia64 is not even an officially supported platform? Do we do SRU's for those then?
<shawarma> I don't mind doing it, I'm just wondering.
<heno> shawarma: if they are ia64-specific, then no, but are they?
<shawarma> heno: The first two comments suggest so, as does the bug we link to in Debian. I'm looking at it right now.
<heno> thanks
<shawarma> heno: Yeah, the original reports talks about snmpd (the daemon) while the last comment (on an intel core duo) looks like an entirely different issue. 
<shawarma> heno: I'll put it on my todo list (near the top).
<mralphabet> somebody mentions reproducable on i386
<heno> shawarma: great thanks! I'll find out what our policy on ia64 is
<shawarma> mralphabet: No. a) He's talking about the client crashing, b) he's not on Dapper.
<shawarma> mralphabet: ...if we are speaking of the same person, of course.
<shawarma> mralphabet: this guy? https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/65047/comments/2
<mralphabet> sorry, I was looking at the sysklogd one
<shawarma> mralphabet: Oh, ok. I haven't checked that one yet.
<mralphabet> didn't mean to get signals crossed there ;)
<shawarma> mralphabet: Oh, don't feel bad for piching in. It's quite alright.
<bkudria> hello. i'm on feisty, and i'm trying to get phpmyadmin to work with mysql-server
<bkudria> i've changed the mysql password for the 'root' user
<arthur_kalm> Hi everyone, this is driving me a little crazy... our servers cannot maintain accurate time. Every time I check up on them they are a minute or two behind. Now what I really don't understand is, I already set up ntpd. I know that the server in the configuration file works because I had manually set the time to it. So is there a way to increase the number of times ntpd updates time with the server? 
<bkudria> but phpmyadmin bounces me back to the login page, without an error.  what is wrong?
<arthur_kalm> bkudria: have you checked phpmyadmin's logs to see what the actual error is?
<bkudria> arthur_kalm: checking logs?  pshaw, no! :)
* bkudria proceeds to check the logs furtivly
<bkudria> err, does phpmyadmin *have* logs?
<bkudria> hmm, login works with firefox, not with konqueror - doesn't sound like a server-side issue
<bkudria> grrr, and now firefox logged me out and is doing the same thing.  what is going on?
<bkudria> aah, got it
<bkudria> http://www.cwassall.co.uk/pages/linux/ubuntu.html#resolving-phpmyadmin-login-issues
<bkudria> uses cookies by default, and this breaks things
<bkudria> *I* shall file a bug!
<bkudria> for anyone else who is confused, if you are trying to get phpmyadmin cookie auth (the default) to work on an amd64 system, you need to install php5-mcrypt.  i think it works fine on an x86 system
<shawarma> bkudria: Why would you think that?
<bkudria> shawarma: https://bugs.launchpad.net/ubuntu/+source/phpmyadmin/+bug/114044
<bkudria> this problem fixed in gutsy
<bkudria> although there is a different mcrypt bug in gutsy which makes things worse, for now
<bkudria> but in feisty, installing php5-mcrypt miraculously fixes it instantly
<shawarma> Interesting.
<bkudria> maddening
<lionel> this bug would be a good candidate for SRU
<bkudria> what is sru?
<lionel> Stable Release Update
<lionel> pushing the fix in Feisty
<bkudria> aah.  yep, seems like it
<bkudria> since it is only adding a package to Depends:
<lionel> really small change, but it would save people time :)
* lionel is adding this on his TODO
<bkudria> phpmyadmin is a popular package
<lionel> I know
<shawarma> I actually thought it was in main.. 
<lionel> he no :)
#ubuntu-server 2007-06-13
<chila> can anyone help me
<dguitar4> with?
<chila> ubuntu server setup
<chila> and and setting up ftp with proftpd
<dguitar4> Are you having problems? or are you looking for a guide of some sort?
<chila> I have ubuntu server installed and configured with apache2, proftpd, php5, mysql, ispconfig
<chila> well a little of both
<chila> well one, I cant connect to my computer form an outside ip
<dguitar4> http://www.howtoforge.com/perfect_setup_ubuntu_6.06
<chila> i did all that
<dguitar4> o
<dguitar4> any specific problem?
<chila> yeah I cant connect to ispconfig from an outside ip
<chila> I have a dyndns though
<chila> using ddclient
<dguitar4> hmmm don't have a lot of experiance with dyndns
<chila> well how about proftpd
<dguitar4> not really :\
<chila> how about ispconfig?
<dguitar4> lol nope
<chila> lol
<chila> hmmm
<dguitar4> well i might be able to help alittle
<mralphabet> chila: what is the IP address of the linux box?
<dguitar4> You do have apache running?
<chila> yeah
<dguitar4> Can you get to apache from outside?
<chila> I dont think so
<dguitar4> Do you have port forwarding setup?
<chila> I believe so
* mralphabet doesn't believe you
<dguitar4> You setting this up at home?
<chila> yes
<dguitar4> Most likely port 80 won't be able to be forwarded (fyi)
<chila> yeah I might not have ip forwarding setup
<chila> what about port 81
<chila> im trying to get there from the outside
<dguitar4> port 81 should be fine
<chila> I can connect there from my desktop in my home network
<chila> but not from the outside
<dguitar4> Well how are you trying to connect?
<chila> firefox
<chila> using my dns from dyndns
<foo> chila: Please don't private message people in here for help. Please just ask and wait in here in the future. 
<dguitar4> Ah, well can you connect via your IP
<chila> ok
<chila> I tryed yesterday and assumed I was doing something wrong
<chila> no
<chila> not my dyndns one
<chila> but the network one I can
<dguitar4> Do you know what your public IP address is?
<dguitar4> http://whatismyip.com
<dguitar4> will tell you
<chila> 76.99.47.39
<dguitar4> so http://76.99.47.39:81 would go to your site, if you have port forwading setup correctly
<chila> yes
<chila> but it doesn't
<dguitar4> then you don't have Port forwarding setup correctly ;)
<chila> how do I set up port forwarding
<dguitar4> It would be a setting in your router @ home
<chila> i see
<dguitar4> You'll have to chose a port, then choose what internal IP address it is forwarding to
<chila_> hey it works now
<chila_> thank you dguitar
<dguitar4> :)
<dguitar4> np
<levander> If I want to add a virtual host to my already running apache config, is all I have to do is put the VirtualHost directive (which I've been supplied with) in /etc/apache2/sites-enabled?
<coNP> levander: true
<levander> coNP: so, why when I pull up the URL, does my browser say: "Firefox can't establish a connection to the server at louis:8888." without any messages about it at all in /var/log/error.log or /var/log/access.log?
<levander> !paste
<coNP> louis is your machine and 8888 is the port?
<levander> yes. here's the VirtualHost directive I was supplied with by this wiki software: http://pastebin.ca/563677
<levander> just pulling up louis does pull up a directory listing off /var/www on that machine
<levander> and, i have restarted apache2
<levander> /etc/init.d/apache2 restart
<levander> i put that virtualhost directive in a file called wiki2go in /etc/apache2/sites-available, then put a link to it in sites-enabled
<coNP> does you apache listen on port 8888?
<coNP> /etc/apache2/ports.conf should contain "Listen 8888"
<levander> coNP: no, http://louis/ goes to the index of /var/www
<levander> coNP: that may be it
<levander> lemme look
<levander> Well, now http://louis:8888/ just goes to the directory listing of /var/wwww
<levander> /var/www
<coNP> is somewhere a "NameVirtualHost *:8888"?
<levander> i don't see a NameVirtualHost, but I see a "VirtualHost *:8888" in that file i pasted
<coNP> try to prepend a  "NameVirtualHost *:8888" line to that file
<levander> coNP: I just did that, no dice
<coNP> with apache2 restart, I guess
<levander> yeah, i did
<levander> i gotta give up for the night
<levander> thanks for trying to help coNP 
<fabio__|> hello, can you suggest me a very configurable FTP server for Ubuntu? 
<fabio__|> i don't like very much vsftpd...
<CrummyGummy> Hi all, I upgraded to Fiesty and now my mysql replication is broken. Were there any major changes in that space? The error is 
<CrummyGummy> Failed to open the relay log './lloyd-relay-bin.000001' (relay_log_pos 0)
<CrummyGummy>  Could not find target log during relay log initialization
<CrummyGummy> course I have since changed the relay log by  hand in the relay-log.info file but the same problem was there with the original relay log.
<shawarma> Do you have a lloyd-relay-bin.000001 somewhere?
<shawarma> Or something that smells like it?
<CrummyGummy> shawarma, Yes I do.
<shawarma> That very file? Where?
<CrummyGummy> hmmm, maybe a slave reset would work.
<CrummyGummy> /var/lib/mysql/lloyd-relay-bin.000001
<shawarma> CrummyGummy: Try "mysqladmin variables" (passing it proper authentication if needed) and see what your datadir is set to.
<CrummyGummy> the file is specified in relay-log.info as ./lloyd-relay-bin.000001
<CrummyGummy> from mysql... var... 
<CrummyGummy> datadir                         | /var/lib/mysql/
<shawarma> CrummyGummy: The "./" bit should be ok, I think.
<shawarma> CrummyGummy: As I believe it's relative to datadir.
<CrummyGummy> Yeah, it works on the master server. The repl is circular.
<shawarma> Ok.
<shawarma> I really have no idea. You log files don't say anything clever?
<CrummyGummy> its very wierd... I'm gonna reset the slave and see if it fixes it.
<shawarma> Well..
<CrummyGummy> sorry, didn't see you rlast comment. No nothing else in the logs. Lemme have another look...
<shawarma> you could always do a "mysqlbinlog lloyd-relay-bin.00001" and pipe it into mysql to make sure you don't lose whatever's in the log.
<CrummyGummy> Thanks, I did that. No nothing else in the logs :(
<CrummyGummy> Cool, reset fixed it :) wierd....
<sommerts> hey everybody. i have a question about postfix. anybody who can help?
<sommerts> anybody, postfix savvy?
<Kamping_Kaiser> sommerts, ask your question, if someone knows about postfix they will answer, if not , you may be out of luck
<Kamping_Kaiser> sommerts, and dont be afraid to wait
<sommerts> alright. I'm receiving mail on mail@mydomain with the standard postix setup. so only local accounts should receive mail. mail altough is not a local unix account. how comes? RFC?
<shawarma> sommerts: Well, just because you're running a standard setup that does local delivery, that doesn't stop the rest of the world from sending e-mail to mail@yourdomain? Or am I not unerstadning your question?
<sommerts> yeah right, but the message should be rejected as if i would send something to xy@mydomain. mail@mydomain gets delivered to /var/spool however.
<shawarma> sommerts: /var/spool/mail/mail ?
<sommerts> exactly
<sommerts> could it be that mail is similar to abuse and postmaster?
<shawarma> No, it seems not.
<sommerts> hmm, what else could it be? any idea where to start looking?
<CrummyGummy> shawarma, Hi, can I bend your ear again?
<shawarma> CrummyGummy: Sure.
<shawarma> sommerts: I'm looking into it. Gimme a sec.
<CrummyGummy> I'm now upgrading the next server and mysql is insisting on putting the relay-bin file in /var/run.
<CrummyGummy> The datadir is /var/lib/mysql.
<CrummyGummy> This is wierd.
<sommerts> tks
<shawarma> CrummyGummy: That's... odd.
<CrummyGummy> Thats what I though...
<shawarma> CrummyGummy: Directly in var/run or in /var/run/mysql ?
<CrummyGummy> /var/run/mysqld
<shawarma> CrummyGummy: Feisty, you say?
<CrummyGummy> yup
<ivoks> what's the problem?
<shawarma> ivoks: Mysql server putting relay-bin file in /var/run/mysqld
* CrummyGummy nods
<ivoks> um?
<ivoks> i can't see it
<ivoks> doh, i upgraded to gutsy this morning :/
<shawarma> ivoks: No, it's just CrummyGummy.
<CrummyGummy>  I've run a "reset slave", "change master", edited the relay-log.info to the right file (.//mysqld-relay-bin.000001 pos0) and run 'start slave' and within a second the error above shows and its relay-log.info is back to /var/run/mysqld/mysqld-relay-bin.000002 pos 235
<CrummyGummy> I've grepped all the config files and only pid_file and socket point at that dir.
<ivoks> no idea
<shawarma> ivoks: Well, CrummyGummy and https://bugs.launchpad.net/ubuntu/+source/mysql-dfsg-5.0/+bug/119271.
<CrummyGummy> shawarma, hmmm, so one other person has the same problem and the maintainer doesn't see it. wierd...
<CrummyGummy> and it only happened on one of my servers.
<ivoks> others are ok?
<ivoks> hm..
<CrummyGummy> yup. and the config is almost identical except for slave stuff.
<ivoks> CrummyGummy: no one confirmed his problem and he didn't reply to question, so... you can't say maintainers didn't see it
<shawarma> CrummyGummy: Um, I'm the maintainer. :)
<CrummyGummy> ivoks, Not didn't see it. Doesn't see it (the problem)
<shawarma> CrummyGummy: So I've seen it, and asked for further info .:)
<CrummyGummy> yup
<ivoks> ok, i've setup replication, but... nothing in /var/run/mysqld/
<CrummyGummy> so its still just me and some random dude...
<ivoks> maybe i did something wrong :)
<ivoks> in /etc/mysql/conf.d/ i added new file with content
<ivoks> log-bin = /var/log/mysql/mysql-bin-test.log
<ivoks> binlog-do-db and server-id
<shawarma> Yes, sure that would work around it. Default should not be to put anything in /var/run that is as important as those logs.
<shawarma> sommerts: Noone in #postfix seems to able/willing to answer. It appears to be behaviour by design on local(8)'s part that it delivers it. It likely means that it should be filtered elsewhere.
<shawarma> sommerts: Like in /etc/aliases or something.
<sommerts> i'll look into it deeper later on the day. thanks anyway. appreciated.
<shawarma> sommerts: If you could file it as a bug, that'd be great.
<ivoks> postfix bug? :)
<sommerts> if it is one. i'll do that.
<ivoks> oh, there it is...
<ivoks> in /var/run/mysqld
<shawarma> Yes?
<shawarma> ivoks: Really? It's reproducable?
<CrummyGummy> ?
<ivoks> yes
<ivoks> mysqld.pid  mysqld-relay-bin.000002  mysqld-relay-bin.index  mysqld.sock
<ivoks> yup...
<ivoks> easy to reproduce:
<ivoks> CHANGE MASTER TO MASTER_HOST='192.168.0.101', MASTER_USER='slave_user', MASTER_PASSWORD='pass', MASTER_LOG_FILE='log.001', MASTER_LOG_POS=183;
<shawarma> Man, I need more hardware, so I can test these things.
<ivoks> :)
<shawarma> -ENOTENOUGHHARDWARE
<ivoks> kvm? :)
<shawarma> Here's a complete list of my hardware:
<ivoks> none :)
<shawarma> 1) IBM Thinkpad X40
<shawarma> EOL
<shawarma> It sucks to be me.
<ivoks> don't worry
<ivoks> i have toshiba satellite pro U200
<ivoks> :)
<shawarma> When I grow up, I want decent hardware.
<ivoks> anyway, bbl
<shawarma> Well, my thinkpad is decent, but insufficient for my current needs, unfortunately.
<shawarma> ivoks: See you.
<shawarma> CrummyGummy: Could you make a not in that bug report that it's happening to you, too?
<shawarma> note*
<CrummyGummy> I got dropped, did I miss anything?
<mralphabet> 08:52 < shawarma> CrummyGummy: Could you make a not in that bug report that it's happening to you, too?
<mralphabet> 08:52 < shawarma> note*
<CrummyGummy> K, I'm setting up an account.
<shawarma> CrummyGummy: Excellent. Thank you!
<CrummyGummy> done
<shawarma> CrummyGummy: Thanks. I won't have time to work more on it today (or tomorrow, probably), but I'll definitely take a look at it soon.
<CrummyGummy> I'm going to have to spend time on it before then. I need to reboot at least one of my servers tomorrow and this could turn out to be a big problem.
<CrummyGummy> http://bugs.mysql.com/bug.php?id=28850
<CrummyGummy> Reported on the second of June.
<shawarma> CrummyGummy: Ah, great. Thanks for digging that up! Could you put a linkt to that in the bug report?
<CrummyGummy> done
<CrummyGummy> I've added
<CrummyGummy> relay_log       =       /var/lib/mysql/mysqld-relay
<CrummyGummy> to my my.cnf and it seems to be working as expected.
<sommerts> do you guys have a unix account named 'mail' in /etc/shadow? and is it unlocked?
<mralphabet> sommerts: mail:*:13629:0:99999:7:::
<sommerts> same here. tks
<ivoks> CrummyGummy: great
<ivoks> CrummyGummy: just, don't add stuff to my.cnf
<ivoks> CrummyGummy: add it in files in /etc/mysql/conf.d/
<ivoks> CrummyGummy: it makes upgrade of packages easier, *a lot*
#ubuntu-server 2007-06-14
<Nephelauxetic> Does anyone here know how to setup Ubuntu 7.04 as an LDAP client?
<lionel> Nephelauxetic: you have a doc on help.ubuntu.com/community
<lionel> let me find the precise URL
<lionel> Nephelauxetic: https://help.ubuntu.com/community/LDAPClientAuthentication
<lionel> if you have any question, just ask :)
<lionel> but that's a good base
<Nephelauxetic> this I all had
<Nephelauxetic> and chown to a LDAP user worked
<Nephelauxetic> I was also able to log in
<Nephelauxetic> but I always had to type twice the password of local users
<lionel> Oh...
<lionel> do you have the use_first_pass parameter in PAM ?
<Nephelauxetic> hmmm
<Nephelauxetic> nope...
<Nephelauxetic> I'll go through this tutorial again
<Nephelauxetic> but can you tell me how I get automount working?
<Nephelauxetic> actually this was the worse problem
<lionel> Nephelauxetic: did you look at https://help.ubuntu.com/community/AutofsLDAP
<lionel> I wrote it one year ago :)
<Nephelauxetic> Yes I did indeed
<Nephelauxetic> the problem is
<Nephelauxetic> that the server is a Solaris one which somehow uses auto_master instead of auto.master
<Nephelauxetic> And that I have no clue of all this ...
<lionel> Nephelauxetic: not sure to understand you well. You can put whatever you want on the LDAP server? So you can follow the doc no? If it does not work on Solaris, it's a Solaris question, and that's not the best place for help:)
<Nephelauxetic> No the problem is that I can't put things on the LDAP server
<Nephelauxetic> I'd like to use the information which is already there
<lionel> oh, the same information that is used for automount on Solaris?
<Nephelauxetic> that's the puzzling thing... the solaris clients are using some automountInformation ... but Ubuntu does somehow not understand that
<lionel> Nephelauxetic: could you paste somewhere (http://paste.ubuntu-nl.org for example) what your automountInformation contains?
<Nephelauxetic> sure give me a second
<Nephelauxetic> http://paste.ubuntu-nl.org/25533/
<Nephelauxetic> I think I know understand how it works...
<Nephelauxetic> it actually should not matter whether I use auto.master or auto_master etc. as long as it is consistent in the LDAP DB?
<Nephelauxetic> It all depends on whether the Ubuntu client does the query via the object type or the ou
<KennyTheGeek> Hmm... i got a problem here... my situation: i got 2 routers in my house, both filled with devices in thier internal switches. one of them is owned by our isp, and is locked in a setting that blocks most traffic. i want to make my server replace that router, and take the role as dhcp and dns server.
<KennyTheGeek> the server is running ubuntu desktop feisty fawn... i was too lazy to download Ubuntu Server
<shawarma> KennyTheGeek: Desktop and Server are actually essentially the same thing.
<shawarma> KennyTheGeek: The difference is the selection of packages that are installed by default.
<KennyTheGeek> okay... never tried the server one, thought that there was more of a difference that the missing gui
<shawarma> KennyTheGeek: (and the selection of packages that we put on the cd)
<KennyTheGeek> okay then
<shawarma> KennyTheGeek: So in this case, it doesn't matter at all that you're running the desktop version.
<KennyTheGeek> k then
<KennyTheGeek> but when i installed the dhcp server, and followed the guide on ubuntuguide.com, it failed to start (right now it got its ip from the stupid router)
<KennyTheGeek> it just says * Starting dchp server [FAIL] 
<shawarma> Oh, you did that already?
<KennyTheGeek> eyah
<KennyTheGeek> *yeah
<shawarma> Put you dhcpd.conf on pastebin then.
<KennyTheGeek> pastebin gives errors aswell :S
<shawarma> Use another. :)
<KennyTheGeek> Query failure: Can't open file: 'recent.MYI'. (errno: 145)
<KennyTheGeek> lock tables recent write
<shawarma> http://rafb.net/paste/
<KennyTheGeek> that was the one i was about to use :P
<shawarma> http://paste.ubuntu-nl.org/
<KennyTheGeek> http://rafb.net/p/Yy3TYH35.html
<shawarma> looks sane.
<shawarma> Is there a /etc/defaults/dhcpd ?
<KennyTheGeek> i would rather use the ip 10.60.61.0 and 255.0.0.0 as netmask
<KennyTheGeek> yeah
<shawarma> Show me.
<KennyTheGeek> moment
<KennyTheGeek> http://rafb.net/p/e4VydN78.html
<shawarma> You have two NIC's in it?
<KennyTheGeek> no
<KennyTheGeek> only eth0
<shawarma> which is connected to... what?
<KennyTheGeek> i got other NIC's laying around, but is that neccesary?
<KennyTheGeek> eth0 is connected to port 1 on the stupid router. the stupid router is connected to the ADSL modem, the better router is connected to the stupid router
<KennyTheGeek> hmm...
<shawarma> If you want your machine to act like a router, it sort of needs two interfaces. "sort of" because it's doable without, but it's a hassle.
<KennyTheGeek> okay... so i should add another, and add it to interfaces in default/dchp3-server?
<KennyTheGeek> then eth0 => adsl, eth1 => switch?
<KennyTheGeek> but eth0 => switch => adsl & wireless router & devices is still possible? cause im kinda out of cables :P
<KennyTheGeek> is your "project" gonna take more that a week/month (you prolly don't know, but it's worth a try to ask :P ) cause i'll possible just wait for that to get done then :P
<citybird> hi, anyone here know how to get vmware server to connect to a remote host running under ubuntu?
<KennyTheGeek> to load the vmware image, or to what?
<mralphabet> KennyTheGeek: the recommended solution is to use two ethernet card
<mralphabet> s
<mralphabet> using a single card *CAN* work, but as shawarma said, it is a pain in the ass
<mralphabet> so dig up another ethernet card / cable and do it the right way
<KennyTheGeek> yeah, i could guess that, but then i need to find long enough cables >_>
<mralphabet> KennyTheGeek: move the server
<citybird> vmware server console keeps giving me bad username password when i try to connect to a remote host. I checked on the remote host and it is listening on port 902 for any vmware connections.
<KennyTheGeek> that standing on the floor, as close to the router as possible, and the router is hanging in a wire, so they can't get closer
<mralphabet> citybird: what user are you trying to use?
<citybird> a user on the remote machine.
<mralphabet> citybird: root?
<citybird> mralphabet: should i try to give root a password? it is still without one.
<mralphabet> citybird: some other user?
<citybird> mralphabet: right. it's not the root user but another.
<mralphabet> citybird: I am going to bet that the user doesn't have permissions
<mralphabet> KennyTheGeek: sounds like you need a better managed wire closet ;)
<citybird> mralphabet: how do i add another qualified user? under /etc/inet.conf it says "902 stream tcp nowait root /usr/sbin/vmware-authd vmware-authd"
<KennyTheGeek> you don't know how much crap/treasures we got in hour basement, so it's hard to handle wires, and make room for anything down there >_>
<citybird> mralphabet: it's the only user on the remote host. how do i give him permissions?
<KennyTheGeek> citybird: you use root? i beleive that isn't a very good security practise..
<mralphabet> KennyTheGeek: no, he's *not* using root
<citybird> KennyTheGeek: no. 
<KennyTheGeek> how can it then be the only user? >_>
<KennyTheGeek> root is a user too
<citybird> KennyTheGeek: ok stop with the symantecs. the only user on the box with a password is the one that i am trying to connect with.
<KennyTheGeek> ok...
<citybird> i think i have to add my username to a list somewhere but i dont know where.
<mralphabet> citybird: you may need to add the user to the root group
<citybird> mralphabet: checking
<mralphabet> IE edit /etc/passwd and put them in group 0
<mralphabet> it is not something I have done before
<citybird> hey
* KennyTheGeek is outta here, gotta prepare for exam...
<citybird> mralphabet: hey. if i change the group that is allowed would that work too?
<mralphabet> citybird: possibly
<citybird> ok, under ubuntu there is a group in the /etc/group file called adm  if I change the line un /etc/inet.conf from root to adm what would i have to restart to get those permissions to update.
<mralphabet> citybird: you are at the limits of my experience, you may have more luck getting answers about vmware in #vmware
<citybird> argh, no i just looked at the syntax of the /etc/inetd.conf file. the root there is a username not a group name.
* mralphabet would just add the user to the root group, but that's just me
<citybird> ok where exactly? root:x:0:0:root:/root:/bin/bash
<citybird> mralphabet: or would that file be /etc/group
<mralphabet> in /etc/group I believe you can do root:x:0:someuser
<citybird> did that. trying to log in now.
<citybird> mralphabet: still not working. im gona restart the host and hope the settings took
<citybir1> found the problem. it's a bug
<mralphabet> bug with vmware?
* Starting logfile irclogs/ubuntu-server.log
#ubuntu-server 2007-06-15
<foo> Anyone have a lot of experience with amanda and bacula? Looking for someone to interview for an article. Thanks
<Burgundavia> ?
<Burgundavia> ugh, wrong windeow
<maeth> hi, i got ubuntu server on my server machine, and now i want to install the graphic interface... how can i do that?
<leonel> sudo apt-get ubuntu-desktop
<reya276> can anyone help me with a server issue
<leonel> or kubuntu-desktop
<leonel> maeth: 
<leonel> reya276: and the issue is ?
<malakhi> Ask your question reya276.
<reya276> I just finish installing the gnome,gdm but it wont start
<reya276> I get an error stating "Failed to start X Server(your graphical interface). It is likely that it is not set up correctly
<reya276> how can I fix this issue
<malakhi> Did you configure X?
<reya276> no how do you do that, one thing you should know, I'm not a linux guy, hence why I'm trying to install the gui
<leonel> reya276: sudo dpkg-reconfigure xserver-xorg
<malakhi> reya276: just answer the questions it asks you after entering that command.
<malakhi> reya276: Incidentally, you might have been better served to install the desktop version, then turn it into a server by installing whichever daemons you want.
<reya276> yeah I figured that but since I already installed it I might as well learn all this
<reya276> how can I start it
<malakhi> reya276: sure thing :)
<malakhi> sudo /etc/init.d/gdm start
<reya276> will it start automaticlly every time I reboot it or do I have to use this command line
<malakhi> Should start every time from now on.
<reya276> hum.. weird is not starting
<malakhi> Does it give an error?
<reya276> how can I reboot the server
<reya276> nope no error just stays at $
<malakhi> sudo shutdown -r now
<maeth> how can i connect my X server to a remote PC via ssh??
<malakhi> maeth: there are a lot of howtos out there. Found this one after a little googling: http://www.cag.lcs.mit.edu/~wentzlaf/faq/ssh_X.html
<reya276> I got the same error
<reya276> failed to start X server] 
<malakhi> reya276: type tail /var/log/Xorg.0.log | grep EE
<malakhi> reya276: Let me know what it says
<reya276> ok
<reya276> oh man the server rebooted and now the screen says out of range
<malakhi> Press <Ctrl>+<Alt>+<F1>
<malakhi> You should be back at the console login screen
<reya276> ok that did it
<malakhi> Sounds like you misconfigured X. Gave it some numbers it didn't like, or something.
<reya276> ok how can I fix this
<malakhi> Was there any output from the command I gave you?
<reya276> no it went back to ~$
<reya276> tail /var/log/Xorg.0.log | grep EE
<reya276> gave nothing in return
<malakhi> ok. Try cat /var/log/Xorg.0.log | grep EE
* malakhi should have said that to begin with.
<reya276> oh it says "(EE) xf86OpenSerial: Cannot Open device /dev/input/wacom
<malakhi> That's not important
<malakhi> Anything else?
<reya276> that is all that it said
<malakhi> hmm
<malakhi> When you did the dpkg-reconfigure, were there any answers you gave that you weren't sure about?
<reya276> yes
<malakhi> Any way you can find out the answers for sure?
<reya276> well the first question about the graphics device, right there is an "I do not know" so I chose vesa
<malakhi> ah
<reya276> it's an intel board
<reya276> with an onboard graphics card
<malakhi> It's probably i810 then.
<malakhi> You wouldn't be horribly opposed to installing -desktop, would you?
<malakhi> I'm just about to the limit of my X troubleshooting knowledge.
<reya276> well is not my choice, my boss wants to be able to use it
<malakhi> Ah. You might try asking in #ubuntu. They're the desktop experts.
<reya276> so he won't be able to use command line, yeah I tried there and they sent me here
<malakhi> One thing to remember about the #ubuntu channel. If you don't ask a direct question about your problem, they'll just ignore you. Volume is to high.
<malakhi> (I was lurking and saw your question.)
<malakhi> Just try again, but don't ask to ask a question. Just ask it.
<malakhi> heh. If that made any sense XO
<reya276> yeah, first I'm going to re-install the server to start clean, then I will install gdm and gnome
<malakhi> When you do that, instead of installing them piecemeal, do sudo apt-get install ubuntu-desktop
<malakhi> That will pull in everything on the default ubuntu desktop, and may do a better job of detecting your hardware.
<reya276> ok that was my next choice
<reya276> because I've noticed the whole gnome thing is very complicated if not done correctly
<malakhi> Yes. ubuntu-desktop is a meta-package that depends on xorg, gnome, gdm, etc. It *should* be just like a fresh install of ubuntu.
<reya276> ok so ubuntu-desktop is the same thing but auto detects everything
<malakhi> I won't promise it will be perfect, but it may do better.
<malakhi> Installing from the -desktop or -alternate CD would be the preferred method. They do a very good job at detection.
<reya276> ok so the command is sudo ap-get install ubuntu-desktop
<malakhi> Yes.
<malakhi> sudo apt-get install ubuntu-desktop
<reya276> hey when this thing is loading I get a Revalidation error, what does that mean
<malakhi> "Revalidation error"?
<malakhi> after typing the command? or when booting the system?
<reya276> when booting the system
<malakhi> Not sure.
<malakhi> Does it hang there? Or continue to boot?
<reya276> no it boots normally
<reya276> ok after the desktop install then how do I run it
<malakhi> Same thing as before: sudo /etc/init.d/gdm restart
<reya276> the desktop is installing off the cdrom
<reya276> ok and that will make it start everytime it boots
<malakhi> Yes, it should.
<reya276> hey do you know the command to start the apache server
<malakhi> Actually, installing ubuntu-desktop will make it start when the computer starts. That command just makes it start now, instead of waiting to reboot.
<malakhi> Have you installed the package for apache?
<malakhi> If so, it, too, will start automatically by default.
<reya276> well when I was installing the server it gave me an option to install both DNS and LAMP
<reya276> so I installed both
<reya276> ok what I meant was Is there an interface for apache like IIS has
<malakhi> No.
<malakhi> Apache is controlled through text config files. There is no GUI
<reya276> see My boss is a microsoft fan so I'm trying to convert him to using Ubuntu as a server, the guy wants to buy Exchange and I'm like Hell no.
<reya276> wow that's not good
<malakhi> I sympathize, but I'm afraid it's going to be an uphill battle.
<reya276> is there a web interface atleast to setup websites
<malakhi> GUI server administration is a Linux weakness (although some would say it's a strength)
<malakhi> There are various programs that make a passing attempt at GUI administration. CentOS and openSUSe both have much better tools in that regard than Ubuntu.
<malakhi> If you are looking for a true, drop-in replacement for Windows Server, I would say that SUSE comes closest. I would try that before giving up totally.
<reya276> well in terms of security is a strength, but if it lacks the user friendly stuff, so it's great but if the average joe can't use it then it's not worth it
<malakhi> To be honest, IMHO, the average joe shouldn't be running a server. It's a HUGE security risk. Windows just hides the risks behind a pretty interface. They're still there, just not as obvious to the admin.
<reya276> I can do it because I don't mind getting my hands dirty but there are lot's of people that just hate going through the trouble, the issue with the Linux community is that for some reason they don't want to go that route, maybe is the geek in them
<reya276> no offense
<malakhi> lol. Partially, yes. Linux is for people who don't mind getting their hands dirty. That said, there's a reason why "Systems Administrator" is a job description.
<malakhi> none taken. I'm a big geek. It's why I like linux.
<reya276> yes I totally agree but they could make it easier
<malakhi> There's nothing trivial about setting up a good server. Especially an email server that will be exposed to the outside.
<malakhi> It sort of depends. To me, and lots of other people, tweaking config files is much easier than clicking my way through dozens of menus and windows.
<reya276> yeah, I'm going to have my hands full with that because I've never done it on Linux
<malakhi> I haven't done a windows server in so long, my eyes sort of glaze over whenever I open the control panel in Windows. It takes me a while to remember where everything is.
<malakhi> But, I'm afraid I must be going. I need to get a couple hours of sleep before work.
<malakhi> Good luck getting things set up, and convincing your boss.
<reya276> well good night, thanks for the help
<malakhi> Like I said, if you run into problems getting X up again, try asking in #ubuntu. The fact that your using -server is irrelevant for that bit.
<reya276> thanks I will need it so far I'm loosing on the Desktop end, let's see how the server goes
<malakhi> 'night, and again, good luck.
<reya276> I'm the only one using Ubuntu on my desktop, I will head over there if need to, thanks again
<m3thos> having worked has a sysadm, in a team with unix and windows sysadm
<m3thos> I've seen what they do to ppl knowledge and capabilities
<m3thos> all the unix sysadmins HAD TO be more knowledgeable
<m3thos> windows guys couldn't trouble shoot problems..
<m3thos> a lot of problems
<m3thos> because everything was hidden from them..
<m3thos> couldn't troubleshoot _some_ problems.. that were easily picked up by unix guys firing up a ethereal, or booting a linux cd to stress test and benchmark hw performance issues...
<m3thos> and now.. at work.. same shit goes.. 
<m3thos> unix ppl are more proeficient and all round knowledgeable... they are more expensive to hire also...
<Pumpernickel> No, I'd say proficient and knowledgeable people are more proficient and knowledgeable - which leads, indirectly, to knowing Unix.
<m3thos> exactly...therefore.. unix admins have to pass that "test"
<m3thos> not the same for windows admins
<Pumpernickel> Not really.  It just means there's a greater probability of finding an intelligent Unix admin.
<m3thos> I guess you're right.. and was just oversimplificating
<m3thos> :D
<m3thos> how to I list the running services in ubuntu ? (somthing like: rc-status from gentoo, or service --list-all from fedora)
<qiyong> hi all, where to store the route info?
<ogra> can anybody tell me why we default to a 2h keepalive value for tcp connections ? 
<ogra> i know its the default but i really think its nonsense to have dead server processes hanging around for 2h
<ogra> s/default/upstream default/
<shawarma> ogra: What would you suggest instead?
<ogra> 10 mins or so ? 
<shawarma> ogra: Many protocols can be quiet for way more than 10 minutes..
<ogra> do you know why its so high ?
<shawarma> ogra: They'd be killed.
<ogra> but 2h seems a bit overkill
<shawarma> I think it's inherited from ye ol'e BSD TCP code, actually.
<shawarma> It's tradition. :)
<shawarma> What sort of connections are you specifically having problems with?
<ogra> the new tsp implementation uses nbd started via inetd instead of nfs ... having these processes hog the ram seems silly ... but i dont want to poke in /etc/sysctl.conf or so to change it only for ltsp if we could probably just have a better default
<shawarma> I rather find that if someone feels the timeout is too long, it's actually more of an application problem. 
<shawarma> Some sort of keepalive/ping thing could be added that would detect a dead endpoint.
<ogra> well, indeed i could add pinger code to the nbd server side ... but why make it complicated if tcpd can care :)
<shawarma> ...which would cause the connection to die much, much sooner.
<shawarma> ogra: Heh. :)
<ogra> snap
<shawarma> snap?
<ogra> we said the same :)
<shawarma> Oh!
<ogra> i'll look into adding some pinger code then ...
<shawarma> ogra: http://nbd.svn.sourceforge.net/viewvc/nbd/trunk/nbd/README?revision=187&view=markup 
<shawarma> ogra: What does the timeout do?
<ogra> kill the session after the specified time if there was no traffic
<ogra> which is quite evil if you use nbdroot :)
<shawarma> Eek.
<shawarma> But that's what you're essentially asking, isn't it?
<ogra> it doesnt do what you think it does :)
<ogra> no
<ogra> i want the connection to persist if tehre is no traffic ... i want it to die if there is no endpoint
<ogra> thats different
<shawarma> Indeed.
<ogra> you dont read all the time form your fs :)
<shawarma> Well, if you set the tcp keepalive down to 10 minutes, you'd kill the connection, too?
<fabbione> ogra: changing tcp defaults == really really really bad
<shawarma> fabbione: Agreed.
<fabbione> you are going to hit all kind of different problems for other applications
<shawarma> Many, many things may depend on it.
<ogra> fabbione, well what i want to know is why are they so high, i'm already living with the fact that i'll need a pinger
<fabbione> ogra: i am pretty sure there is an entire set of RFC's to explain that
<fabbione> did you google for it?
<ogra> ok
<ogra> no, not yet
<ogra> 2h seems just a bit long ...
<ogra> but if there are valid reasons i wont argue :)
<shawarma> Adding some sort of no-op keepalive thing to the nbd protocol will be the right choice, I'm sure.
<ogra> right
<fabbione> i can find thread about this going back to 2001 at least
<shawarma> ogra: Thankfully, upstream seems to be very much alive. I thought nbd was dormant.
<Elwell> Q - whats involved in altering the xen-meta package to work with amd64?
<ogra> nah, wouter's been busy on it its well maintained ... else we wouldnt have done the switch with ltsp
<ogra> we use nbd swap since two releases by default and never had probs with it 
<shawarma> ogra: Sure, but I didn't know you did that either. :)
<ogra> its part of the ltsp speedup work we're doing upstream atm
<shawarma> ogra: Putting swap on the network speeds things up?
<ogra> nbd serving a squashfs image merged in a union/tmpfs root for the client is about 20-30% faster than nfsroot
<ogra> (talking about bootspeed)
<ogra> no, putting swap on the network lets your firefox not die if you run out f ram :)
<shawarma> ogra: Interesting.
<ogra> it gets extremly slow if it starts swapping, but you can still close your apps and save your files, its only a safety net ...
<fabbione> interesting
<ogra> but ....
<fabbione> so according to RFC901 the main reason to have long timeouts is to allow ftp to work on slow link
<ogra> (nbdswap uses swapfiles on the server)
<fabbione> +s
<fabbione> + all the other RFC's 
<ogra> if you put the swapfiles in a tmpfs it gets very useable
<ogra> bah, ftp
<fabbione> well one of the reasons
<ogra> yeah
<ogra> i understand ...
<fabbione> all protocols that use more than one port for communications are affected by the same issue
<fabbione> ftp uses port 21 for cmd transfer
<fabbione> and port 20 for data
<fabbione> on slow link you get to use only port 20 for hours
<ogra> i'll add my pinger then or live with the 2h presistence 
<fabbione> 21 would time out
<fabbione> and the session dies
<ogra> right
<fabbione> that would disrupt data stream on 20 due to the missing com
<ogra> that makes a lot of sense
<fabbione> and similar protocols would have the same issue clearly
<ogra> i didnt even think about control connections being run parallel
<ogra> right
<shawarma> Ah, yes, that's a really good point.
<shawarma> When you first said ftp and slow links I thought about a link where there was up to two hours between each package.. Oh, the horror!
<ogra> well ... think dialup :)
* shawarma is trying to forget all about dialup
<fabbione> you guys need some more real life
<shawarma> fabbione: Yeah? When was the last time you were doing a file transfer where there were hours between each package?
<fabbione> shawarma: hmmm last Xmas
<fabbione> in italy i still have ISDN
<fabbione> shawarma: we are way lucky here in dk
<shawarma> fabbione: Where were you? In the australian bush with a internet connection over rusty barb wire?
<fabbione> italy
<fabbione> rome
<fabbione> ostia
<fabbione> do you want the exact address?
* shawarma boggles
<shawarma> So that's a couple of kbit/hour?
<fabbione> shawarma: yeah almost
* shawarma starts to cry
<ogra> shawarma, edubuntu has users where they have sneaker networks (usbsicks being carried around) to transport their mail
<ogra> they hardly even get power at places
<ogra> an 28k dialup is luxury in such areas
<shawarma> ogra: Right, but that's an entirely different story altogether. At least I hope it is... You don't implement IP-over-Adidas, do you?
<ogra> heh, working on that :)
<fabbione> shawarma: i wouldn't kid too much about IP-over-Adidas because in JP they proved it to be faster than any available connection at the experiment time (that was no longer than one year ago)
<fabbione> it was also on /.
<ogra> heh
<fabbione> the concept is very simple
<fabbione> given a distance between a and b... calculate how much time it takes to transfer let say 10TB
<fabbione> on one 10Mb adsl
<shawarma> Right. You shouldn't underestimate the bandwidth of a truck full of backup tapes driving down the freeway.
<fabbione> how much it takes to drive from a to b with a 10TB disk (or set of disks)
<fabbione> exactly
<fabbione> + data transfer from pc -> disks -> pc
<ogra> it correlates with the amount of data :)
<fabbione> ogra: yes..
<fabbione> so IP-over-Adidas > Ethernet sometimes
<shawarma> But ssh over ip over adidas..
<ogra> i doubt you can be faster than a 10k file on a fast DSL line, not even with adidas :)
<fabbione> shawarma: we didn't mention latency.. only speed
<ogra> shawarma, you need proxies for that :)
<fabbione> ogra: clearly.. it still depends from the distance you need to cover
<ogra> for the key exchange ...
<ogra> right
<fabbione> anyway
<fabbione> it's possible to express this with some math formulas and calculate some interesting operational areas for IPoAdidas
<fabbione> also take into account the costs for IPoAdidas compared to wait for the data etc. .etc.
<shawarma> It needs to take convenience into account as well. a.k.a. the lazy-factor.
<fabbione> shawarma: for me manager is more convenient to get 10TB of data in let say one hour transport rather than having an employee waiting 2 days for the data transfer to finish
<fabbione> as employee i would say to screw my manager because i have a good excuse to do nothing for 2 days :)
<fabbione> but try to imagine tons of "(i)Pizza Express" driving around dk and knocking on your door: "Here is your pizza... with salami, cheese and 1TB of pr0n"
<shawarma> \o/
<fabbione> Cash or Dankort?
<fabbione> :)
<ogra> shawarma, fabbione, did you know that one ? http://www.wizzydigital.org/how.html
<ogra> IPoverMoped :)
<ogra> http://www.wizzydigital.org/how_dont_have_a_phone.html <- even better :)
<julius_> How can i go about sleeping my servers raid array? or should i leave the disks running constantly to further lifespan
<julius_> and are there any nifty http based server control panels? like to just monitor temps/hdd errors e.t.c.
<CrummyGummy> Hi all,
<CrummyGummy> Now that I've upgraded to feisty all by hdd in the raid now use dm-*. Where can I find the mapping for this to standard sd* names?
<mralphabet> ls -al /dev/disk/by-uuid/
<CrummyGummy> mralphabet, Thanks.
<mralphabet> np
<kyrel> bonjour !
<kyrel> Hello ?
<kyrel> is there someone ?
<leonel> what's uo
<leonel> up
<kyrel> got a little problem under feisty whith mdadm
<kyrel> Is there a bug about software raid 1 ?
<leonel> check in launchpad  
<mralphabet> kyrel: perhaps if you mention what your problem is people could be more helpful ;)
<redline6561_> i've been having trouble getting startup scripts to work on feisty...for example to start tomcat or resin or jetty (all servlet containers). setting variables and putting the scripts in /etc/init.d and running update-rc.d just doesn't seem to work. anyone have any advice? or want more details (i.e. install process)?
<ivoks> really?
<redline6561_> yeah
<ivoks> update-rc.d service_name defaults
<redline6561_> yep. hasn't been working. i don't know what to think. i can't find evidence of the script running in boot logs. i've disabled splash. i just don't know.
<ivoks> hehe
<redline6561_> i'm pretty confused cause obviously it's supposed to just work (tm). i'm not blaming anybody because i could definitely be doing it wrong.
<ivoks> that depends on your script
<redline6561_> checked in the upstart room cause i thought it might be related to that but apparently it isn't.
<ivoks> no
<redline6561_> right. i figure it is my script. i mean i guess it has tob e.
<ivoks> you created /etc/init.d/service_name
<redline6561_> *to be. makes me wish i knew more about bash scripting. yeah
<ivoks> that script must have start, stop and restart functions
<redline6561_> would you like to see it?
<ivoks> put it somewhere on pastebin
<redline6561_> ok. hang on a few.
<redline6561_> http://pastebin.com/929738
<redline6561_> there you go
<redline6561_> i know it works on fedora 7 with chkconfig...so.
<redline6561_> if that helps at all.
<ivoks> did you try /etc/init.d/jetty start?
<redline6561_> yeah. i've actually tried that and it works correctly as i recall. which would make me think it's not the script.
<ivoks> so, do you have /etc/rc2.d/S20jetty?
<ivoks> or /etc/rc2.d/S*jetty
<redline6561_> two things: 1) the actual system is at work. to some extent i'm here looking for ideas. my boss is already interested in moving on to other projects so there's not really any pressure but i want to make it work. 2)no. i don't think i ever checked to see if things actually symlinked correctly and i never did try it manually...
<ivoks> if you run update-rc.d it will create symlinks and print them on console
<redline6561_> right. and i ran it not with defaults but with runlevel settings for 91 3 4 5 .
<ivoks> also, 3 4 5?
<ivoks> ubuntu's default is 2
<ivoks> :)
<redline6561_> yes. should i have just done 2?
<redline6561_> really?
<ivoks> yes
<redline6561_> and the network is up by then?
<ivoks> yes
<redline6561_> splendid
<ivoks> ubuntu and debian don't do distinction like redhat
<redline6561_> well thank you very much ivoks.
<ivoks> all runlevels are exactly the same
<redline6561_> what do you mean?
<ivoks> user does customization, if he wants
<redline6561_> right.
<redline6561_> so ante, if you don't mind my asking. how long have you been doing this?
<ivoks> in redhat, one runlevel is multiuser, other is network, third is X, etc...
<ivoks> doing what?
<redline6561_> working with linux
<ivoks> since '97.
<redline6561_> that's awesome. how'd you start out?
<ivoks> long story and this channel is not right place to talk about it :)
<redline6561_> lol
<redline6561_> alright. well, thanks very much all the same.
<redline6561_> it was a pleasure meeting you. i'm off to get this thing up and running.
<ivoks> np, you are free to come here if you have problems
<redline6561_> thanks again
<ivoks> np
<TheCougar> are there any exchange like programs with ubuntu server?
<leonel> don't know  what exchange  does 
<TheCougar> its a mail and content server "Microsoft Exchange Server is a messaging and collaborative software product developed by Microsoft."
<mathiaz> TheCougar: well it depends what functionality you're looking
<mathiaz> TheCougar: for. mail server ? imap/pop access ? webmail ? calendar ?
<necrite_> hi ppl
<mathiaz> necrite_: hi
<necrite_> need one shell script guy :D .. i dont understend what happends
<necrite_> + [ db == i ]  [: 1: ==: unexpected operator
<necrite_> WTF :D
<mathiaz> necrite_: do you want to test if db equals i ?
<necrite_> yes :D 
<necrite_> look the source
<necrite_> 		if [ "db" == "i" ] ; then
<necrite_> 			echo "kk";
<necrite_> 		fi
<mathiaz> necrite_: if db and i are variable, you forgot the $ sign
<mathiaz> necrite_: [ "${db}" == "${i}" ] 
<necrite_> they was variables .. but i see this error and change for "strings"
<necrite_> and i still geting the error
<mathiaz> necrite_: http://www.tldp.org/LDP/abs/html/comparison-ops.html
<mathiaz> necrite_: is a good ressource for bash scripting
<mathiaz> necrite_: the link above is for tests in bash
<mathiaz> necrite_: db and i are strings or integers ?
<necrite_> strings
<necrite_> but i need it in sh not bash
<mathiaz> necrite_: well... I don't know much about sh. I do my stuff in bash.
<TheCougar> mathiaz: sorry for the late reply. I'm looking for something that is a pop access server with webmail
<mathiaz> TheCougar: also smtp server i guess ?
<necrite_> got it
<necrite_> it was only one = :P
<TheCougar> mathiaz: ah yes that as well
<mathiaz> TheCougar: for the smtp server, postfix is the default in ubuntu
<mathiaz> TheCougar: exim is also in main
<TheCougar> is there one app for all of it?
<mathiaz> TheCougar: you mean something that works out of the box ?
<mathiaz> TheCougar: you just want to install one packge and it works ?
<TheCougar> well i mean one app to do pop3/smtp, webmail
<mathiaz> TheCougar: one app, no.
<mathiaz> TheCougar: smtp, pop3 and webmail are three differents things
<mathiaz> TheCougar: that's why they have differents programs
<mathiaz> TheCougar: well. Actually, you can have a look at https://help.ubuntu.com/community/Servers
<mathiaz> TheCougar: there is a section on "Mail, Groupware, and Chat Servers"
<mathiaz> TheCougar: you may be able to find something interesting there (mentions hula, kolab)
<TheCougar> ok. thank you
<Level15> hey
<Level15> what's the recommended firewall solution for ubuntu server?
<mathiaz> Level15: the basic firewall is iptables.
<mathiaz> Level15: You can have a look at https://help.ubuntu.com/community/IptablesHowTo
<Level15> well, i'm not that good with iptables... i was kind of hoping there were some wrapper scripts or something...
<nrpil> Level15: have a look at gshield
<nrpil> http://muse.linuxmafia.org/gshield/
<Level15> ok, will look for that
<mathiaz> Level15: there a couple of frontend to iptables
<mathiaz> Level15: The document mentioned above has a section at the end Easy configuration via GUI
<Level15> ok thanks
#ubuntu-server 2007-06-16
<cruteme> anybody in here that can help me out with some networking issues?
<cruteme> I'm ex-Gentoo and am having some trouble bending my mind around ubuntu networking
<Kamping_Kaiser> cruteme, ask your question, if someone can help and is here they wwill answer
<Kamping_Kaiser> you may ahve to wait a while
<cruteme> ok... here's the story... I need to use CIDR style ip addresses and I can't seem to do that with the /etc/network/interfaces file
<cruteme> i know how to do it with the ip command line tool
<cruteme> but thats transient
<cruteme> so I just need general guidance on setting up networking
<Kamping_Kaiser> what part isnt workin? you should be able to use netmask
<cruteme> well I've been using CIDR style networking and would rather not go back to using netmasks if I can avoid it
<Kamping_Kaiser> you'd rather type ip/range then an ip line and a netmask line?
<cruteme> yes
<cruteme> is it even possible?
<Kamping_Kaiser> just checking, but it doestn seem to be
<cruteme> yeah I did try it and it failed
<cruteme> thats why I'm here ;-)
<cruteme> next question then... is it possible to use iproute2 as the backend for the network scripts instead of ifconfig?
<Kamping_Kaiser> quick look at the man page indicates no cidr
<Kamping_Kaiser> that i have no idea
<cruteme> I'm kind of accustomed to the flexibility of the gentoo setup... but its a hybrid linux/bsd
<cruteme> the move to a straight up linux init/networking setup is slightly confusing for me 
<Kamping_Kaiser> heh.
* Kamping_Kaiser hasnt used bsd
<Kamping_Kaiser> in any real way at lest
<cruteme> i really love the hybrid approach that gentoo adopts but it being a source based distro is difficult to maintain
<julius> which is the best open source ftp server?
<Burgundavia> julius: the one in main :)
<julius> proftpd? im having trouble setting up users, is it supposed to be reading my /etc/passwd file?
<julius> Im a bit confused about how PAM works. Ive looked here http://www.proftpd.org/docs/faq/linked/faq-ch7.html and i am editing /etc/pam.d/proftpd and i want to add omne user oxyrich. Do i add the user to the pam file as "oxyrich required pam_shells.so" and then add oxyrich to /etc/password ?
<Kamping_Kaiser> what can i use for dumping the trafic on a card? i need to find out if my rarp/dhcp services are getting hit by a sparc i'm trying to netboot :/
<coNP> Kamping_Kaiser: if you have graphical interface wireshark can be very useful
<Kamping_Kaiser> coNP, thanks
<r00tintheb0x> yay! shiny new vmware-ed ubuntu install complete w/vmware tools :D
<m3thos> hi there, I want to install a system with software raid5 + LVM and raid10 + LVM for the system and user partitions.. does the ubuntu-server install cd alow to do this ?
<coNP> m3thos: I guess only the alternate CD supports RAID and / or LVM
<coNP> (during install I mean)
<m3thos> will do that
<m3thos> any difference between the regular ubuntu kernel and ubuntu-server kernel?
<shawarma> coNP: The server cd uses the alternate installer as well.
<shawarma> coNP: It has the exact same options.
<shawarma> coNP: The only difference between the two CD's is the selection of software available (on the cd) and the kernel that gets installed by default.
<coNP> sorry they have been different 
<coNP> I did not know they are the same now
<shawarma> I'm quite sure they've always been the same..
<coNP> not really
<coNP> the server installer was not able to manage LVM / RAID partitions
<shawarma> When was this?
<coNP> dapper, edgy for sure
<shawarma> I think you're wrong. I don't care enough to check, though. :)
<shawarma> It would seems silly (bordering on idiotic) to take d-i from the alternate cd, yank out raid+lvm and put it on the server cd. If anything it should be the other way around.
<coNP> I check it
<zim> hi all
<leonel> ea
<zim> can i get ubuntu to run a script when i plug in a pen drive
<coNP> zim: I guess you can, however this should be discussed in #ubuntu
<zim> no this is a server Q
<coNP> sorry 
<zim> I want the server to mount it symlink a folder to another folder run a backup of it 
<zim> then when its removed remove the symlink and mount
<zim> any ideas any one Q ???
<coNP> pmount does similar
<coNP> or some other package, I am not sure, which
<coNP> I mean mounts it
<coNP> and you can umount it as soon as the backup is done
<Yahooadam> Hi, if im using winscp and try to change a file, i get a permission error (most likely cos im not root) but you cant sudo in WinSCP - how can you edit a file with winscp ?
<m3thos> hi, what's the ubuntu way of configuring one ethernet device with _two_ ip addresses ?
<m3thos> (statically)
<foo> Hm, not too sure about a "ubuntu way" ... but I'd just edit /etc/network/interfaces
<m3thos> hehe..
<Burgundavia> m3thos: are you familiar with setting a static ip via that file?
<m3thos> so so, long time ago I used debian, but moved to gentoo, which does things "its own way"..
<m3thos> Burgundavia: I'll manage :D
<Burgundavia> ok, Ubuntu uses the same manner as debian
<Burgundavia> try adding two "address" lines to your interfaces file
<m3thos> okay
<m3thos> that was easy :D
<m3thos> ifdown ethX; ifup ethX ?
<AJBelayerTSS> hey can anyone help me get apt to upgrade to samba 3.0.25, it doesn't think there is an update out there but I can see it on the ftp site, btw i386 ubunut-server 6.06
<m3thos> but I'm in a ssh session
<Yahooadam> could always make a script
<m3thos> /etc/network/interfaces:12: duplicate option
<m3thos> ifup: couldn't read interfaces file "/etc/network/interfaces"
<Yahooadam> or do ifdown ethx | ifupethx
<m3thos> ifup fails
<Yahooadam> AJBelayer, it depends on your sources
<Yahooadam> sudo ifup ethx
<m3thos> that's why I didn't want to do a ifdown first!
<m3thos> i'm running has root
<AJBelayerTSS> which source do I need to get it, I thought I had all the ubuntu ones setup and running
<Yahooadam> i think you can do /etc/networking restart
* m3thos is away
* m3thos bbl
<Yahooadam> where is the ftp site ?
<Burgundavia> m3thos: running as root is a bad idea
<Burgundavia> m3thos: can you pastebin your interfaces file?
<AJBelayerTSS> my sourcelist points to http://us.archive.ubuntu.com/ubuntu and I see the package under http://us.archive.ubuntu.com/ubuntu/pool/main/s/samba/
<Yahooadam> if you do a sudo apt-get upgrade ?
<AJBelayerTSS> no package to upgrade
<AJBelayerTSS> or the similar
<Yahooadam> sudo apt-get update first ?
<AJBelayerTSS> yup
<Yahooadam> what version are you running ?
<AJBelayerTSS> 3.0.22 for samba currently
<Yahooadam> maybe it has somthing to do with the number after ubuntu ?
<Yahooadam> libsmbclient_3.0.24-2ubuntu1_i386.deb 
<Burgundavia> AJBelayerTSS: what version of Ubuntu are you running?
<Yahooadam> libsmbclient_3.0.25-1ubuntu1_i386.deb  
<Yahooadam> 6.06
<AJBelayerTSS> 6.06 server
<Yahooadam> libsmbclient_3.0.22-1ubuntu4_i386.deb  
<Yahooadam> the 24 and 25 releases are ubuntu1
<Yahooadam> and the 22 release is ubuntu4
<AJBelayerTSS> hmm that could be, a full remove and then a reinstall should fix that right?
<Burgundavia> AJBelayerTSS: installing at version of samba might lead to bad things
<Burgundavia> s/at/that/
<Burgundavia> ie: your version of Samba will no longer be supported
<Yahooadam> what does the number after ubuntu mean ?
<AJBelayerTSS> hmmm, but version 3.0.25 has 1 feature I really need on my server, I wonder how I can make it work
<Yahooadam> you may have to compile it yourself
<Yahooadam> but as said, it may not be supported
<Yahooadam> well it wont be 
<AJBelayerTSS> that is what I am afraid of, jsut kinda makes it a pain, 
<Burgundavia> no, you probably don't
<Burgundavia> if you are willing to update every six months, you might want to consider running 7.04
<AJBelayerTSS> not really to be honest, production server so uptime is critcal, that is why I went with 6.06 over 6.10 this was before 7.04
<Burgundavia> ahh
<AJBelayerTSS> if I can get all the deps met can I use dpkg to install it maybe?
<Yahooadam> maybe you can find a deb of .25 ?
<Yahooadam> http://us3.samba.org/samba/ftp/Binary_Packages/Debian/samba/3/
<Yahooadam> found that link on the forums
<AJBelayerTSS> ahhh hey that looks promising
<Yahooadam> no guarantees on that :o
<AJBelayerTSS> hey I'll take what I can get at this point
<Yahooadam> if you have a less critical server to test it on
<AJBelayerTSS> o this is all on my test server first, that would be a nightmare if I did it to the acctual production one
<Yahooadam> http://ubuntuforums.org/showpost.php?p=482661&postcount=9
<Yahooadam> that might work
<Yahooadam> sounds pretty painless
<levander> I've got 000-default and default in sites-enabled.  These are both links to sites-available/default.  Is it normal to have that file linked to in sites-enabled twice??
<Nafallo> not that I'm aware of. maybe you ran a2ensite manually?
<levander> i think it happened during my upgrade to feisty somehow
<chila> hello I need some help with ftp server setup
<Yahooadam> ask away
<chila> spefically, configuring proftpd
<Yahooadam> somone will get to you (eventually)
<chila> well I cant seem to upload or download when connected to my ftp using my dns
<Yahooadam> locally ?
<chila> but I can connect/download/upload fine locally
<Yahooadam> umm on your internal network that is
<chila> yes
<Yahooadam> have you opened the ports on your rotuer ?
<chila> well using dns I cant ul/dl
<Yahooadam> router #
<chila> yes I did
<chila> ?
<Yahooadam> does http://www.canyouseeme.org/ say its open ?
<chila> it can see port 21
<chila> i use port 21
<chila> (obviously)
<Yahooadam> if you get somone else to test it, using your IP does it work ?
<chila> they can't upload large files
<chila> more than 3mb
<chila> and sometimes not at all
<chila> ie just now I couldnt upload anything
<chila> when connecting using dns
<Yahooadam> but on the internal network its fine ?
<chila> when connecting to the internal ip it worked fine
<Yahooadam> you may get additional problems linking back through your own connection
<chila> I see
<chila> but I tested it with someone else and they had trouble uploading
<chila> it timed out on the,
<chila> them*
<Yahooadam> hmmm, but they also used DNS, or did they use the IP directly ?
<chila> dns
<chila> they can connect
<Yahooadam> can you try using IP directly
<chila> ok
<CarlFK> what is a good URL to give someone that shows what u-s is?
<CarlFK> and why isn't it in the topic?
<Yahooadam> u-s = ubuntu server ?
<CarlFK> yes
<Yahooadam> probably cos this is a support channel for ubuntu server, therefore people here will already be using it, therefore they know what it is ;)
<Yahooadam> apart from that, ubuntu server is ubuntu without a gui and possibly with a few more server programs, and fewer common problems, like openoffice
<CarlFK> I know what it is - im trying to pass it on to someone else 
<CarlFK> and it is less than what you just described :)
<Yahooadam> ie ?
<chila> yeah I just restarted my ftp and it works now for some reason. My guess is I can't use my dns internally
<CarlFK> it is a platform that has the 'minimum' packages installed so you can install just what you need 
<chila> everything works fine
<chila> thanks Yahooadam
<Yahooadam> fair enough :)
<Yahooadam> glad it works chila
<CarlFK> u-s alone has no servers 
<Yahooadam> i havent really explored it that much yet :p
<Yahooadam> i used it because a P2 with 190mb ram wont run very much :p
<CarlFK> bah - that is just enough to run desktop
<CarlFK> 128 starts to hurt
<CarlFK> 96 hurts alot
<Yahooadam> its a fileserver, plus i might put bittorent on with (and that means moblock) so in all it doesnt really need a gui
<Yahooadam> it would have been easier with one though :p
<Yahooadam> there seem ot be very few definitive instructions on partitioning/formatting hdd's :p
<CarlFK> just go with the defaults 
<CarlFK> http://www.ubuntu.com/products/WhatIsUbuntu/serveredition 
<CarlFK> kinda fluffy.. but oh well
<Yahooadam> :p
<Yahooadam> actually US isnt basic
<Yahooadam> i couldnt install it without it being a DNS or LAMP server
<Yahooadam> or atleast i couldnt see an option to do it without that
<CarlFK> um, don't check the box
<Yahooadam> there wasnt a box to check
<Yahooadam> it just asked to choose one of them
<Yahooadam> as far as i recall
<CarlFK> may want to try again 
<Yahooadam> maybe cos i used the alternative disk ?
<CarlFK> nope
<Yahooadam> or is there only the command line installer for US ?
<CarlFK> command line?
<Yahooadam> well not quite command line
<CarlFK> install gentoo.  then you will know what a command line installer is :)
<Yahooadam> :)
<Yahooadam> my first linux OS was fedora core
<Yahooadam> and that didnt have a GUI either :p
<Yahooadam> so i was kinda thrust into the linux command line :p
<Yahooadam> bah i cant work out why this transfer is slow
<Yahooadam> USB hdd -> network -> switch -> switch -> File server
<Yahooadam> now which bit is slowing the connection down to 50mb/s
#ubuntu-server 2007-06-17
<Yahooada1> Im making a script to recursivly copy files, cp sourcedir destdir -R, how can i get the bash script to pause until that copy has finished ?
<Yahooada1> (sorry if you already answered, my IRC is being ghey)
<m3thos> hi there, anyone using lvm and having performance problems?
<m3thos> I have a hard problem for you guys
<m3thos> :D
<m3thos> how do I migrate a Logical Volume from one volume group to another volume group, keeping their names.. ?
<ubuntu> hey
<ubuntu> how to restore ubuntu server
<ubuntu> what was the command.
<ubuntu> and total.
<ubuntu> bah someone here.
<ubuntu> i'm starting to hate ubuntu 
<ubuntu> bad os.
<m3thos> lol
<midgetg0at> hey guys, anyone familiar with: http://www.howtoforge.com/ubuntu6.06_dtc_isp_server ?
<midgetg0at> how about symlinks? ln 		-s /var/run/saslauthd /var/spool/postfix/var/run do i need to do that if /var/spool/postifx/var/run doesnt exist but the former does?
<taomaster> good morning to all i'm a network admin working in MS servers and i'm thinkin of changing to Ubuntu server
<taomaster> and ubuntu desktops 4 about 100 workstations
<taomaster> anyone here using a Ubuntu server in a business setting?
<taomaster> ok  here's another ?  is there any issues with Ubuntu working with network printers- brothers 9240 mfc model?
<taomaster> ok guys  u all have been very helpful
<taomaster> thanx
<taomaster> keep up the good work
<midgetg0at> typically....
<midgetg0at> ftp users are tied to system users right?
<midgetg0at> hey guys need a little ftp help
<midgetg0at> created an ubuntu user. created a pureftp user...but still cant ftp in, thoughts?
<lalcaraz> hi, could anyone help me? I have an issue on Ubuntu 7.04 server edition
<lalcaraz> I installed with default options and LAMP
<lalcaraz> but when the PC starts, I can see the GRUB, then the PC restarts itself 
<lalcaraz> what could it be the issue?
<KennyTheGeek> Do you know any media streaming server, that is better than gnump3? gnump3 seems to be using up my ram when i play music through it, but it seems to forget to clean the buffers.
<KennyTheGeek> it keeps using more, and more, and more
<KennyTheGeek> and i only got 512 MB to play with, and when running it it switches to swap...
<taomaster> good luck getting any help here
<KennyTheGeek> hehe
<KennyTheGeek> :P
<lalcaraz> haahahah that's true
<taomaster> i tired
<shawarma> taomaster: What's that supposed to mean?
<lalcaraz> there's more help on #ubuntu channel
<KennyTheGeek> shawarma: cause we tough you was away, and youre the only one responding most of the time
<KennyTheGeek> tried in ubuntu :P
<taomaster> well i'm thinking of using ubuntu server and moving away from MS
<shawarma> KennyTheGeek: :) I *am* away. It's the weekend.
<taomaster> i had a few ? and no anwsers
<KennyTheGeek> shawarma : >_>
<KennyTheGeek> taomaster: youve seen the light ;)
<taomaster> ok  so try on Monday
<taomaster> yes i have
<shawarma> lalcaraz: Try starting in recovery mode and keep a close eye on the console to see what the last thing it says is.
<lalcaraz> anyone knows about an issue on ubuntu server that restarts the pc after grub is showed?? 
<lalcaraz> ookok
<taomaster> i've been usinf ubuntu 7 4 about a month and i like it
<lalcaraz> let me see ... 
<KennyTheGeek> "Shawarma, Ubuntu support, meeting times: 12:00 to 15:00 on monday to friday, and saturday 11:00 to 13:00
<KennyTheGeek> "
<KennyTheGeek> :P
<taomaster> ok  thanx i'll try then
<shawarma> My core hours are 8 AM to 5 PM CEST. I'm around then.
<taomaster> cool  that's all i needed to know
<lalcaraz> the only thing I see is Starting up ... and then boom! reboots
<shawarma> lalcaraz: The install went fine?
<KennyTheGeek> taomaster: did you have any problems with ubuntu server, or haven't you tried yet?
<lalcaraz> yep, was fine no eroor .
<shawarma> lalcaraz: Ok. Hardware?
<taomaster> i have not tried it yet
<lalcaraz> via c3 embedded processor, 256mb ram
<taomaster> i'm uploading as we speak
<KennyTheGeek> taomaster: uploading? :S
<taomaster> well sorry  d/l
<KennyTheGeek> :P
<shawarma> lalcaraz: That's probably your problem. You need to boot up the server cd, choose rescue mode, and install the -i386 kernel, I think.
<KennyTheGeek> i was too lazy to download ubuntu-server, so i installed desktop, and uninstalled gnome :P
<lalcaraz> ok, let me try it. thanks
<KennyTheGeek> running xfce if i need vnc
<shawarma> lalcaraz: The server kernel might be trying to use some stuff that the via cpu's don't support. They're not entirely i686 compatible, afair.
<taomaster> KennyTheGeek  is there a book or something outt here so i can study this distro?
<lalcaraz> ok let me try it right now ... thanks :D 
<shawarma> lalcaraz: np
<KennyTheGeek> taomaster: :S not that i know of, why?
<taomaster> i was goin  to go with Novell until they paired with MS
<KennyTheGeek> hehe
<taomaster> i like to read about it b 4 i use it
<KennyTheGeek> used SuSE 10 once, didn't like it
<lalcaraz> this is my MB, if you know any issue related http://www.pcchips.com.tw/PCCWeb/Products/ProductsDetail.aspx?DetailID=348&MenuID=0&LanID=2
<KennyTheGeek> well, ubuntuforums.org, ubuntu.com :P thats where you can read about them
<taomaster> i had sled 10, it was nice until i tired ubuntu
<taomaster> i saw at distrowatch.com there's a course 4 Ubuntu server, have u ever seen it?
<KennyTheGeek> no
<taomaster> it's like 349.00 4 the course
<taomaster> 6 weeks
<KennyTheGeek> :O!!!
<KennyTheGeek> expensive ****...
<taomaster> well how much diff is it then server 03
<taomaster> i think i can figure it out
<KennyTheGeek> server isn't that hard
<lalcaraz> question: how may I install i386 kernel?? :S
<taomaster> i have 100 workstation and 4 servers at my place of business
<shawarma> lalcaraz: You chose the rescue option, when you started?
<lalcaraz> yep 
<lalcaraz> I'm on a menu just like the installer
<KennyTheGeek> taomaster: i got 5 pc's (1 dekstop) and 1 server at my "business" :P
<shawarma> lalcaraz: Alright. I don't remember options.. Could you remind me?
<lalcaraz> starts asking for my language, then my keyboard, now it's loading additional componentes
<KennyTheGeek> it's my mom/dads, home droven, he's mechanical guy, electrician, all other stuff he can figure out how to do...
<taomaster> does this ubuntu have remote services?
<shawarma> lalcaraz: Ah. just wait then.
<KennyTheGeek> remote services? of which sort? VNC, SSH, stuff like that?
<taomaster> vpn
<KennyTheGeek> a vpn server should be in the repositories, ill check
<shawarma> taomaster: openvpn is in the archive.
<taomaster> ok
<lalcaraz> sharma: it's asking me about that FS I want to rescue,
<lalcaraz> shows hda1, hda2 or hda5 
<shawarma> lalcaraz: Yes...
<lalcaraz> I believe it's hda1 
<lalcaraz> as far as i can remember ... that's my root 
<shawarma> lalcaraz: You can switch to vt2 and check.
<shawarma> lalcaraz: Alt-f2, press return, do 
<shawarma> fdisk -l /dev/hda
<lalcaraz> true, fdisk shows it up 
<taomaster> ya right now i do all my network admin-ing from my home and the offices are in another town
<taomaster> so remote connections is a must
<lalcaraz> so then another menu appears: execute shell at hda1, execute shell from installer enviroment, reinstall grub boot loader, choose different root FS, reboot the system
<shawarma> lalcaraz: The first one.
<shawarma> execute shell at hda1
<lalcaraz> ok, i'm on a shell as root 
<shawarma> Great.
<shawarma> apt-get install linux-image-386
<lalcaraz> is that easy? hahahaha I love aptitude! :D 
<shawarma> Oh, hang on. Do you have /boot on a separate partition?
<lalcaraz> nope
<lalcaraz> just 2 partitions, / and swap
<taomaster> ok guys thanx for the info and i'll c you during the work week
<shawarma> lalcaraz: Excellent.
<shawarma> lalcaraz: When it's done installing, exit from the shell, reboot and when grub shows up, make sure you chose the right kernel.
<shawarma> lalcaraz: And presto!
<lalcaraz> ok, just need to upgrade the aptitute package list
<lalcaraz> hahahaha that's why i Love Ubuntu :P many thanks 
<lalcaraz> question: do I need to upgrade the grub menu? or it's just updated automatically? 
<shawarma> lalcaraz: Automagically.
<shawarma> lalcaraz: If you're bored, you can run update-grub yourself.
<shawarma> lalcaraz: But installing a kernel triggers it, too.
<lalcaraz> :o "sophie" is working. I can see the services getting up 
<shawarma> After rebooting? Great stuff.
<lalcaraz> many thanks, it's working now. Have a nice day :D
<Elwell> hey folks - Are there any good docs for installing / tweaking RT (Request-tracker) on ubuntu? if not - shall I start some? (I've installed / used / customised it before and am just doing a fresh install on a feisty-server-amd64)
<Tron04> hello, when my ubuntu boots, the cursor stays in the right corner after the system says "Running local boot scripts". I have to hit return to see the login text. any clues?
<ivoks> that's normal
<Tron04> hihi. and what to do about it?
<Tron04> do you know why this is so?
<ivoks> nothing
<ivoks> yes, once upstart is fully implemented, this will go away
<Tron04> maybe an echo is missing somewhere
<ivoks> no, 'login text' aka getty is started before some services
<Tron04> sorry I'm new.. what is upstart?
<ivoks> so you get login prompt, and then information about started services
<Tron04> oh i understand
<ivoks> Tron04: replacement for sysv
<ivoks> sysvinit
<Tron04> I am just starting with ubuntu.. but got my samba server running today... yeah!
<ivoks> event based init
<ivoks> upstart.ubuntu.com
<Tron04> will check this out. thanks!
<Tron04> just one other question:
<Tron04> is it possible to let ubuntu power down by pressing the power button on the pc?
<Tron04> currently this does nothing.
<Tron04> i mean a clean shutdown and then power off
<ivoks> yes
<ivoks> install acpid package
<Tron04> will try this. and tell if it works...
<ivoks> this package is installed by default in desktop version
<ivoks> but not in server
<Tron04> ahh i see
* Elwell wishes the desktop one would shutdown not just pop up dialogue
<Tron04> you know ubuntu quite well. how long have you used it?
<ivoks> Elwell: i think that's possible
<ivoks> Tron04: since 4.10
<Elwell> ivoks: sure it is, I just need to RTFM :-)
<ivoks> Elwell: system -> preferences -> power manager
<ivoks> last tab :)
<Tron04> ivoks: you are great! it works wow. this is important to me, because I want to use my pc as a headless NAS device and want to shut it down without doing it via ssh. thanks!
<ivoks> np
<Tron04> sorry... next question...
<Elwell> ivoks: ta.
<Tron04> i told grub to use vga=791, but when restarting i get something like invalid video mode and then a list of text modes.
<Tron04> I bet you have a hint
<ivoks> i don't :)
<ivoks> i'm kind of tired :)
<Tron04> ok no problem
<ivoks> 791 should work
<olem> Hi everyone. 
<olem> is there some activities relating to ubuntu-directory? I saw few activity in the mailing list archive
<olem> is there any plans to work towards some jobs for next release?
<olem> oups... wrong channel :S
<olem> anyway, I whish we could do some job to have a "Ubuntu Directory Server" package for next releases :-)
<ivoks> based on... ldap?
<olem> probably
<olem> I recently saw Luke from PADL coded a pam_ccreds to cache credentials.
<olem> So, it seems all the needed bases are there to have a good candidate for small/medium business sized servers.
<Burgundavia> olem: cached creds is old
<olem> yes. right. I just spotted it recently anyway.
<olem> cause my ldap/linux related skills are perhaps dating a bit too :)
<Burgundavia> right
<Burgundavia> nss-updatedb is the other part that equation
<olem> yes, I spotted it too
#ubuntu-server 2008-06-09
<tain> I'm interested in installing an IDS on my Hardy box. PHPIDS, Samhain, and OSSEC all look interesting. What works well with ubuntu?
<uvirtbot> New bug: #237739 in samba (main) "samba shared fat 32 drive is now read only and permissions will not change after updating" [Undecided,New] https://launchpad.net/bugs/237739
<antdedyet> finished up the first ubuntu server conversion last week for a developer client that was persuaded to move from years of RH frustration
<antdedyet> he commented on the elegantness of the debian/ubuntu (basically, for FHS conformation, so I take it) file layout
<antdedyet> overall, he has been pleased to find much of his devel cruft was already packaged. ;)
<saltedlight> hi. what is the proper way to use an external smtp server on a default ubuntu 8.04 server? i have not instaled a mail server... do i have to install one or i can just use an external one?
<merritt1> Hi all
<merritt1> I have a question if thats ok
<DBAmethyst> ask it
<merritt1> I have a 6.06 machine , how do I applypatches from the commandline
<merritt1>  I have a 6.06 machine , how do I applypatches from the commandline
<sommer> merritt1: sudo apt-get update, then sudo apt-get upgrade
 * antdedyet sure is glad he didn't say 'patch' :(
<Jberg88> hello
<Jberg88> I was wondering if anyone can help me get to the error logs on my server
<Jberg88> hello?
<specialKevin> Jberg88: what error logs are you trying to access
<specialKevin> most should be under /var/log
<Jberg88> specialKevin: i thought there was no one here... I have this 404 error when i try to get to my main site but if i do 192.168.1.25:8080/phpmyadmin
<Jberg88> I can log in but drupal is not showing up and it is there
<Jberg88> neither is the test page index.html is showing up
<Jberg88> I have been googling all night i don't know what to do
<Jberg88> hello
 * Jberg88 hears hello echoes around the irc hall
<specialKevin> Jberg88: did you look in the apache2 access and error logs
<specialKevin> do you see a connection from your ip or any errors
<Jberg88> yeah
<Jberg88> yeah it says a certain /htdocs doesn't exist
<specialKevin> do you have you document root for apache setup correctly
<specialKevin> and drupal setup in the correct location
<Jberg88> drupal is in the correct location it was working earlier
<specialKevin> did you make any changes to apache, php or drupal
<Jberg88> everything was fine until i tried to port forward
<specialKevin> did you try to port forward via apache
<Jberg88> i don't think so
<specialKevin> how did you setup port forwarding
<Jberg88> using dydnds
<Jberg88> hold on let me get the link
<Jberg88> i used this: http://mexpolk.wordpress.com/2008/01/29/ubuntu-gutsy-dyndns-client-setup/
<specialKevin> are you trying to port forward port 80 to a different machine
<Jberg88> well before this yeah
<Jberg88> but then i changed it to the setting seen on that blog
<Jberg88> i tried to fix the router back but nothing
<specialKevin> no is the machine you are port forwarding to have apache running with drupal installed
<specialKevin> s/no/now
<Jberg88> yeah
<specialKevin> now does it work if you try to access the machine locally
<Jberg88> from another computer on the network well yes and no
<Jberg88> yes because i can go into phpmyadmin
<Jberg88> no because i can
<specialKevin> I mean does drupal work
<Jberg88> i can't access drupal
<Jberg88> no
<Jberg88> sorry
<specialKevin> do you have drupal installed in your webroot
<Jberg88> webroot ummm yes
<specialKevin> and that is the same webroot as in your apache conf
<Jberg88> oh no
<Jberg88> a copy
<specialKevin> what do you mean a copy
<Jberg88> i didn't have manual access to /var/www/ so i copied it to /me/mysite
<Jberg88> sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/zaphu
<Jberg88> like that
<Jberg88> sheesh i am making this harder for you
<Jberg88> sorry
<specialKevin> it sounds like your documentRoot isn't setup correctly in your /etc/apache2/sites-availabe/zaphu
<specialKevin> also did you reload apache after you made your changes
<Jberg88> always do
<specialKevin> just checking
<specialKevin> so your documentRoot in /etc/apache2/sites-available/zaphu is set to /me/mysite
<Jberg88> it is empty
<Jberg88> all it says NameVirtualHosts *:80
<Jberg88> and that doesn't have a virtual host when i restart apach2
<Jberg88> i get a warning
<specialKevin> well if you want it to server up files from /me/mysite you need to have it in the doc root for the virtual host
<specialKevin> what is the warning
<specialKevin> it sounds like there are errors in your apache conf files
<specialKevin> I would recommend reading over this: https://help.ubuntu.com/6.10/ubuntu/serverguide/C/httpd.html
<Jberg88> i do i just can't find where that doc root is now
<Jberg88> i don't remember at all been looking
<specialKevin> the default doc root is /var/www
<specialKevin> but if you look at /etc/apache2/sites-available/default it should say
<Jberg88> oh ok
<specialKevin> also did you create a symlink of site-availalbe/zaphu to sites-enabled/zaphu
<Jberg88> oh no
<Jberg88> is that sudo ls -s?
<Jberg88> thank you so much
<Jberg88> I am going to bed and do this in the morning it is extremely hot here and I am tired
<Jberg88> good day/night thanks again
<cristian> giorno...
<twb> Regarding clamav and friends, is there an Ubuntu equivalent of debian volatile?
<cristian> z.z.z.z.z
<kraut> moin
<aMoRPHeouS> Hi, I'm running OpenVPN on Ubuntu Server 8.04 as a guest machine on VMWare ESX 3i. It runs fine for a while and then randomly all CPU usage on the machine goes through the roof and the machine can't be accessed. There's no logs at all from what I can see that causes this behaviour. Anyone have ideas on what could be causing it?
<incorrect> i've setup ldap auth and getent passwd etc works fine, however i thought i had give the current authed user access to change the passwd attribute
<incorrect> are there any known bugs with ldap at the moment with this?
<uvirtbot> New bug: #238516 in nagios3 "XSS issues in Nagios CGI (CVE-2007-5803)" [Undecided,New] https://launchpad.net/bugs/238516
<saltedlight> hi. i'm trying to send mails using ssmtp but does not seems to work. do i have to install some other pachages?
<Kamping_Kaiser> "doesnt work" doesnt help
<RainCT> Hi
<RainCT> just a little question.. why does "/etc/init.d/apache2 restart" suck? :P
<RainCT> (as in, "sudo /etc/init.d/apache2 stop; sudo /etc/init.d/apache2 start" is much faster)
<RainCT> (and restart sometimes doesn't work properly)
<foolano> RainCT: the script has a sleep 10
<foolano> the way apache is restarted sucks. It basically gives apache some time to stop (sleep 10) cuz some children might haven't exited
<Kamping_Kaiser> *giggle* think of the children
<foolano> :)
<foolano> RainCT: and sometimes it fails cuz the a child process which hasn't stopped still has an open socket
<RainCT> -.-
<RainCT> and.. is there any reason why this hasn't been improved beside "nobody did it"? :P
<hads> You haven't fixed it yet :)
<RainCT> uhm.. what is that htcacheclean stuff?
<RainCT> nice, fixed it on my comp :)  (I don't think that my solution is good enough to get into the package, though :P)
<foolano> RainCT: there's been some discussion in debian to fix it, but i think they didnt reach any conclusion
<RainCT> yeh.. a "proper" solution seems complicated
<RainCT> well, thanks
<foolano> RainCT: what i did was checking if the port is available during a loop, sleeping 1 sec every iteration, and 10 iterations at most
<foolano> RainCT: I think a proper solution should come from upstream
<RainCT> how have you done this port thing?
<foolano> actually, i did that for eBox. we use apache and sometimes we have to restart  apache and we were experiencing this issue
<elliotjhug> hi all, I've setup a virtual machine on my server that hosts Zimbra, I want to use a subdomain to access this externally, DNS is all setup on the host, how do I go about forwarding the subdomain to the virtual machine?
<Deeps> create an A record for the subdomain with the IP of the vm
<elliotjhug> Deeps: But I can't use the local (internal) ip address can I? and I only have the one static external IP
<Deeps> you can if you want, it's against the RFC to do that though, and it'lly work for you when you're on your lan
<Deeps> if you want to use private addresses in your dns, the correct approach is to not publish the zone to the whole interweb, instead using (in BIND, at least) 'views', to provide different zone replies based on where the query's coming from
<elliotjhug> but that's still internal only isn't it?
<Deeps> if you want it visible to the whole world, you'll need to use port forwarding, either through whatever virtualisation suite you're using, or iptables postrouting
<Deeps> urr, prerouting
<elliotjhug> thanks a lot - I'll look into it
<elliotjhug> are there any good tutorials on how to do iptables?
<Deeps> google / ubuntu.com / wiki.ubuntu.com / ubuntuforums.com
<Deeps> urr, .org on that last one
<elliotjhug> thanks
<uvirtbot> New bug: #236988 in openssh (main) "HARDY: gnome-ssh-askpass does *not* grab keyboard or focus if contested with other apps" [Undecided,New] https://launchpad.net/bugs/236988
<Kapli> Is there any security issue or anything that can happen if i logon to my server via putty and winscp as root?
<lukehasnoname> The usual risks of running as root
<lukehasnoname> you might accidentally delete a system file or run a harmful command
<lukehasnoname> if you're careful about what you do, and only run commands you know how to work, it's not a huge deal
<Kapli> so its better to login as a normal user and use sudo thing for each command
<Deeps> yes
<lukehasnoname> Soren
<Kapli> i have a problem running a php script which is supposed to access a program and use it to get info, it worked on my windows server but i cant get it to work now, in the instructions for the error i get it says its caused by path to file, permission, or safe mode, safe mode is off, ive given www-data permission to the program and the program is in same directory as script so i just put the...
<Kapli> ...program name as path, also tried with full path but sitll not working
<Kapli> any ideas? i tried to run the program as www-data also so it cant be about permission, safe mode is off also so the only thing it can be is path or something else i dont know about
<Kamping_Kaiser> allowing root logins to a box automatically reduces its security
<Kapli> also tried putting the file in /bin/ and tried with and without full path still not working
<Kapli> i can disable root logins through putty and winscp or other programs?
<Kamping_Kaiser> you disable it in sshd on the server
<elliotjhug> I'm trying to use this command "iptables -t nat -I PREROUTING -d subdomain.domain.co.uk -j DNAT --to 192.168.0.3" to setup prerouting on my server - it isn't working. Can you show me where I am going wrong?
<Kapli> shouldnt root login be disabled by deufalt?
<Kamping_Kaiser> yes ti should. and iirc it is
<Kapli> i installed hardy heron and didnt do anything to enable it, yet i could login via putty and winscp
<Kamping_Kaiser> as root?
<Kapli> yes
<Kapli> oh wait, i think it asked me to set a password for root or something after installation, so since i did that it got enabled i guess
<Kapli> well i ran sudo passwd -l root so it should be disabled now right?
<Kamping_Kaiser> root account should be locked yes
<Kamping_Kaiser> the password has is probably still in the password file, but you cant log in as root
<Kamping_Kaiser> directly at least
<Kapli> so i have to use sudo to run stuff now, it will ask me the root password and the root password is same as before right?
<Kamping_Kaiser> sudo should ask for your user password
<Kamping_Kaiser> unless ubuntu has completely changed the way it does servers
<Kapli> ah ok
<lukehasnoname> SOREN
<zul> if you are looking for soren he aint here :)
<_ruben> grmbl .. cant figure out how to properly install ubuntu-server from usb stick .. all docs i find on internet are for ubuntu (desktop)
<_ruben> i can boot into the installer, but it bails out on "cant find cdrom" .. which i dont understand either since the box does have a cdrom drive (i can even boot an ubuntu-server cdrom, but the install still cant find it) .. its a dell PE2950
<Kapli> how can i use winscp to edit files and such when ive disabled root
<_ruben> Kapli: you cant edit files you dont have permissions for that way
<Kapli> well all files are owned by root so disabling root has made winscp useless then..
<_ruben> the files in your home dir arent
 * _ruben never even bothered to edit files with winscp
<Kapli> well my website files are in /var/www and owned by root so i cant edit my webpages now, cant i use sudo or something in winscp so i can edit htem?
<Deeps> you can change their own
<Deeps> owner*
<Deeps> sudo chown -R <your username> /var/www will make all files (and directories) in /var/www  owned by <your username>
<Kapli> well i suspect changing owner of all files on server will cause problems so how can i enable root again it was easier
<Deeps> how did you disable root? o_O
<Kapli> sudo passwd -l root
<Deeps> sudo passwd root
<Kapli> well i set a new unix password with that
<Kapli> but if i try to logiin as root via putty it closes the connection when i login
<jber1> hello I am having a problem with apache2 which seems to not have a virtual host so i get a 404 when i go into my website
<jber1> I read that it has something to do with my document root but i can't seem to find it
<Deeps> Kapli: wierd, look at stuff /var/log/(messages|syslog|auth.log)
<Deeps> jber1: default docroot on apache in ubuntu is /var/www
<Kapli> in putty it closes connection, in winscp it says account expired
<Kapli> Deeps: what am i supposed to look for in those files?
<jber1> Deeps: there is nothing in there it just has the apache test page
<Kapli> pam_unix(cron:account): account root has expired (account expired)
<Kapli> i ran sudo passwd -u root and i can login as root again :)
<Kapli> i have a problem running a php script which is supposed to access a program and use it to get info, it worked on my windows server but i cant get it to work now, in the instructions for the error i get it says its caused by path to file, permission, or safe mode, safe mode is off, ive given www-data permission to the program and the program is in same directory as script so i just put the...
<Kapli> ...program name as path, also tried with full path but sitll not working<Kapli>any ideas? i tried to run the program as www-data also so it cant be about permission, safe mode is off also so the only thing it can be is path or something else i dont know about. Also tried putting the file in /bin/ and tried with and without full path still not working
<faulkes-> php.ini has a specific include path, you should try putting whatever you are doing (although includes tend to be different) in there
<faulkes-> it also depends on how you are calling the program (and what that program was written in)
<Kapli> its a ventrilo status script and i really dont know what its written in, i can run it in command line and use it to get info from my ventrilo server, can also run it as www-data so its not permission, i think the php script uses exec() but im not sure how it all works
<_ruben> hmm .. iscsitarget-source fails to build with module-assistant
<mathiaz> jdstrand: irssi notifications ? - what did you implement exactcly ?
<jdstrand> mathiaz: oh, cjwatson's excellent script using libnotify so I get a little popup (like just a second ago when you asked the question)
 * jdstrand goes to get the url
<Kapli> anyway, i uploaded a fresh copy of the script and the program and it worked, no idea why :p
<jdstrand> mathiaz: http://www.chiark.greenend.org.uk/~cjwatson/code/notifications/
<mathiaz> jdstrand: awesome - that was on my TODO list since the begining of the times
<jdstrand> mathiaz: one teeny thing-- I found that I needed to have 'fnotify' named 'fnotify.pl'
<jdstrand> (for autorun to work)
<jdstrand> *shrug*
<mathiaz> jdstrand: great - thanks for the link :)
<jdstrand> np :)
<ScottK> danshearer: I would be interested in your thoughts on https://wiki.ubuntu.com/ServerFlavorSpec
<ScottK> Anyone else too.
<lukehasnoname> Looks interesting
<lukehasnoname> I'm not clear on how someone would specify their scenario to the system. They can't "sudo u-s-scenario -s "I\ need\ a\ mail\ gateway" ""
<lukehasnoname> heh
<lukehasnoname> I guess a sysadmin would specify what services will need to interact and integrate?
<Kapli> I have a dynamic ip, and im using a free dns service and it gives me a url i have to go to to update the ip, i have put wget and the url at the bottom of ip-up in /etc/ppp will it run every time the server gets a new ip ?
<ScottK> lukehasnoname: The idea is to create a scenario editor that allows admins to provide needed specifics for a particular flavor.  To define a flavor is, at least in the near term, going to be a signficant effort requiring understanding of FAI.
<Kapli> i also have a database backup sh script which ive put into cron.weekly, will it run every week?
<ScottK> lukehasnoname: The idea would be either to boot a standard ISO and have it pull the output from the scenario editor from an external source or to spin a custom ISO will all the needed information in it already.  The idea would be to boot the CD in the new server and then walk away.
<lukehasnoname> So we're really talking about a server-oriented custom ISO on one end, combined with FAI
<danshearer> ScottK: triple-double thumbs-up. I've only had time to edit the Summary so far, there's one conceptual thing I
<danshearer> wanted to add (this is about where knowledge is stored and applied, ie what point in the workflow) and a technical
<danshearer> point that the scenario editor should have an option to upload any custom scenario created because chances are that will
<danshearer> tell us what we should be shipping (since presumably it will be mostly experienced people who create these things, after having found
<danshearer> the standard one isn't good enough.)
<danshearer> ScottK: Does that help?
<ScottK> Yes.
<danshearer> Ummm... is this the ettiquette? I mean, jumping in and editing? Forgot to ask.
<ScottK> danshearer: Particularly since I asked you for comment, yes.
<ScottK> Since the spec is still draft you are welcome to hack on it.
<ScottK> From a technical perspective, I'm not sure if it's better to take the output of the editor and spin a custom ISO (either for CD or USB stick and maybe PXE boot someday) or have the 'flavor' CD look somewhere for the per install infromation and use a common ISO all the time.
<danshearer> ScottK: The scenario editor (not 100% keen on the name, because we're creating something concrete not abstract, minor point)
<danshearer> lends itself to a web interface as well
<ScottK> The latter is in many ways easier, but adds significant infrastructure complexity in that the ISO has to be programmed to look somewhere
<danshearer> Web interface fits with spinning a custom ISO
<ScottK> danshearer: Yes.  Some javascript thing is what I'd planned on starting with.
<danshearer> This was the basis of several business models based around OSS back in 1999 :-)
<ScottK> I was planning on ripping off kirkland's virt specifier things.
<danshearer> And rpath these days too of course.
<danshearer> Well it would be very good if a VM was considered to be exactly the same as a real install, whatever that means.
<danshearer> ScottK: where is the 'virt specifier' ??
 * ScottK looks
<danshearer> Got to go for now I'm afraid, I'll look forward to seeing where this has got a bit later on.
<ScottK> danshearer: http://people.ubuntu.com/~kirkland/ubuntu-vm-builder.html
 * ScottK remembered the name wrong
<kirkland> ScottK: hey, fwiw, i did add the code to a branch of the ubuntu-jeos project in Launchpad
<kirkland> ScottK: same code you see in that url, at the moment
<ScottK> kirkland: Right-click and save works a lot better for me than having to think about bzr.
<kirkland> ScottK: yup
<kirkland> ScottK: i'm going to check it out and symlink it into that my public_html dir, to keep in sync with what's in the repository
<tyn0r> hi ! I'm looking for any news about ubuntuhomeserver !? this project is abandonned ?
<lukehasnoname> to my knowledge, the project is in its beginnings, and is only actively worked on by a few people at the moment. There is no "home server" release of Ubuntu at present.
<Jberg88> hi
<Jberg88> i am having a problem with drupal on my server the homepage shows up but anything else gets a 404 not found error
<antdedyet> greetings.
<Jberg88> hello
<InsomniaCity> Jberg88: have you asked #drupal?
<Jberg88> thanks
<Jberg88> no i didn
<Jberg88> 'y
<Jberg88> ok can't type
<ergyJB> andb_: sorry lost connection
<ergyJB> i did the command
<ergyJB> someone got my username I am Jberg88
<ergyJB> hello
<InsomniaCity> who are you talking to?
<ergyJB> shooot
<ergyJB> sorry  wrong irc channel
<kees> re 222830> since 3.0pl1-104 is in unstable, I think what should happen is a merge should be done, in which the debdiff for 222830 is added.
<kees> kirkland: ^^
<kirkland> kees: sounds good
<kirkland> kees: i'll merge
<kees> what's odd is I don't see it listed in MoM
<kees> oh, martin did a fake-sync
<kees> erg.
<kees> kirkland: uhm, so, this is a rather odd versioning situation for cron.
<kees> kirkland: it has been merged and then fake-sync'd.
<kees> kirkland: I'm going to guess the right version to use is 3.0pl1-104+ubuntu1  (note the uncommon use of "+" there)
<kees> if you can rebase your debdiff in 222830 against that version of cron, I can upload it.
<kirkland> kees: okay, let me pull that
<kirkland> kees: hmm, so i pull cron's source on an intrepid box and it grabs the +build1 source
<kirkland> kees: where can I find this +ubuntu1 source?
<kees> kirkland: you need to pull +build1 -- your new debdiff will be version +ubuntu1
<kirkland> kees: gotcha, and I should manually mangle the versioning in the changelog entry?
<kirkland> kees: for my addition?
<kees> re 234668> stuff to fix up: lose the .orig file that snuck in, leave the .gitignore that got removed, and adjust the "Maintainer" field in the control file.
<kees> see "update-maintainer" from ubuntu-dev-tools for automated control file love
<kees> oops, I'm >62 seconds lagged
<ergyJB> hello how do i get my 000-default file back?
<ergyJB> ...?
<ergyJB> hello
<ergyJB> anyone
<tain> hmm
<tain> mine is symlinked to /etc/apache2/sites-available/default
<Deeps> apt-get source apache2 and pull it out from there?
<uvirtbot> New bug: #238630 in krb5 (main) "Please sync krb5 1.6.dfsg.3-2 (main) from Debian unstable (main)." [Wishlist,Confirmed] https://launchpad.net/bugs/238630
<kees> kirkland: okay, sorry, I got off on a giant merging/syncing tanget.  where were we?  I saw you updated cron's patch (i'm building that now and will upload shortly).  where does debian-utils stand?
<kirkland> kees: um, was I supposed to merge that one too?
<kees> nope, I had suggested cleanups to the debdiff.
<lukehasnoname> do you guys have jobs?
<lukehasnoname> just a yes or no will suffice
<kirkland> kees: oh, sorry, i missed those cleanup suggestions...  i'll check my logs.  were these in irc, or mail, or the bug?
<kirkland> lukehasnoname: yeah, i've got about 2 dozen cronjobs
<kees> irc, but I was really lagged, maybe irssi and/or the server ate it:
<kees> 16:39 < kees> re 234668> stuff to fix up: lose the .orig file that snuck in, leave the .gitignore that got removed, and adjust the "Maintainer" field
<kees>               in the control file.
<kees> lukehasnoname: context was "cron" or "income"?
<lukehasnoname> money, income, work
<kirkland> kees: yep, it's in my log, but wasn't addressed to "kirkland", so it slipped by me, sorry
<lukehasnoname> stuff besides Ubuntu
<kirkland> kees: I'll go fix that up
<kees> lukehasnoname: I cheat -- I have a job with Canonical.  :P
<zul> kees: big cheater :P
<uvirtbot> New bug: #225105 in apache2 (main) "[Security] Mimetypes coming from package mime-support cannot be removed " [Undecided,New] https://launchpad.net/bugs/225105
<lukehasnoname> Well that would do it. I figured one of you did. Anyway, ya, I wouldn't more than two hours a day to give to Ubuntu even if I had internet at home
<kirkland> lukehasnoname: i'm in the same boat as kees, employed by Canonical
<zul> kirkland: cheat!
<kirkland> lukehasnoname: prior to that, I worked for IBM, though I spent some of my spare time on Ubuntu
 * kirkland smacks zul@canonical.com
<zul> kirkland: hah thats not even my email address
<kirkland> zul: agreed, i was saving you from the spam prowlers, but I don't have to........
<zul> but the arguement behind is correct
 * zul kicks launchpad
<kirkland> lukehasnoname: of the 98 users in the channel, maybe a dozen or so are employed by Canonical (from a rough glance)
<lukehasnoname> not bad
<kirkland> kees: updated patch attached to https://bugs.edge.launchpad.net/ubuntu/+source/debianutils/+bug/234668
<uvirtbot> Launchpad bug 234668 in debianutils "sensible-editor/select-editor: per-user one-time interactive editor selection" [Low,In progress]
<vikram> hah a quieter ubuntu channel
<vikram> hopefully with less n00b00n2s
<vikram> new ubuntu user here, well new to .deb basically and apt-get
<vikram> yum groupinstall "Development Tools" <--  whats that on ubuntu?
<lukehasnoname> NOP DEE DOP
 * lukehasnoname laughs. Dev tools, I assume that's a meta pack for different programs on Fedora?
<vikram> yes its just an assortment of stuff
<vikram> autoconf to valgrind and everything in between
<vikram> Fedora is such a fat *** ***** these days, i need something a little learner, so i'm trying out Ubuntu Server 8
<kirkland> vikram: apt-get install build-essential will get you some stuff
<kirkland> vikram: do you know what you need to compile?
<kirkland> vikram: apt-get install devscripts has some other interesting things
<vikram> oh i just need the basics, yacc,lex,byson,gcc, m4
<zul> mathiaz: mind if I take sysklogd off your hands (mreges)
<kirkland> vikram: apt-get install ubuntu-dev-tools is also good
<vikram> says "Couldnt find package"
<kirkland> vikram: to which one?
<vikram> for build-essentials
<ScottK> It's build-essential (no s)
<vikram> woops, no "s"
<vikram> this apt-get thing is really formatted poorly,
<vikram> without proper indentation its hard to follow what it's doing
<lukehasnoname> I'm trying to find a console command that would search package descriptions for a certain word or package
<kirkland> apt-cache search "foo"
<lukehasnoname> I'm not looking for foo though, what would it be if I were looking for valgrind?
<lukehasnoname> heh
<vikram> yum list, provides a list of every package available to yum, i pipe it to a file and use it to grep for stuff i'm looking for, is there something like that for apt-get?
<zul> apt-cache
<mathiaz> vikram: apt-cache search 'stuff you're looking for'
<mathiaz> zul: sure - I've already merge sysklogd once this cycle
<zul> mathiaz: newer version
<mathiaz> zul: so you may wanna try to merge another package that hasn't been merged yet
<zul> mathiaz: yeah
<mathiaz> zul: right - but we try to merge every package at least once per cycle
<vikram> I really need a cheat sheet for using apt-get
<vikram> with corresponding commands side by side to yum
<zul> mathiaz: ill take ipsec-tools off your hands then
<lukehasnoname> die,net
<lukehasnoname> er, http://linux.die.net/man/
<vikram> something weird i noticed, if you type a wrong command in ubuntu it take a few moments to realise it and tell you, while on fedora its instant
<vikram> whys that?
<mathiaz> zul: good luck - kees security stuff breaks the build
<zul> keeeessss!!!
<ScottK> Because of a package called command-not-found where it looks up common mistakes to see if it can point you in the right direction.
<ScottK> vikram: ^^^
<vikram> ah make sense, it takes about 1.5s for a lookup though......
<mathiaz> zul: https://wiki.ubuntu.com/CompilerFlags - the first example in -D_FORTIFY_SOURCE=2 section
<vikram> ScottK, bash is build against that? how does it work?
<vikram> s/build/built
<ScottK> vikram: apt-get source command-not-found and have a look for yourself.
<vikram> why isnt there syntax highlighting in vim on ubuntu?
<vikram> says "E319: Sorry, the command is not available in this version"
<kirkland> vikram: apt-get install vim
<ScottK> vikram: By default vim-tiny is installed.  Install the full vim as kirkland suggests
<vikram> interesting
<ScottK> It was done to save space on the CD (full install on a single CD is somewhat contraining).
<vikram> now it give me some msg about buffers
<vikram> how do you turn syntax highlighting on after installing vim ?
<kirkland> ScottK: as discussed at UDS, though, I think we're looking to install a full vim on the server cd's
<ScottK> kirkland: Yes.  Please.
<kirkland> vikram: :syntax on
<kirkland> vikram: add that to your ~/.vimrc
<kirkland> (without the colon, of course)
<vikram> the colon is fine
<vikram> this is pretty anal.....
<psufan> where the hell is the stock sources.list on the ubuntu server cd
 * psufan bangs his head into the wall
<ScottK> psufan: You mean /etc/apt/sources.list ?
<psufan> yes
<psufan> thx to the retarded way kickstart works it breaks the installed system
<psufan> nm I think I found my notes
<psufan> mabye not
<psufan> is there a stock file on the cd
<Jberg88> hi I seem to have lost my 000-default file
<Jberg88> earlier someone told me to do apt-get source apache2 and get it there but i don't know how
<lukehasnoname> psufan: I think this is what you want. Maybe? http://mibbit.com/pb/JG5tuO
<psufan> no I have dapper and I need to use the one that is on the cd somewhere
<psufan> so that when this person does the pxe install method they don't end up with a half assed install
<Jberg88> help me please!
<psufan> Jberg88 you might want to try #ubuntu also this channel is kinda dead a lot
<Jberg88> yeah I know
<psufan> good luck :)
<ScottK> Jberg88: You need a sources.list for Dapper?
<Jberg88> I have 7.10
<Jberg88> gutsy
<psufan> no I need it :P
<Jberg88> oh lol
<psufan> ScottK I want the one that is on the cd though
<psufan> because the pxe boot initially won't have network access
<ScottK> Mine still has the CD settings on it, you can just uncomment them.
<Jberg88> is there anywhere else i can get help
<psufan> ScottK no I want the normal urls in it :P
<psufan> the machines don't have cdroms only the installer pxe server does
<ScottK> psufan: If you want a Dapper sources.list, I can pastebin you mine and you can adjust it as you need.
<psufan> the point was to make this a simple as possible and fix the installer so it doesn't replace all the urls with the local pxe server when it;'s finished
<psufan> sorry if I didn't make that clear
<psufan> I can get a working sources myself that's not the point
<ScottK> OK.
<psufan> appears there's a "last minute" command in kickstart that will let you do things like fix files :P
<psufan> I just need to find the origional sources.list or how it's normally created
<vikram> "ustr" is that in apt?
<vikram> i didnt see it in apt-cache search
<vikram> its a dep for libsemanage (for SELinux)
<psufan> doesn't appear to be if you are talking to me
<ScottK> If you apt-get install $PACKAGENAME the dependencies will get pulled in automatically.
<vikram> heh, libsemanage isnt there either
<vikram> so no SELinux on Ubuntu Server?
<vikram> so i guess i need to build ustr myself and ....yeah
<ScottK> vikram: Ubuntu Server uses apparmor by default.  You can install SE Linux if you want it.
<ScottK> vikram: There are packages.
<vikram> heh, its libsemanage1 and not libsemanage
<vikram> fuk! i keep typing, apt-get blah
<vikram> without the "install"
<vikram> the "-get" part is misleading
<ScottK> You can also apg-get source, so the there is a meaningful distinction.
<ScottK> apg/apt
 * lukehasnoname must google "aptitude vs. apt-get
<lukehasnoname> "
<Jberg88> hello!?
<Jberg88> help
<Jberg88> hi I seem to have lost my 000-default file  earlier someone told me to do apt-get source apache2 and get it there but i don't know how
<uvirtbot> New bug: #231047 in openssh (main) "ssh-vulnkey needs to be backported to Ubuntu 6.06 LTS" [Undecided,Fix released] https://launchpad.net/bugs/231047
<uvirtbot> New bug: #230929 in openssh (main) "Poor use of language in openssh-client key update dialog" [Undecided,New] https://launchpad.net/bugs/230929
<psufan> Jberg88 http://ubuntuforums.org/showthread.php?t=662889
<FroMaster> Recomendation Question: I'm new to the Ubuntu family but not new to Linux and would like to build a Virtual Machine for VMware ESX to run LAMP. Should I run Ubuntu Server or Ubuntu JeOS?
<emgent> heya
<mathiaz> coffeedude: hi - what's the purpose of /var/lib/likewise-open/lwidentity_privileged/pipe ? (looking at bug 235646)
<uvirtbot> Launchpad bug 235646 in apparmor "Cannot Print to PDF using Likewise-Open" [Medium,Confirmed] https://launchpad.net/bugs/235646
<porbas> !help
<ubottu> I am ubottu, the all-knowing infobot, standing in for ubotu while he's getting his haircut done, nose powdered, updated and transitioned to his new gorgeous looks in the near future ;)
<porbas> ï»¿/msg ubottu Bot
<uvirtbot> New bug: #236867 in php5 (main) "[php5][CVE-2007-2727] - same initialization vector might allow context-depented attacker to decrypt data easily" [Undecided,New] https://launchpad.net/bugs/236867
<coffeedude> mathiaz: same purpose as winbindd.  There are two types of Winbind API calls.  Some require root access and some do not.  The perms on the parent directory containing the pipe control access to calls.  You could use the kernel to get the uid of the caller but this is not portable.
 * coffeedude heads for another coffee.
<mathiaz> coffeedude: thanks - and what /tmp/.lwidentity/pipe is used for then ? for the unprivileged calls ?
<coffeedude> mathiaz: yup.
<mathiaz> coffeedude: great - thanks (and enjoy your coffee :) )
<uvirtbot> New bug: #236869 in php5 (main) "[php5][CVE-2007-2748] substr_count function allows context-dependent attackers to obtain sensitive information vi unspecified vectors" [Undecided,New] https://launchpad.net/bugs/236869
<vikram> this apt-cache search thing isnt as nice as yum list
<vikram> it prints out waaaaaaaaaay more than i need
<vikram> eg, and i need to install some lex'er, so in fedora i'd yum list > yum.list, grep -i lex yum.list
<vikram> then yum install something that looks interesting
<vikram> if i do apt-cache search lex
<vikram> i get a lot of output, and a lot of it is unrelated
<vikram> heh, just typing the command in the console is more useful than apt-get
<lukehasnoname> vikram: There is a switch to make it less verbose
<lukehasnoname> -n Only search on the package names, not the long descriptions.
<lukehasnoname> -q Quiet; produces output suitable for logging, omitting progress indicators. More q's will produce more quietness up to a maximum of 2. You can also use -q=# to set the quietness level, overriding the configuration file. Configuration Item: quiet.
<lukehasnoname> read the apt-cache man page for more info, but you should find what you're looking for.
<kees> zul, mathiaz: let me know if I can help at all.
<kees> kirkland: okay, cron uploaded, building debianutils now
<mathiaz> kees: http://irclogs.ubuntu.com/2008/05/09/%23ubuntu-server.txt - search for ipsec-tools
<mathiaz> kees: that was my last attempt to merge ipsec-tools
<kees> mathiaz: odd, with the (void) cast I'd expect no problem.
<mathiaz> kees: exactly ;)
<mathiaz> kees: from there on I'm stuck
<kees> errrg yytext, yyleng... is that .c file lex-generated?
<mathiaz> kees: I don't know
<kees> mathiaz: if/when people get stuck, it's fine to set a -U_FORTIFY_SOURCE into the build and note it (with some details) at the bottom of that page.
<mathiaz> kees: right - that's what I was thinking to do
<mathiaz> kees: but wanted to have your input on this first
<mathiaz> kees: as noted in the wiki page
<lukehasnoname> My boss' bag got stolen off his desk
<lukehasnoname> <_<
<kees> the "exceptions" list can be used for people wanting to do security team work (I'll add it to our roadmap)
<mathiaz> kees: there may be a simple solution that I don't know of to make it compile.
<kees> mathiaz: cool, thanks.  I'm really not sure about that error -- though there have been other "bugs" with fortify.  I'll try to reproduce a simple test-case
<kees> mathiaz: oh... crap.  (void) actually doesn't work even outside of a macro.
<kees> it really wants an assignment.  bleh.
<kees> mathiaz: if you really want to ignore it:  if (fwrite(...)) {}
<kees> kirkland: debianutils uploaded
<mathiaz> kees: about bug https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/135226 - WDYT about removing the gaim profile completly ?
<uvirtbot> Launchpad bug 135226 in apparmor "Apparmor profile for Gaim needs updating to Pidgin" [Wishlist,Triaged]
<kees> mathiaz: does it do harm leaving it?
<mathiaz> kees: well - it needs to be updated
<mathiaz> kees: gaim doesn't exist anymore.
<mathiaz> kees: it's a profile in extra/.
<kees> mathiaz: yeah, I figure while doing the apparmor bump we can go through and drop stuff
<mathiaz> kees: I'm doing some updates now - but no apparmor bump yet.
<mathiaz> kees: just going through the bugs and get the low hanging fruits.
<kees> okay, sounds good.
<kirkland> kees: awesome, you da man
#ubuntu-server 2008-06-10
<maw_> is likewise-open the best option for AD authentication/services?
<jjesse> maw_: that's what ive heard but never used it
<jjesse> so i cant tell you
<maw_> ya I briefly tried it and it mostly owrked out of the box
<nxvl> kirkland: ping
<kirkland> nxvl: hey, how are you?
<kirkland> nxvl: got your email, thanks for helping
<nxvl> kirkland: fine, did you reveived my e-mail?
<nxvl> that's what i was wondering
<nxvl> :D
<nxvl> so
<kirkland> nxvl: so i added a section to https://wiki.ubuntu.com/EncryptedPrivateDirectory , "Getting Involved"
<nxvl> any update, branch or page?
<nxvl> ice
 * nxvl checks
<nxvl> nice*
<kirkland> nxvl: i'm doing all of my work upstream, with the maintainer's git repo
<kirkland> he's responsive (and a friend of mine), i submit patches to the list, he applies to the upstream repo
<kirkland> when he rolls a new version, the debian maintainer creates a new debian package
<nxvl> sound good
<kirkland> nxvl: i'll ping the debian maintainer if it lags a week or so
<nxvl> just code not packaging
<nxvl> :D
<kirkland> nxvl: well, actually, the next thing to do is MIR for ecryptfs-utils
<kirkland> nxvl: have you done MIR's before?
<jjesse> is a MIR a main inclusion request?
<kirkland> jjesse: yes
<jjesse> trying to learn the lingo
<jjesse> heard that a lot in here
<nxvl> we will need to work on some firefox, ssh and gpg packaging for the .$package directories
<nxvl> kirkland: i have participate in some
<kirkland> nxvl: cool, so i think we need to MIR ecryptfs-utils, and two of its dependencies, trousers and pkcs11-helper
<kirkland> nxvl: links on the https://wiki.ubuntu.com/EncryptedPrivateDirectory page
<kirkland> nxvl: i have placeholder MIR pages for all 3, not filled out yet
<kirkland> nxvl: can you help with that?
<nxvl> ok
<nxvl> i have 2 hours in a really boring class
<nxvl> so i have 2 hours to work on it
<nxvl> :D
 * nxvl starts
<kirkland> nxvl: ;-)
<nxvl> kirkland: you have just copy & paste the template, didn't you?
<kirkland> nxvl: yup
<nxvl> btw, did you got any answer from the hotel about you camera?
<ajmitch> more lost/stolen stuff from UDS?
<kirkland> nxvl: they don't have it :-(
<kirkland> ajmitch: yeah, missing camera, left on the piano on the 3rd floor
<ajmitch> it could be worse, like montreal
 * ajmitch lost laptop bag during breakfast, left table for only a minute or so
<jjesse> ajmitch: sorry to hear about that, that sucks
<ajmitch> jjesse: yeah, it was more than 2 years ago now, rather annoying at the time
<jjesse> ah missed scroll
<jjesse> thought it was breakfast today
<ajmitch> nope, my laptop is on the desk beside me here :)
<ajmitch> I was just recalling UDS back in montreal
<jjesse> wow you have had terrible luck with uds
<kirkland> ajmitch: did you have your drive encrypted?
<ajmitch> no, so I got gpg keys revoked & replaced
<ajmitch> at least I had people around who could sign a new key
<ajmitch> this is a good reason for the spec mentioned above :)
<kirkland> ajmitch: you would have benefited from an encrypted ~/Private directory, with your gpg keys there ;-)
<Resistol> Hi all - I've never worked with a server before, and I have to set one up at my job that will serve about 10 PCs for now - Think a linux server would be as easy to setup/work with as windows server 2003?
<kirkland> Resistol: serve what?
<kirkland> nxvl: okay, i've subscribed to all 3 of those MIRs...  you wanna do the same, so that we stay in sync?
<jjesse> Resistol: depends on what you want it to do
<Resistol> For right now, it would really just have shared folders and permissions to take care of, with an office housing about 10 windows pcs
<jjesse> with samba you could do it
<jjesse> though sharing would be natively done w/ windows 2003 server
<Resistol> so it would be a file server, maybe a printer server
<jjesse> depends on if you have an extra license of server 2003 or not
<nxvl> kirkland: yep i will in a minute
<kirkland> Resistol: yup, samba
<nxvl> ppc is still supported?
<Resistol> The thing with windows is the licenses are thousands of dollars, which is crap
<kirkland> nxvl: by the community
<nxvl> kirkland: i mean officialy (that's what we care about)
<jjesse> Resistol: that's why i asked if you had the extra license or not
<kirkland> Resistol: you're looking in the right place, then.  Linux is free ;-)
<jjesse> if you odn't then yes you can meet the needs of sharing files and folders out via samba
<kirkland> nxvl: yeah, not for our purposes
<nxvl> kirkland: so only i386 and amd64
<Resistol> thanks guys - here's i guess the more important question then - which linux distro makes setting up a simple server easiest?
<nxvl> didn't it?
<kirkland> nxvl: right
<kirkland> Resistol: well, we're a bit biased here ;-)
<kirkland> Resistol: perhaps this wiki page will help you: https://help.ubuntu.com/community/SettingUpSamba
<Resistol> hah i figured kirkland, i've seen a lot of forums mentioning fedora - but i mean I only have about 4 months experience with linux, and i just used Ubuntu Hardy as a desktop - no server stuff
<kirkland> Resistol: if you're using Ubuntu on the desktop, and it's going well for you, you should be able to handle the server fine too ;-)
<jjesse> if you feel more comfortable with needing a GUI then you could use a hardy desktop install and then could configure samba that way if you wanted to
<Resistol> Thanks kirkland - is the file sharing and permissions stuff all working now in hardy?  When I tried the "right click -> share this folder" method using a Hardy Beta version a few months ago, none of it was working right
<nxvl> brb
<Resistol> Oh, and is there a GUI for setting up an FTP server?
<Resistol> I used Serve-U on my windows 98 box about 9 years ago, but haven't touched anything like it since then.
<jjesse> Resistol: with the installation of ubutnu server there is no desktop, no gui
<jjesse> Resistol: so if that is important, you can install ubuntu-server then sudo apt-get install ubuntu-desktop to get all the graphical stuff
<Resistol> thanks jjesse - could i do it the other way around?  Start with desktop and add in server after?
<kirkland> Resistol: sure, you can just install the server packages you need
<nxvl> kirkland: i have no ecryptfs-setup-confidential binary
<Resistol> Is it easy to setup virtual machines and "play network admin" ?  I think it would help me to practice by having maybe 5 virtual PCs that I could try to create a network for
<nxvl> kirkland: or i need to reboot my computer or something
<Resistol> And can Linux do roaming users?
<Jessica> Hi Folks.  I'm trying to get vnc up and running.  I've found this:  http://www.ubuntu-unleashed.com/2007/10/setup-vnc-server-for-ubuntu-gutsy.html, and it seems to work well except it needs me to start a session -after- i log in.  I'd like to be able to connect using VNC, and then login.  Can anyone help?
<ajmitch> Jessica: I believe it may be possible to configure gdm to allow remote access with Xvnc
<Jessica> ok, so "sudo gdmsetup"?
 * ajmitch isn't sure how supported that option is, it's been a few years 
<ajmitch> yeah, you can look in there
<Kamping_Kaiser> not really a server question is it?
<ajmitch> Kamping_Kaiser: depends, it's setting a system up as a terminal server of sorts
<Jessica> kamp, i'm running it on server.  sorry if I'm in the wrong place.
<Kamping_Kaiser> ajmitch, by the time is 'go configure gdm' i dont think heres the place anymore ;) (thats just imo of course ...)
<Jessica> but regardless, think of it this way.  I'm one more user you can sway away from Darth Gates...  "feel the force, Jessica"....
<nxvl> kirkland: nevermind i was testing on my hardy machine, just found it
<Jessica> so, does one of you nice jedi knights want to help me get it working?
 * ajmitch has given the extent of his outdated knowledge on that topic :)
<Jessica> *smiles*
<ViTa> hi
<ViTa> enyone talk un spanish?
<kirkland> nxvl: yeah, this is intrepid only
<Kamping_Kaiser> ViTa, #ubuntu-es ?
<kirkland> nxvl: but there's a newer version
<nxvl> kirkland: i have my intrepid image up and running
<kirkland> nxvl: i'm waiting on the debian maintainer to package the -46 version
<nxvl> kirkland: so i'm testin there
<nxvl> testing*
<kirkland> nxvl: cool, there's some better features/fixes in the 46 version
<kirkland> nxvl: check out the git repository
<nxvl> ok
<nxvl> will check
<kirkland> nxvl: you could really just pull those scripts out of the git repo
<kirkland> nxvl: or just wait for the package sync's to happen
<kirkland> nxvl: i emailed the debian packager today
<nxvl> it's a problem to be the only packager in my country
<nxvl> i will be the only one running the Global Bug Jam while teaching the people how to package
<kees> well that's why I got work done today, my virus scanner broke and 4xx'd all my afternoon email.  *sigh*
<nealmcb> kees: it's a feature....
<kees> nealmcb: heh, totally
<ajmitch> I've heard that one before...
<kees> total PEBCAK too.
<emgent> hello
<aslan> hey all....   anyone know of an app/script that will diff files on two remote servers?
<owh> aslan: Are both the files on the same server, or are you trying to diff between two servers?
<aslan> owh: between two servers.
<aslan> I had a perl script at one time that did it.
<aslan> but I can't find it again...
<pteague> at work it looks like i'm going to have to use vmware server to set up *buntu as my desktop at work... winders is required as the base OS :(  anyways, i was wondering if jeos kernel might cause any problems with being used for the desktop?
<owh> pteague: Interesting question. Never tried it.
<milestone> hi all
<milestone> how can i determin the character encoding of a textfile
<milestone> like iso or utf
<pteague> was just wondering because somebody mentioned to me that server kernel probably wouldn't be a good idea for a desktop due to the differences in the way they handle instructions or something
<owh> pteague: Hmm, well, first of all the JEOS kernel != server kernel. Second, a kernel is generally compiled based on the hardware on which it is expected to run, so you might not expect a web-cam or a graphic tablet on a server, but you would on a workstation. As for handling instructions, I'm not sure what you or "somebody" was trying to say.
<kraut> moin
<CrummyGummy> Hi all, I have a process running /USR/BIN/CRON. Now that file doesn't exist anywhere. Is that normal?
<CrummyGummy> I think I've got a reinstall coming my way.
<InsomniaCity> CrummyGummy: to me that would be a sign my box has potentially been compromised..
<CrummyGummy> InsomniaCity: Thanks, I'm treating it like that at the moment. Somehow my one eth has been renamed as well. Its all very suspicious.
<_ruben> messages with /USR/BIN/CRON in the logs are cronjobs
<CrummyGummy> Messages in ps aux?
<_ruben> most likely the same .. not have that many long-running cronjobs .. so cant double check atm
<CrummyGummy> I'm  watching for more but this job has been running since May 6.
<CrummyGummy> _ruben: Your right,  its a stuck cron job. Wierd though.
<RockHound> hi everyone ... a little off topic, but how do you manage your ssl certificates sanely?
<folke> Is there any news about vmware-tools and hardy?
<folke> Or must we still use any-any patch?
<folke> Or perhaps is it more safe to use gutsy
<ivoks> hi all
<sommer> morning ivoks
<ivoks> sommer: it's almost 2PM :p
<sommer> heh, feels like the day is just beginning
<MDFC> ola alguem poderia me ajudar na insalaÃ§Ã£o do ubutu
<ivoks> right...
<MDFC> left
<RockHound> folke: vmware-tools can be used with openvmtools ... vmware server modules is a different story.
<RockHound> ivoks: any news about the openldap update/patch?
<MDFC> do you speak portuguese
<MDFC> good vmware it?s crazy...very crazy
<MDFC> shet...
<MDFC> see...
<MDFC> atention..
<ivoks> RockHound: zul is taking care of it...
<RockHound> thx
<ivoks> RockHound: i'm not sure what's the decission :/
<MDFC> somebody would know here to say as I install ubutu somebody says Portuguese here
<ivoks> MDFC: english only; try ubuntu-br
<MDFC> yes
<MDFC> face thanks a lot plus you saying only in English I do not obtain to understand everything I go to look a room in Portuguese
<ivoks> MDFC: ubuntu-br should be a good start
<MDFC> which its country
<ivoks> brasil
<MDFC> fala em portuguÃªs
<MDFC> ou melhor escreve em portuguÃªs
<MDFC> ok obliged until more seeing
<_ruben> hmm .. iscsi is sweeet .. now to figure out how to properly get them targets automounted :)
<ScottK-palm> What time is ther server team meeting today?
<ivoks> 15 UTC
<ivoks> in 2 hours
 * ScottK-palm got called away for $WORK.
 * ScottK-palm will read the logs and hopes specs will get discussed even though je's not there.
<ScottK-palm> je's/he's
<lukehasnoname> be there
<lukehasnoname> it's that simple
 * ScottK-palm may be able to get online at the customer site, but definitely don't wait.
<ogra> $WORK is overrated ... just fills your fridge and you have to see how to get rid of all that stuff again :P
<ScottK-palm> Good luck.  See you later.
<_ruben> ah .. changing the order of bootscripts did the trick
<leonel> ogra: the other way is to wait for the fridge stored things evolve an get out by them selves ..
<ogra> uuuh
<ogra> the problem with that is that you cant really use the fridge during that growing period
<leonel> right
<lukehasnoname> It's quiet
<lukehasnoname> too quiet
<lukehasnoname> Watch out, Fox, it's a trap!
<pteague_work> i don't like using windows as a base, but at work i'm currently stuck with it...  the box is a core 2 duo... any ideas as to whether i should set up my linux virtual machine under vmware as having 1 cpu or 2?
<lukehasnoname> Does vmware have trouble running multicore VMs?
<_ruben> 2 hardly ever gives performance improvement over 1, it actually decreases performance most of the time
<pteague_work> i don't know on vmware with multicore
<_ruben> start with 1 vcpu, and if performance is a problem, you could try with with 2 vcpus, but dont expect wonders or even anything from it
<pteague_work> k, sounds like you know what you're talking about, which was what i was looking for :)
<lukehasnoname> ouch :(
<_ruben> pteague_work: its rather logical ... 1 vcpu : your vm only requires 1 real cpu to be avail .. 2 vcpu : your vm requires 2 real cpus to be available ... available as in free cpu cycles
<_ruben> quite a difference is scheduling overhead
<pteague_work> well here's the issue... at work i'm forced to use windows because somebody else may have to use my machine (i'm not sure how they'll be able to figure out to get vmware out of full screen mode, but that's another issue)...  so i'll be using vmware to install ubuntu & then using that as my desktop
<pteague_work> not sure if i'll set up any other virtual machines or not
<Zubbb> hello, someone is using hardy php5 (version 5.2.4-2ubuntu5.1)? it seems like it has a bug interpreting HEREDOC string syntax... can someone try and see if this ( http://pastebin.org/42803 ) runs well on it?
<psufan> is there a command to regenerate the stock ftp or http urls for sources.list
<_ruben> pteague_work: 1 or more vms isnt really the issue (but does mittigate it a bit), the vm will also have to compete with your host os for cpu cycles
<psufan> I want to fire off the command at the last minute during the install in my kickstart
<psufan> else the stupid kickstart or ubuntu installer makes sources.list point to the local pxe boot server which won't be around
<_ruben> psufan: why not just stash the default sources.list on ur http/ftp/nfs/whatever server and copy it over ?
<psufan> i'm afraid of having to document those steps :P
<psufan> but I guess if I got no choice
<_ruben> psufan: im guessing the file's created by the installer, and those commands might not be available in a running system
<CrummyGummy> :q
<CrummyGummy> eish
<_ruben> :q!
<psufan> well I don't know that but it would be easier to give them a working install
<CrummyGummy> wrong window
<lukehasnoname> Would it be beneficial to me to use JeOS on a xen environment? It's touted as omptimized for KVM and VMware.
<_ruben> lukehasnoname: i'd say it does .. it uses a kernel with virtualization in mind, and a very small (disk and memory) footprint
<lukehasnoname> cool, I figured its slim size would help in any case. Now, it still has all server functions available, just a minimized footprint due to less drivers, streamlined kernel?
<_ruben> lukehasnoname: yeah .. and low HZ and stuff
<pteague_work> ah, JeOS... that brings up a question i asked last night... would the kernel be ok to run a desktop?  i.e. should i set up my vmware desktop using jeos & 1 of the desktop live CDs?
<_ruben> pteague_work: that'd be a bit of a corner case .. im *guessing* it'd work, but wouldnt know for sure
<pteague_work> k, i'll stick with the desktop then
<lukehasnoname> Also, xen vs. kvm: Your opinion.
<lukehasnoname> or abstain, but back up your statements if you can
<_ruben> the choice between any virtualization product depends on both personal preference, technical requirements and budget
<lukehasnoname> _ruben: google is my friend. Looking at http://kvm.qumranet.com/kvmwiki/FAQ, kvm supports live migration, which is good. It also seems to be less blky (so it claims).
<lukehasnoname> its advantage is that it's supported (as in advocated) by the core linux community. However, I have a book on xen, soooo... >_>
<lukehasnoname> blky/bulky.
<owh> How quaint, lukehasnoname has a book.
<owh> <grin>
<lukehasnoname> erm, ebook o_o Seriously, I learn better from books that are professionally written and on paper. eBooks are alright, but real books are just better for me. FreeBSD 6 Unleashed, Ubuntu Server Administration, C# 2.0...
<lukehasnoname> Not that I don't have some really helpful ebooks... about 300 of them
<_ruben> lukehasnoname: im more of a vmware person myself, but like already stated: its a matter of personal taste among other things
 * owh put all books into storage before starting a trip around Australia, now all books are on a mobile phone :)
<_ruben> still hoping on getting a decent arrangement with vmware for their esx hosting product .. otherwise we might have to resort to using m$ hyper-v or some shit
<owh> _ruben: I have been a VMware "person" for a while also, but since support seems to be decoupled from the kernel version, I'm beginning to regret it.
<_ruben> owh: not sure what you mean?
<owh> _ruben: Well, from a maintenance perspective it needs to be apt-get installable, but the lag between release is getting ridiculous.
<lukehasnoname> but omgz0rz vmware isn't FOSS!!!111!!one! I would like to keep in line with the "libre" philosophy, whenever practical. Owh: Ya, That's why my paper:ebook ratio is about 1:10. I move a few times a year.
<lukehasnoname> Have either of you TRIED xen or kvm before? Had any experience to reflect on?
<_ruben> tried both, but never on decent hardware .. didnt like them very much
<_ruben> vmware is *very* strong in its management toolset
<owh> I realise that there are those who install from source, but the skill of developers leaves me with little confidence that their make install doesn't overwrite stuff without notification.
<owh> _ruben: Yes, I'll grant you that.
 * owh suspects that since Ubuntu has gone the kvm route, some stuff will begin to happen there too.
<_ruben> true
 * owh has not yet had a spare moment to actually start looking at kvm in anything other than a cursory fashion.
<cemoi> hi
<_ruben> but xen and kvm are still a bit "tricky" when it comes to virtualize windows systems
<cemoi> don't speking in french here?
<owh> cemoi: CaVa?
<CrummyGummy> Hi again. Any ideas why udev would keep renaming my nics?
<_ruben> only english here
<cemoi> mm
<_ruben> CrummyGummy: under which circumstances does the renaming happen ?
<cemoi> no french suport for the ubuntu server
<cemoi> ?
<lukehasnoname> xen has a better name though. The letter "x" represents "coolness". Point taken, owh, and my point as well. kvm is now an official part of the kernel, so it should be supported and documented well.
<owh> cemoi: Well, if you have a question and you're French, then we can help you.
<cemoi> ok thank's a lot
<owh> cemoi: Even if you we're Canadian :)
<owh> cemoi: Or Dutch even.
<cemoi> uu o_O
<cemoi> pas franÃ§ais alors?
<owh> Nope, je parle une petit Francais, but my keyboard doesn't support it :)
<cemoi> mm ok
<owh> s/petit/petit peu/
<Deeps> !fr
<ubottu> Ce canal est en anglais uniquement. Si vous avez besoin d'aide ou voulez discuter en francais, merci de rejoindre #ubuntu-fr ou #kubuntu-fr
 * _ruben hasnt spoken french since high school, even that hasnt been *that* long
<owh> C'est bien Deeps :)
<owh> My French is from the same schooling system as yours _ruben :)
<_ruben> owh :)
<owh> And German too :)
<_ruben> german class i dropped the moment i had a chance
<Deeps> je ne parle francais
<_ruben> french was next
<cemoi> mm ok ok
<CrummyGummy> I've update /etc/udev/rules.d/70-persistent-net.rules but it doesn't seem to be assigning the right names to network cards.
<cemoi> I try to learn more about the introduction of quotas on a server webdav es que ubuntu server expect something?
<owh> _ruben: Ditto.
<_ruben> Deeps: indeed, since even that line is wrong :)
<lukehasnoname> Parla vos anglese?
<_ruben> its: je ne parle pas francais
<_ruben> afaik
 * Deeps shrugs
<Deeps> i can understand better than i speak ;)
<_ruben> hehe
<Deeps> my gf's belgian and her family only speaks a bit of english and spanish, so i've had to learn a lot
<Deeps> (cuz they speak french)
<_ruben> belgian's are "odd" that way :)
<Deeps> very easy to understand though
<Deeps> much easier than the french i've found
<Deeps> the accent, at least
<Deeps> from an spanglish perspective, anyway
<cemoi> we don't no?
<cemoi> you don't no sorry
<_ruben> CrummyGummy: nuking that file will have it recreated at next boot .. and shouldnt change unless there's any hardware changes
<owh> cemoi: To get to the point, what issues are you having?
<CrummyGummy> Wow, huge lag.
<CrummyGummy> reading...
<CrummyGummy> I just restarted udev and it renamed eth0_rename to eth0_rename_ren
<CrummyGummy> That should've been eth0 in the first place. The mac address is right.
<cemoi> owh, It can not inherit quotas on the file system by users as an FTP server. The webdav does not support it we can not therefore not limit users in quantities of data through the quotas.
<owh> Anybody got any suggestions for cemoi about this?
<uvirtbot> New bug: #238872 in php5 (main) "php5 fails to interpret a valid script using heredoc string syntax" [Undecided,Confirmed] https://launchpad.net/bugs/238872
 * owh has not played with quota's
 * _ruben never worked with quotas
<_ruben> heh
<owh> I'm intrigued by that bug report.
<_ruben> CrummyGummy: restarting just udev is a tad tricky .. a full reboot usually does a better job at renaming such things
<CrummyGummy> I though I had it fixed. Rebooted and it was back to wierdness.
<cemoi> the problem is that a user just very well overwhelm the disc then it has no limits
<CrummyGummy> http://www.pastebin.ca/1043884
<CrummyGummy> Gonna reboot and see what happens.
<owh> Hmm, well that php bug seems to also not work for me, that's a first :)
<cemoi> there are people who have servers webdav under ubuntu here?
<uvirtbot> New bug: #238878 in likewise-open (main) "Change likewise-open default Domain separator" [Undecided,New] https://launchpad.net/bugs/238878
<cemoi> mm :,(
<owh> cemoi: Don't despair. Send your question to the ubuntu-server list and see what response you get.
<cemoi> forum exist?
<lukehasnoname> ubuntuforums.org
<cemoi> for servers only
<lukehasnoname> also the mailing list, ubuntu-server@lists.ubuntu.com
<cemoi> this will be equivalent to this but for openoffice
<cemoi> http://workspace.officelive.com/?lc=1036&cloc=fr-FR
<cemoi> ok
<CrummyGummy> _ruben: This is like a lottery. Every time I reboot my if devices are named differently.
<lukehasnoname> a lot of server devs read that list
<_ruben> CrummyGummy: strange
<cemoi> ok ok thank's
<CrummyGummy> It worked last time. The last 2 times its different.
 * owh wonders if there is a log that shows what is renaming things for CrummyGummy
<nealmcb> server team meeting in #ubuntu-meeting now
<CrummyGummy> nealmcb: Are you involved in the commercial side of things?
<ScottK2> Maybe dendrobates will come to the meeting and talk about specs since mathiaz bailed out on us.
<owh> ScottK2: Actually bailed, or just freenode fun?
<ScottK2> All the same to me.
<ScottK2> nijaba claims he's coming.
<owh> Well, one is intentional :)
<CrummyGummy> is #ubuntu-meeting  closed?
<lukehasnoname> no
<CrummyGummy> so I can lurk?
<owh> CrummyGummy: You bet
<CrummyGummy> cool
<ogra> you can even speak if you want:)
<CrummyGummy> more cool
<CrummyGummy> aaarg, nuf with the udev renaming already.!!!!
<thefish> anyone here use fwbuilder?
<InsomniaCity> played with it many years ago
<thefish> its really useful most of the time! im getting some pain from it, trying to send a firewall, and its adding ? to the command :/
<InsomniaCity> well, you could always post-process it and strip the ?s
<jero> hi
<jero> does anyone know why apache2 is not honoring "HostnameLookups Off" on 8.04 ?
<jero> thus logging with ip resolved to names
<thefish> InsomniaCity, ye, not ideal though :/
<InsomniaCity> jero: are you doing it in the right vhost/dir/whatever?
<jero> InsomniaCity: it is in the global section
<mathiaz> jdstrand: could you drop by #ubuntu-meeting
<mathiaz> jdstrand: ?
<kees> kirkland: I actually think a more correct fix (for the next upload, I just uploaded your other patch now), would be to do a 2>/dev/null || true on the "." lines
<kees> i.e.   . ~/.selected_editor 2>/dev/null || true
<kees> in both places where it's done
<kirkland> kees: interesting....  okay
<kirkland> kees: i was purposefully trying to avoid touching sensible-editor again
<kirkland> kees: but that looks clean too
<kees> that way it'll catch stupid race conditions where -r is true, the file is deleted, and then it sources it.
<kees> yeah, do it for the next upload, or keep it on the TODO list -- getting it into the "best" possible shape is fine even if it takes a few uploads.  :)
<kirkland> kees: i have the source in front of me
<kirkland> kees: i'll just debdiff again
<jero> anyone has apache2 running and noticed it does not respect the HostnameLookups directive ?
<matrix> hello
<kirkland> kees: patch attached to the bottom of https://bugs.edge.launchpad.net/ubuntu/+source/debianutils/+bug/238879 fixing the issue you just mentioned
<uvirtbot> Launchpad bug 238879 in debianutils "sensible-editor fails when there is only one alternative" [Low,Fix released]
<kirkland> kees: (potential issue)  :-)
<mathiaz> Koon: not problem
<mathiaz> Koon: the color means how long since the last merge IIRC
<mathiaz> Koon: or may the priority of the package
<mathiaz> Koon: anyway - it's not so relevant
<matrix> how can i block avi files with FilesMatch  on ubuntu ?
<mathiaz> Koon: I'd suggest that you start by the universe list of outstanding merge
<mathiaz> Koon: and pick a package that you're interested in
<Koon> mathiaz: sure
<mathiaz> Koon: I'll go through the list today and send a selection of packages you could start working on
<mathiaz> Koon: some of the merges are easier than others
<kees> kirkland: doing that in ()'s means the "." would happen in a sub-shell
<kirkland> kees: ew, and not bubble up
<Koon> mathiaz: ok, I'll catch your mail when I start tomorrow
<Koon> see you all tomorrow
<kees> cya Koon
<psufan> is there a command to regenerate the stock ftp or http urls for sources.list
<psufan> I want to fire off the command at the last minute during the install in my kickstart
<psufan> else the stupid kickstart or ubuntu installer makes sources.list point to the local pxe boot server which won't be around
<kirkland> kees: testing it out here, looks like I can just remove the parens
<kirkland> kees: order of operations holds as is
<kees> kirkland: okay, cool
<kirkland> kees: updated patch attached to that bug
<kirkland> kees: thanks for the immediate reviews ;-)
<kees> kirkland: no problemo :)
<kees> kirkland: changelog has "hardy" rather than "intrepid".  :P
<kirkland> kees: arrggggggg, sorry
<kirkland> kees: vim really needs to be patched :-/
<kees> vim?  "dch -i"  :P
<kirkland> kees: attached to bug
<kirkland> kees: well, vim is still highlighting "intrepid" as erroneous
<kirkland> nxvl has a bug and a patch for that one
<kees> kirkland: hm, my vim doesn't do that...
<kirkland> kees: are you running intrepid or hardy?
<kees> intrepid
<kirkland> kees: well, i'm still on hardy on my laptop
<kees> ah-ha, okay
<kirkland> i'll be switching to intrepid soon
<mathiaz> kirkland: you can use chroots to do your work
<kirkland> mathiaz: i set up pbuilder, but I ran into some issues
<kirkland> mathiaz: i need to give that another shot
<mathiaz> kirkland: I'm using schroot
<kees> mk-sbuild-lv!  :)
<kirkland> mathiaz: wiki page for setup instructions?
<mathiaz> kees: do you have more than one chroot per release ?
<mathiaz> kees: ie have an intrepid and intrepid-sbuild chroot ?
<mathiaz> kirkland: https://help.ubuntu.com/community/SbuildLVMHowto?highlight=(Sbuild)
<kirkland> mathiaz: ah, yes, sbuild
<kees> mathiaz: I have 1 chroot per release per arch, so i386 and amd64 of dapper, feisty, gutsy, hardy, intrepid
<mathiaz> kees: I've started to use chroots to work in it but found that it lacks some tools
<kees> mathiaz: and the same again in kvm.  :P
<mathiaz> kees: so I've started to install the default tools in the chroot -source
<kees> mathiaz: ah-ha, yeah
<mathiaz> kees: but then build dependencies can be wrong and not detected
<kees> mathiaz: since my main machine is intrepid, I just do dev work there
<eix> any idea why I can only see 438MB of RAM when having a 1GB module installed?
<kees> mathiaz: I like that approach.  even more disk space used!  :P
<eix> well..various modules up to 1GB
<mathiaz> kees: such as - I have debhelper installed in my -sources but I'd like to have sbuild use a minimal chroot
<mathiaz> kees: how do you do dev work for -dapper for ex ?
<mathiaz> kees: or to put it another way - have you ever been bitten by the fact that your -source chroot have more packages than the ones installed on the buildds ?
<eix> this is my "free -m": http://rafb.net/p/zGSQxJ23.html
<kees> mathiaz: almost all the work I do for non-devel is patching, so the deps don't change.  if I'm in a situation where I need to repeatedly build stuff, I'll just enter a schroot and install the deps first and do work until I'm done.
<kees> mathiaz: my workflow for those things isn't improved much by having a separate chroot with lots of stuff pre-installed
<mathiaz> kees: ok - but your -intrepid chroot is minimal
<kees> mathiaz: right
<kees> eix: a lot of things could contribute to that.  I'd start by finding the "Memory:" line in your dmesg or /var/log/kern.log file
<kees> eix: Memory: 8100612k/9109504k available (2466k kernel code, 204488k reserved, 1309k data, 316k init)
<kees> see if "reserved" is huge
<kees> if that's the case, check your BIOS settings
<kees> beyond that, it's pretty hardware-specific
<eix> kees: let me check that
<kees> eix: also, see "sudo lshw" and look for DIMM entries
<danshearer> hello all. Has the topic of 'should we install syslog-ng as default syslogger' ever come up?
<mathiaz> danshearer: I've looked into that some time ago
<mathiaz> danshearer: I'd rather go with rsyslog
<eix> kees: Memory: 441072k/457664k available (2255k kernel code, 16052k reserved, 1032k data, 384k init, 0k highmem)
<mathiaz> danshearer: syslog-ng syntax is not compatible with sysklog
<mathiaz> danshearer: and the license is a bit of a problem (dual licensed)
<mathiaz> danshearer: the licensing is a minor issue though
<danshearer> mathiaz: not quite so, the license is a problem because it is GPLv2=
<eix> kees: in lshw I can see some UNCLAIMED memory blocks...that looks creepy
<danshearer> mathiaz: so it is difficult to integrate components from projects like Samba
<mathiaz> danshearer: OTOH rsyslog is GPL and the syntax is compatible with the current syslog syntax, which means it's easier to upgrade
<mathiaz> danshearer: GPLv2= for rsyslog ?
<danshearer> mathiaz: I didn't realise rsyslog was a contender, at a quick look it does what I'm looking for
<danshearer> mathiaz: there are two main points I think: backends into databases and very simple active-active failover config
<mathiaz> danshearer: I've looked into rsyslog last year when fedora went with it
<mathiaz> danshearer: there are a couple of threads on the fedora mailing list when they compared syslog-ng and rsyslog
<eix> kees: lshw -> http://rafb.net/p/tWj9yb95.html
<danshearer> mathiaz: I think Ubuntu Server should be shipping as many active-active failovers as possible out of the box
<mathiaz> danshearer: both are available in ubuntu universe
<danshearer> mathiaz: I'll go and look!
<eix> ANY IDEA why I have a disabled CPU and RAM?
<danshearer> mathiaz: btw in the context of syslog active-active means all systems log to all sysloggers, but no duplicates are stored
<eix> ok, the CPU slot is empty - that's ok
<danshearer> mathiaz: and all nodes compare new messages with all other nodes so all nodes should have a complete log
<danshearer> mathiaz: haven't done this with n > 2 though but still it is a very useful very simple facility
<danshearer> mathiaz: the trick being not to have an infinite logging loop :-
<kees> eix: I'd guess BIOS settings or motherboard incompatibility.
<eix> kees: yes
<mathiaz> danshearer: well - there is a scalability problem with n > 2
<eix> kees: it's a pretty new server, so I also fear MB incompatibility
<eix> kees: the 2nd 512MB DIMM block is clearly not being seen
<mathiaz> danshearer: I think it makes more sense to store all the logs on all the nodes and than use a tool to do post-processing of logs
<danshearer> mathiaz: sure, in any service. But there are well-known algorithms for addressing this.
<mathiaz> danshearer: when you want to visualize the logs, then you can correlate the events.
<danshearer> mathiaz: and with syslog, n=2 is pretty good and a lot better than most people have today
<mathiaz> danshearer: sure - the algorithms exists, but have problem when scaling to more than 2
<danshearer> mathiaz: and that's the issue "use a tool" is where most people fall down
<mathiaz> danshearer: there is more and more overhead
<kees> eix: check your mobo documentation, you may need to use matched pairs, specific locations, etc, etc.
<danshearer> mathiaz: and given that you can do n=2 for no noticeable cost, why not?
<mathiaz> danshearer: sure
<danshearer> mathiaz: ah, this is in the context of centralised logging though.
<mathiaz> danshearer: I'm not convinced that figuring out an infrastructure so that you log to every node and you make sure that events are stored only once is worth
<danshearer> mathiaz: in my experience most centralised logging gets very messy over time. Even that word 'time' is a big problem!
<psufan> eix
<psufan> is this a i810 or i815 chipset by chance
<psufan> sdram or ddr?
<danshearer> mathiaz: Nevertheless, do you agree that if keeping two logging servers exactly in sync costs nothing, that it is a useful facility?
<mathiaz> danshearer: what do you mean by in sync ? there won't be any duplicates logged ?
<eix> kees: mmh
<mathiaz> danshearer: or that all the messages will be stored on both servers ?
<danshearer> mathiaz: no duplicates, no omissions. syslog is generally udp, but the two servers can talk tcp to each other.
<eix> psufan: my lshw http://rafb.net/p/tWj9yb95.html
<danshearer> mathiaz: in practice in a large and busy network, and given the nature of udp, if you have all devices logging
<danshearer> mathiaz: to both servers, most of the time one of the two (or both) will receive syslog message.
<psufan> nope a64
<eix> psufan: DIMM
<psufan> dimm has been since sdram :P
<psufan> actually there was fpm and edo dimms
<danshearer> mathiaz: the important thing about centralised logging is that you point *everything* at it, down to printers and physical security systems.
<eix> ok people, thanks - I'll be back tomorrow for this
<psufan> nvidia chipset is NOT a server
<eix> psufan: you say?
<eix> psufan: why?
<mathiaz> danshearer: right - I'd make more sense to make sure the messages are stored at least once, rather then only once
<psufan> cause that wasn't nvidia's target market
<eix> psufan: I really don't know which cheap server this is
<psufan> doesn't support a lot of server stuff like ecc or registered
<eix> psufan: they bought to me, for free
<eix> psufan: but, still, it should work, no?
<psufan> mabye
<eix> psufan: yet this missing RAM is weird
<mathiaz> danshearer: implementing the logic to make sure that messages are stored only once is probably better done in log analysis tools than at the log storage level
<eix> psufan: I will have more informations tomorrow about the BIOS configuration
<eix> I'll probably also look into the mobo manual
<mathiaz> danshearer: /stored/processed/
<psufan> ok
<eix> thanks kees and psufan
<psufan> np
<jo_> hi everybody. could someone of you tell me, whether the packages needed for using a D-Link G-520+ WLAN-Adapter (Chip: TI ACX-111) (probably linux-restricted-modules-386 or parts of it) are installed with the hardy server edition?
<danshearer> mathiaz: then you don't have an active-active failover solution.
<efj> Hi everyone
<efj> I have a question regarding DHCPD configuration
<efj> and multiple subnets :-p
<danshearer> mathiaz: this is part of some thinking I have been doing, trying to answer this question:
<efj> I don't know if anyone knows a bit about this ?
<efj> and could eventually help me ?
<ivoks> efj: will you just ask
<efj> So I got a server running DHCPD
<efj> with 2 subnets declarations
<efj> DHCPD responds on both interfaces
<efj> but provides the right information regarding DNS, routers to only one of them
<efj> let's day that I have 192.168.1.0/24 and 192.168.2.0/24
<efj> with appropriate definition for both of them
<efj> 1.0 is the domain home.lan
<efj> 2.0 is the domain home.wifi
<danshearer> mathiaz: "what services can I very easily roll out in active-active configuration?"
<kees> danshearer: DNS, DHCP
<danshearer> mathiaz: that is, without expensive clusters or other very special-purpose solutions
<danshearer> kees: LDAP
 * kees doesn't know LDAP yet :)
<efj> For 1.0:
<efj> 	option domain-name "home.lan.";
<mathiaz> danshearer: how-do you define active-active ?
<efj> 	option broadcast-address 192.168.1.255;
<efj> 	option routers 192.168.1.1;
<efj> 	option domain-name-servers 192.168.1.1;
<danshearer> kees: syncrepl
<ivoks> efj: it would be easier if you would paste you config file on pastebin
<efj> 	option ip-forwarding off;	
<efj> for 2.0:
<mathiaz> !pastebin | efj
<ubottu> efj: pastebin is a service to post multiple-lined texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu.com (make sure you give us the URL for your paste - see also the channel topic)
<efj> 	option domain-name "home.wifi.";
<efj> 	option broadcast-address 192.168.2.255;
<ivoks> ... and not here
<efj> 	option routers 192.168.2.1;
<efj> 	option domain-name-servers 192.168.2.1;
<efj> 	option ip-forwarding off;	
<danshearer> mathiaz: the simple way that the boss can understand: when one server goes down the other keeps going, and
<efj> Sorry about that
<danshearer> mathiaz: when the first server comes back there is still no difference in either server, and
<danshearer> mathiaz: it never matters which server you connect to.
<efj> So the thing is that on 1.0, I get the right domain name, gateway and DNS
<ivoks> efj: pastebin
<efj> for 2.0, it answers with the proper IP address, meaning something like 192.168.2.30
<mathiaz> danshearer: right - you can either go for a failover scenario of a load-balancing scenario
<danshearer> mathiaz: One thing you don't want to have to guarantee is that any given transaction will succeed, that's another topic :-)
<efj> but DNS is 1.0, ditto for gateway
<efj> and I just don't know why this keeps happening
<ivoks> mathiaz: are you guys talking about redhat cluster suite? :)
<efj> it also says that it's from the home.lan domain
<mathiaz> ivoks: nope - it started with syslog
<ivoks> efj: for the last time; paste your config on pastebin
<ivoks> mathiaz: oh...
<danshearer> mathiaz: well when it comes to load-balancing you're talking about constructing a robust network with great care
<mathiaz> ivoks: how to provide an high available logging infrastructure
<danshearer> mathiaz: I like to show people that actually a lot of components can be very robust without much thinking at all
<efj> http://paste.ubuntu.com/19100/
<efj> done
<danshearer> mathiaz: like kees says, DNS and DHCP can do this and we don't think about it much, but the concept can be extended to
<ivoks> mathiaz: with two machines with drbd master-master disk, and VIP over the redhat cluster suite? :D
<danshearer> mathiaz: other services and I think more people would if it was (a) easier and (b) better promoted
<mathiaz> danshearer: by load-balancing I mean that all the nodes are active at the same time - by failover I refer to one node being active, the others in stand-by mode
<danshearer> mathiaz: a great way to address (b) is to ship configs ready-to-go :-)
<ivoks> danshearer wants glory for low cost :D
<danshearer> mathiaz: I don't agree with your definitions really, because to me load-balancing implies some degree of selection
<danshearer> mathiaz: with the services I'm talking about there is explicitly no load management logic. Whoever answers first wins.
<mathiaz> danshearer: well - let's call it an active-active and active-passive scenario
<danshearer> mathiaz: I just tell the senior officials in the company "Look, for not much disruption things are more likely to work than before"
<danshearer> mathiaz: Whereas if you introduce a comprehensive solution you have to disturb other parts of the network, or at least introduce more components
<danshearer> mathiaz: that do things like distribute load or guarantee integrity of an individual transaction.
<ivoks> efj: let's take a look
<efj> thanks
<jo_> is there a package list for the ubuntu server install cd?
<ivoks> efj: which dhcp server is this?
<danshearer> mathiaz: Personally it ridiculous that most of the time people have to choose between individual servers and complicated cluster solutions
<mathiaz> jo_: http://releases.ubuntu.com/releases/8.04/ubuntu-8.04-server-i386.list
<efj> dhcp3
<mathiaz> jo_: has the list of all the files on the ubuntu-server cd
<jo_> ok, thanks
<danshearer> mathiaz: whereas you can get what ivoks just said, almost: *most* of the glory for *little* extra cost.
<danshearer> make sense?
<efj> I have 2 network interfaces
<mathiaz> danshearer: sure - the next step is to list the services then
<efj> with appropriate definitions
<ivoks> danshearer: redhat cluster suite isn't complicated
<ivoks> danshearer: it even has graphic tool for configuration
<danshearer> mathiaz: That's right. And I was doing that in my head really, and got to syslog, and asked the question I did :-)
<ivoks> danshearer: clusters by default are hard to understand for newbies
<efj> here is my /etc/network/interfaces file: http://paste.ubuntu.com/19103/
<ivoks> efj: so, remind me, what doesn't work?
<danshearer> ivoks: that's my point: a lot of the time there is an inbetween, pragmatic answer
<danshearer> ivoks: and what's more, you can do this service-by-service on existing machines
<efj> DHCP clients from network wifi get a proper IP address
<efj> but get 192.168.1.1 as DNS and gateway
<danshearer> my point is thinking practical, backwards-compatible, simple, while also greatly improving networks
<ivoks> doh, too many buzzwords for a non english listener
<efj> instead of 192.168.2.1
<efj> also, they get domain-name="home.lan"
<efj> instead of "home.wifi"
<danshearer> ivoks: what I mean is, there are simple things you can do to existing networks that give you more robustness
<kees> efj: is it possible you have other devices on the wifi serving DHCP?
<danshearer> ivoks: take my earlier question about syslog: many networks have a central syslog server.
<efj> kees: none
<danshearer> ivoks: We can tell them "run this on two servers, and suddenly you have much more reliable solution"
<ivoks> efj: this looks ok to me...
<efj> if I list the interface's information on the client, it is clearly 192.168.2.1 that gives the lease
<ivoks> danshearer: i understand what you *want*, but this is not very easy to achive with a simple 'click'
<ivoks> efj: is eth2 a wifi interface
 * kees thinks about his attempts to make mailman clustered.  what a hoot.
<ivoks> danshearer: there are too many variables...
<danshearer> ivoks: I wasn't worrying about the "click" part for now :-)
<efj> it is an ethernet interface
<efj> connected to an AP
<danshearer> ivoks: I'm not so sure I agree with you, which is why I'm writing down the possibilities :-)
<ivoks> danshearer: for syslog on two machines, the way to do it is easy
<ivoks> danshearer: set up an DRBD (network raid of partitions), create GFS (or even some non-cluster FS)
<danshearer> ivoks: I am speaking of a central syslog service receiving up to 1000 messages per second
<ivoks> danshearer: and setup a vitural IP that will move from one to the other when first one fails
<danshearer> ivoks: DRDB is definitely not the answer, it spreads corruption instantly :-)
<danshearer> ivoks: nope, GFS is absolutely not the answer for someone who wants a simple solution that fits his current needs
<danshearer> ivoks: I'm getting parts of what I'm writing from working networks, thanks for the input, I'll come back with more questions!
<ivoks> sorry, phone
<ivoks> GFS is very simple solutions
<ivoks> OCFS is not, tough :D
<danshearer> ivoks: GFS is simple if that's what you're looking for. At the moment, for most networks, it isn't an option.
 * danshearer interrupt, back later
<ivoks> efj: anyway, this looks ok
<efj> ivoks: thanks for looking at my config
<efj> I somehow don't understand why I get this result
<ivoks> syslog shows no errors when starting dhcpd?
<nealmcb> hmm - I "helped" some folks in Boulder out and did an upgrade of clamav on a dapper machine for the first time in a while.  It asked about the config file, and I thought it would be safe to keep the old config file, but it seems that I broke it.  They've got it fixed now, but I wonder how often that happens, and what options we have for helping and warning folks about incompatible upgrades.
<ivoks> nealmcb: we offer diff, which you should've check :)
<sommer> heh
<sommer> nealmcb: did you grab the clamav from backport?
<nealmcb> I looked at the diff, but don't recall it saying "!!warning - incompatible upgrade!!"
<sommer> clamav is a beast, especially if you haven't upgraded for a while
<efj> ivoks: no it doesn't
<nealmcb> If it weren't for the fact that they were dealing with a mail problem alread and were tight on time I would have taken more time to look at it then.  as it was I just put it on the "look at soon" pile...
<ivoks> nealmcb: well, it saved your old config
<ivoks> so you can still do a diff
<sommer> nealmcb: ya, the big issue with clamav is that they change their library api between versions... it may be getting better since they were bought by sourcefire though
<ivoks> and check what's changed
<sommer> nealmcb: but for packaging questions ScottK knows much more than I do
<nealmcb> ivoks: again, it is fixed now.  I'm asking about the human factors of how we can help prevent upgrades from  breaking things
<sommer> nealmcb: until clamav has a stable API, I'm not sure... aside from asking to replace the configs
<efj> ivoks: I got it !
<efj> The issue was that the MAC address I gave to the ethernet port of the wifi computer was the wifi one ...
<efj> so there was a match in the first subnet
<efj> not in the second
<ivoks> interesting...
<efj> The thing is that there was an allow unknown-clients clause in the wifi subnet
<efj> meaning that it would respond
<efj> however it seems the match on the hardware address made the thing screw up
<efj> Anyway, thanks for your time
 * ivoks wasn't here during specs talk
<ivoks> but, /me has one spec too :D
<ivoks> https://blueprints.edge.launchpad.net/ubuntu/+spec/migrate-off-ssl-v2
<jjesse> was there another team meeting i missed?
<nealmcb> jjesse: this morning at 15:00 UTC
<jjesse> ah bummer
<nealmcb> we assigned everything to you :)
<jjesse> nealmcb: figured
<jjesse> means more won't get done
<folke> Anyone know the status of vmware-tools and 8.04?
<folke> Is the any-any patch necessary? Or should I stick to 7.10
<mathiaz> kirkland: The MIR items in Outstanding issues should be moved the implementation section
<mathiaz> kirkland: remove the encrypted swap reference as this is out of the scope of the spec
<kirkland> mathiaz: well.... some argue that without encrypted swap, encryption is useless, as passphrases can leak from memory to disk via swap
<kirkland> mathiaz: i'd like to at least mention it, in the interest of full disclosure
<mathiaz> kirkland: right - makes sense then
<kirkland> mathiaz: i disagree with the "useless" argument
<kirkland> mathiaz: but I recognize that encrypted swap is necessary for further (complete?) protection
<kirkland> mathiaz: i'll move the MIR's to Implementation
<mathiaz> kirkland: having a section about testing would start the documentation effort
<kirkland> mathiaz: actually, regarding MIRs, those are still pending, so wouldn't they be considered "Outstanding"?
<kirkland> mathiaz: i was using "Implementation" to track what's been completed
<kirkland> mathiaz: okay, i noted that encrypted swap is beyond the scope, moved down a bit to a separate list
<mathiaz> kirkland: hm... Usually I use implementation to describe what needs to be done
<kirkland> mathiaz: I'll start a testing section now
<mathiaz> kirkland: and then add a big OK when it's implemented
<kirkland> mathiaz: okay, if that's "Implementation", what's "Outstanding"?
<kirkland> mathiaz: i was equating "implementation" with DONE, and "outstanding" with TODO
<nealmcb> seems to me it would "outstanding" from the spec writing standpoint - what is still unclear
<mathiaz> kirkland: see https://wiki.ubuntu.com/AppArmorGutsy
<nealmcb> ...unresolved issues....
<ScottK> If anything clamav API instability is getting worse, not better with clamav
<kirkland> mathiaz: hmm, okay.  i can follow that guideline, but i think i would prefer separate sections for TODO and DONE, call them what you will
<mathiaz> kirkland: makes sense
<mathiaz> kirkland: the Spec format is not so rigid
<kirkland> mathiaz: i can put two sections under Implementation, if that helps you out
<kirkland> mathiaz: one for DONE and the other for TODO
<kirkland> mathiaz: and I'll copy/cut/paste as I complete such items
<mathiaz> kirkland: what's important is to be able to figure out what needs to be done, and what has been done
<mathiaz> kirkland: wfm
<kirkland> mathiaz: and I'll save Outstanding Issues for things like Encrypted Swap
<kirkland> mathiaz: ie, stuff that's not done, and probably won't be done as part of this effort, but should be tracked for completeness
<ScottK> nealmcb: The Debian/Ubuntu clamav package ships pretty sane defaults.  If you change from them, then you do take on having to understand configs on upgrades.  It's part of the cost of doing business.
<mathiaz> kirkland: that seems reasonable to me
<ScottK> Stick with the default and the package maintainer handles it for you.
<kirkland> mathiaz: cool, thanks for the review
<nealmcb> ScottK: the issue here was that the new version couldn't parse the old config.  would it help to add some comments in the conf file saying in effect "API version x.y - WARNING - IF THIS SHOWS UP IN A DIFF LINE YOU NEED TO FIX THINGS!!"
<mathiaz> kirkland: np :)
<nealmcb> in addition, apt-get upgrade doesn't seem to indicate at the end when things fail during the upgrade
<nealmcb> ...like the daemon startup....
<ScottK> nealmcb: That's generally true anytime the diff shows up.
<lukehasnoname> Did soren die?
<Brazen> So what does the server team think of ovirt?  I noticed it's not on the Roadmap.
<Brazen> ...just asking since it's slow in here.
<Deeps> looks like a vm appliance
<Deeps> being developed and maintained for use in a fedora based vm
<Deeps> looks nice too
<lukehasnoname> I want to check it out at some point... getting that to work with Ubuntu/JeOS and KVM (or xen) would be awesome.
<Deeps> umm, it's an extra vm that you'd run on your vm server (whatever os it is) by the looks of things
<Deeps> whatever linux os, anyway, i guess
<lukehasnoname> ovirt is a vm manager
<lukehasnoname> I thought
<lukehasnoname> >_>
<Brazen> it's a vm manager, but Redhat is distributing a vm with it all set up.  I'm pretty sure that is just for testing though, and in production I'm sure it is intended to be installed on bare metal.
<lukehasnoname> http://ovirt.org/documentation.html
<Brazen> Have you (anybody) ever used VMWare ESX Server with Virtual Center?  It looks like ovirt is supposed to be the equivalent of Virtual Center.
<Deeps> oh,, i see
<Deeps> Brazen: you could just ask
<Brazen> Deeps: ask what?
<Deeps> 20:03:59 [freenode] Brazen [n=chatzill@wsip-70-167-48-6.ks.ks.cox.net] requested CTCP VERSION from Deeps:
<lukehasnoname> Brazen: Ya, I've seen what you're talking about, a nice GUI to manage and watch VMs across physical hosts
<Deeps> oh,chatzilla, nm
<Brazen> It's just really be nice to have easy-to-use gui to manage vms and hosts remotely
<Brazen> I could go on and on, there are a lot of nice features in Virtual Center that would be a boost to open source virtualization.
<Brazen> There is another project called Enomalism, but ovirt has, imo, a much better looking interface, and it's an advantage to ovirt being backed by a known, reliable organization like Redhat.
<lukehasnoname> ok, I was mistaken about oVirt, and now I am not so fond of it. I thought it was a web program, not something I'd have to dedicate a machine to.
<Brazen> lukehasnoname: how would rather have it?  I don't see why you couldn't install it on a machine that is ALSO a vm host, but I would prefer to put it on a dedicated machine.  I could just be used to how Virtual Center does it, though.
<lukehasnoname> well, hmm. I guess I expected it to have less requirements than what it's asking for. In the "bundled" install, it requires the "admin node" (the one hosting the oVirt vm) to have two network cards, with a dedicated NIC for the oVirt network
<Brazen> uh, I missed that part.
<Brazen> two nics
<Deeps> vlan
<Deeps> virtual nic
<Brazen> yeah, that's my thought
<Brazen> VMWare wants you two have two nics, too, with one dedicated to VMotion
<kirkland> mathiaz: testing section added to https://wiki.ubuntu.com/EncryptedPrivateDirectory
<JaxxMaxx__> well, I guess that guarantees some bandwidth...
<kirkland> mathiaz: after tomorrow's sync with Debian, let me do a couple of sniff-tests, then I think you can point people to that in your blog for testing
<Brazen> I actually have two nics, in all my vm servers, but I bind them and use LAG on the switch for redundancy, then use vlans to split it into virtual nics
<lukehasnoname> AhHhHhHh
<lukehasnoname> *goes to PM*
<JaxxMaxx__> if I wanted to let www-data (apache2) have read access to the syslog, what permissions would I have to change/add ?
<\sh> JaxxMaxx__: read permissions for others
<mindframe-> i would create a syslog group and add www-data to that group... set read only for that group
<mathiaz> JaxxMaxx__: you can also put the www-data user in the adm group
<mindframe-> 640 most likely
<mathiaz> kirkland: great - reading through the testing instructions, why do you need to enter a mount passphrase ? Could it be set to a automatically generated passphrase ?
<mathiaz> kirkland: since the user doesn't need to remember it and it's is strongly suggested to use some long, difficult to guess passphrase
<mathiaz> kirkland: would it make sense to generate the passphrase automatically (or at least provide a default)
<mathiaz> kirkland: so that we're sure that the passphrase is some long, difficult to guess
<kirkland> mathiaz: yes, true, but, remember the remote backup case
<kirkland> mathiaz: where you're just rsyncing your encrypted data to offsite storage
<kirkland> mathiaz: you want to restore that data, and mount it again elsewhere
<kirkland> mathiaz: you need the mount passphrase
<kirkland> mathiaz: let me put it another way....
<kirkland> mathiaz: if you lose the mount passphrase, and you don't remember it, you cannot access your data
<mindframe-> are you guys working a full disk encryption option into the intaller?
<kirkland> mathiaz: i should probably update that line in the wiki to be more clear
<kirkland> mathiaz: it's misleading, perhaps, as is
<kirkland> mindframe-: no, a per-user encrypted directory in ~/Private
<mindframe-> oh
<mindframe-> neat
<kirkland> mindframe-: https://wiki.ubuntu.com/EncryptedPrivateDirectory
<mathiaz> kirkland: hm... isn't that the same use case your private ssh key protected by a passphrase ?
<kirkland> mindframe-: full disk encryption is more or less provided by LVM+LUKS in the installer
<mathiaz> kirkland: because you'd have to remember two things - and the hardest one to remember, you'd never use it
<mindframe-> yeah i wasnt sure if the server installer had it as well
<kirkland> mathiaz: well, there's a big difference in my mind...  with ssh, you need to create a new key and give it out to everyone, if you forget your passphrase
<kirkland> mathiaz: in this situation, you may have valuable data/pictures/keys tied up in an encrypted directory never to be accessed again
<kirkland> mathiaz: that amounts to data loss
<mathiaz> kirkland: well - I'm not an expert in that area. So what about providing a default long, difficult to guess passphrase
<mathiaz> kirkland: so that people can write it down before creating the directory ?
<mathiaz> kirkland: My point is that asking user to come up with a long hard to guess passphrase doesn't work well.
<mindframe-> i think it should force a minimum complexity/length and have the user create it
<kirkland> mathiaz: hmm, well, the prompt just says, "Enter your mount passphrase"
<kirkland> mathiaz: it's my own commentary in that wiki page that suggests that it should be long/difficult
<mindframe-> people will complain that it's too hard to remember their 20 digit alphanumeric passphrase
<kirkland> mathiaz: i'm fixing that in the wiki now
<InsomniaCity> passpoem
<kees> mathiaz: I've fixed the ECHO problem in flex, so hopefully we shouldn't see those errors any more.
<InsomniaCity> 20 stanzas long
<mindframe-> heh
<mathiaz> kees: \o\ /o/ \o/
<kees> heh
<mathiaz> kees: /o\
<mathiaz> kees: (h5)
<mathiaz> kirkland: hm.. what is the passphrase used for ?
<mathiaz> kirkland: to unlock the private key used to encrypt the data ?
<kirkland> mathiaz: refresh your view of that wiki page, i fixed the text there
<kirkland> mathiaz: the mount passphrase *is* the key to the encrypted mountpoint
<kirkland> mathiaz: that passphrase is encrypted/decrypted by PAM when you login to the system
<kirkland> mathiaz: so if you change your system passphrase, PAM only needs to rewrap your mount passphrase
<kirkland> mathiaz: and not comprehensively re-encrypt every file in the mountpoint
<mathiaz> kirkland: so why not use the login password directly ?
<mathiaz> kirkland: right
<kirkland> mathiaz: same reason as above....
<kirkland> mathiaz: re-encrypting a huge directory on password change would *suck*
<kirkland> mathiaz: we could default the login and mount passphrases to be the same thing
<mathiaz> kirkland: to me that looks similar to my ssh key, where I use ssh-keygen to generate the private key ( => mount passphrase) and then protect it with a passphrase ( => Login password)
<mathiaz> kirkland: could a similar workflow be implemented ?
<kirkland> mathiaz: perhaps we can do that, if we can inform users to backup their ~/.ecryptfs/wrapped-passphrase to offsite storage (and trust that they do so)
<kirkland> mathiaz: in case a user inadvertently deletes ~/.ecryptfs/wrapped-passphrase, access to their data in Private/ is gone.  permanently
<kirkland> mathiaz: if it was a randomly generate mount passphrase and they don't remember it, or have a backup
<mathiaz> kirkland: well - I think you have the same issue with gnupg - you're not asked to generate your private key
<kirkland> mathiaz: if we can trust our users (and paying customers) to follow instructions and make an offsite backup of ~/.ecryptfs/wrapped-passphrase, then perhaps that's okay
<mathiaz> kirkland: if you loose your gpg key, you won't be able to recover your data
<mathiaz> kirkland: so your point for asking the user to enter a passphrase is that they will see at least *once* the passprhase
<mathiaz> kirkland: and hopefully remember it
<kirkland> mathiaz: and will have at least somewhat consciously chosen it
<mathiaz> kirkland: whereas if the passphrase a automatically generated and if it lost, every thing is lost.
<kirkland> mathiaz: true.
<mathiaz> kirkland: *consciously* chosen -> weak passphrase
<kirkland> mathiaz: wrt to ssh keys, that simply means you can't sign your ssh connections any more
<kirkland> mathiaz: wrt to ecryptfs, that means you can't access your data
<kirkland> mathiaz: which would be the same with gnupg
<mathiaz> kirkland: exactly - and gnupg doesn't ask you to enter your private key
<kirkland> mathiaz: except the amount of data people encrypt with gnupg pales in comparison to the amount of data they can trivially copy into ~/Private
<kirkland> mathiaz: personally, i use gpg -c (passphrase) for anything I'm backing up
<kirkland> mathiaz: in that I'll always remember my passphrase(s)
<mathiaz> kirkland: right - but that's the isn't an easy way to encrypt stuff with gnupg
<kirkland> mathiaz: really?   echo foo | gpg -c
<mathiaz> kirkland: I'm refering to the target users of the Private directory.
<mathiaz> kirkland: I know you (and I) can do it easily
<kirkland> mathiaz: ;-)
<mathiaz> kirkland: that's why I question the necessaty to enter a mount passphrase wrt to the target audience
<kirkland> mathiaz: i agree that your suggestion would certainly increase the security of the matter
<kirkland> mathiaz: and would definitely make it easier on the target audience when executing normal usage vectors
<mathiaz> kirkland: Ubuntu - linux for human beings
<kirkland> mathiaz: we would definitely need a GIANT FLASHING WARNING that your .ecryptfs/ directory needs to be backed up offsite, or you will not be able to access your data in ~/Private if you ever lose it
<kirkland> kees: jdstrand: can one or both of you weigh in?
<mathiaz> kirkland: right - that would probably part of the documentation
<kees> kirkland: flashing warning?  Hrm, docs certainly, but I can't think of a non-annoying way to do it other than docs.
<kirkland> kees: oh, i meant more fundamentally to the handling of this....
<kees> kirkland: which part?  (scroll back is long...)
<kirkland> kees: jdstrand: here's the nutshell....
<kirkland> kees: jdstrand: the ecryptfs ~/Private directory must be mounted with a passphrase (or key).  i'm using a pam module to use the login password to "unwrap" that mount passphrase
<kees> (that sounds like how luks works)
<kirkland> kees: jdstrand: when setting up the mount, i ask the user for both a login and a mount passphrase
<kirkland> kees: jdstrand: mathiaz has suggested randomly generating the mount passphrase
<kirkland> kees: jdstrand: my concern with that is that if the user loses .ecryptfs/wrapped-passphrase, there is no way to recover their encrypted data
<kirkland> (assuming the encryption is any good)
<kees> I think prompting for a passphrase that will never be used isn't a good idea.
<kirkland> kees: jdstrand: on the normal usage vector, this makes things easier...  user only needs to remember login passphrase, we can generate a long/hard mount passphrase
<kees> if they corrupt their filesystem and lose that file, they're going to be toast anyway
<kees> I would agree about the randomized mount passphrase -- this is was LUKS does AIUI, so best to stick with one "way" of handling things.
<kirkland> kees: jdstrand: mathiaz: okey doke, good enough for me
<lukehasnoname> Brazen: Enomalism looks freaking amazing
 * lukehasnoname reads more about it
<Brazen> yeah, it's feature set looks good, but ovirt is backed by Redhat, so I expect it get more recognition, the interface looks nicer, and it will likely get all the same features as Enomalism.
<kees> I'm committing a giant merge of apparmor to current svn.  we can't upload it to intrepid yet because the AA kernel module is the wrong version (2.1 vs 2.3)
<kees> mathiaz: ^^
<mathiaz> kees: wfm
<ScottK> kees: Are you aware we have an issue with apparmor and akonadi?
<lukehasnoname> Brazen: Maybe I didn't see the right screens of oVirt, but Enomalism looks fine to me. Opinion, I know. Being backed by Redhat almost makes me more skeptical. I understand your point, but I wonder if it will have an intentionally low amount of .deb documentation.
<mathiaz> ScottK: the bug has an answer to the problem
 * lukehasnoname didn't see the right screens of ovirt.
<ScottK> mathiaz: OK.
<lukehasnoname> oVirt needs higher res screenshots, but it looks clean as well.
<Brazen> lukehasnoname: I think that will depend on whether or not the Debian (Ubuntu) community embraces it.
<lukehasnoname> Perhaps we can integrate oVirt and eBox (or similar) into a mega-super-enterprise level server management tool. *couch scottk cough*
<lukehasnoname> *cough not couch, cough, cough*
<Brazen> lukehasnoname: and a lot of high-quality stuff comes out of RedHat.  libvirt and virt-manager, which are embraced by Ubuntu, to name a few.
<Brazen> lukehasnoname: I really don't like ebox though :-(
<a13x> please help people, i am not able to set up ubuntu server
<lukehasnoname> I haven't had experience with it, but I do know a lot of people are suggesting using eBox as the basis for Ubuntu's server gui
<lukehasnoname> X based is out of the question, and webmin doesn't have as much popularity here, apparently
<a13x> when i test the cd it tells me that some random file (may be different every time) is corrupted
<lukehasnoname> whats up a13x
<a13x> i tried to redownload
<lukehasnoname> md5 check the ISO, reburn the CD at slower speed?
<lukehasnoname> Or if the server is non-critical, continue with install.
<a13x> i tried regular cd, cd-rw, dvd
<lukehasnoname> >_>
<a13x> tried 3 different cd roms
<Brazen> lukehasnoname: yes, yes they are.  I still like Webmin better though.  Personally, I think a fork of Webmin, to fix the config file issues, would be better, but I'm no developer.
<a13x> 3 different ide cables
<a13x> md5 checksum checks out
<ScottK> lukehasnoname: I've got more than I can handle on my plate already.
<Brazen> a13x: what is the problem you are having?
<lukehasnoname> a13x: download iso from different source
<a13x> i tried using a cd that i KNOW works
<lukehasnoname> Scottk: What are you working on, if I may ask.
<Brazen> a13x: does it not boot the cd?
<a13x> no, it boots
<a13x> when i run a check
<Brazen> a13x: oops, I see, farther up...
<lukehasnoname> OO! Idea! An ubuntu social networking site to replace the personal profiles on wiki.ubuntu.com
<a13x> it tells me that some random file is corrupt
<a13x> and its different every time
<a13x> or almost every time
<InsomniaCity> lukehasnoname: ooh! with rounded corners! and tagging! and screenshots!
<a13x> i ran memtest86, no problem there
<a13x> but its like random file corruption
<Brazen> a13x: I would try burning it at lower speeds.  I burn everything at 4x.
<a13x> i verified cds after recording
<ScottK> lukehasnoname: For Ubuntu, https://wiki.ubuntu.com/ServerFlavorSpec, getting clamav and spamassassin into main, motu-release and motu-sru teams, Kubuntu development, plus I maintain a bunch of packages.
<a13x> i recorded my cd-rw at 4x (tried 2x and it wasn't supported by the drive)
<lukehasnoname> InsomniaCity: Don't get sassy.
<lukehasnoname> heh
<a13x> i never had this type of problem before
<Brazen> a13x: I think I remember having this exact same issue, and had to replace my burner.
<lukehasnoname> Scottk: Who's working on the server admin project?
<a13x> ok, heh, tried 2 different burners
<ScottK> lukehasnoname: Dunno.  I've got way more than I can do on my plate as a volunteer.
 * ScottK looks around for some funding ...
<a13x> if its the burner then why is different file gets corrupted
<Brazen> ? oh.  you got me then.
<a13x> its almost random
<lukehasnoname> I thought you worked for Canonical
<Brazen> a13x: Try blowing on it?  *Sorry, bad NES joke.
<a13x> i even tried that
<a13x> ...
<Brazen> haha, yeah I still try that sometimes, too :D
<a13x> this problem is driving me crazy, what is my next step?
<lukehasnoname> ScottK: Set up an NPO to fund open source development
<lukehasnoname> something witha good name
<lukehasnoname> like "Free Software Foundation"
<Brazen> and grow a beard
<a13x> is there a net install version of ubuntu server?
<lukehasnoname> I bet.
<lukehasnoname> a13x: I bet
<lukehasnoname> Check for minimal installs in the cdimage site.
<a13x> url?
<lukehasnoname> a13x: Searching
<Brazen> a13x: https://help.ubuntu.com/community/Installation
<a13x> thanks a lot
<kirkland> mathiaz: kees: mhalcrow is here from ecryptfs
<kees> yay upstream!  :)
<kirkland> mathiaz: kees: mhalcrow believes strongly in a chosen mountpassphrase
<kirkland> kees: ;-)
<mhalcrow> Adding dependencies on extra files as an absolute prerequisite to recovering eCryptfs encrypted data is asking for trouble.
<lukehasnoname> gj brazen
 * delcoyote hi
<Brazen> a13x: lukehasnoname: no problem, don't know the cd wouldn't work, but maybe with stuff in that link you can get around it.
<kees> kirkland: you just wanted my opinion.  ;)
<kirkland> kees: ;-)  yeah, no offense
<kirkland> kees: i'm just trying to implement this in a way that keeps Ubuntu from going to far off the mark from upstream
<kees> kirkland: if we prompt for a passphrase that only gets used in extreme situations, then that should be explained during the prompting "do not lose this passphrase" etc etc
<mhalcrow> Exactly.
<mhalcrow> Just makes sure the user has this secret value stowed away in a secure recoverable location.
<kees> kirkland: cool -- I'm happy to throw in a tie-breaking vote, but if there's a "right" way to do it, go for it.
<Brazen> a13x: lukehasnoname: for a little shameless self-promotion, I looked up that link here: http://forums.anandtech.com/messageview.aspx?catid=34&threadid=2073143
<kirkland> mathiaz: are you around?
 * lukehasnoname likes enomalism because it's purely web based and seems well documented. Damn, if only he had internet at home!
<mhalcrow> It can be auto-generated, but just make sure the user has it stored in a separate, secure, reliable location from the encrypted data too.
<mhalcrow> A user-selected passphrase is much less likely to leave the user with unrecoverable backups, for instance.
<kirkland> mhalcrow: so that's exactly what the suggestion was, to flash a message to the user telling them that they MUST have a remote backup of .ecrypfs/* to ensure that their ~/Private data is recoverable
<mhalcrow> Yes. But only if the wrapped value is not user-selected. However, can we realistically expect users to remember that message and act on it dutifully?
<jdstrand> kirkland: I think I mentioned this another day-- I like the idea of a strong random password for encryptfs
<jdstrand> ecrypts
<mhalcrow> The chain of secrets is only as strong as its weakest link.
<mhalcrow> The login passphrase would be the weakest link in that regard.
<mhalcrow> Having the user select his own mount passphrase introduces an opportunity for the user to select a passphrase that is weaker than the login passphrase.
<mhalcrow> Is that worth the unrecoverable backups that are likely to result?
<mhalcrow> (if the mount passphrase is auto-generated, that is)
<kirkland> mhalcrow: well, we won't remove the opportunity for users to select their mount passphrase
<kirkland> mhalcrow: this is really more of a question about what the default behavior should be
<kirkland> mhalcrow: understanding that 95% of all Ubuntu users will take the default behavior
<mhalcrow> Maybe there can be a "generate a passphrase for me" button.
<mhalcrow> Next to the textfield.
<kirkland> mhalcrow: well, i was thinking more like: "Enter your mount passphrase: [leave blank to generate a random one]"
<Brazen> lukehasnoname: well, I'll for sure give a look when it goes gold release.
<kirkland> mhalcrow: but i think that's functionally equivalent, right?
<mathiaz> kirkland: yes my friend !
<kirkland> mhalcrow: and a command line option for automating it
<mhalcrow> kirkland: I would make the user either enter a passphrase or click a button to generate, and then show the generated passphrase to the user and tell him to write it down and store it in a secure location.
<Brazen> lukehasnoname: I also have to admin, I'm a little partial to a project using RubyOnRails, also, because Ruby is the only programming language I know, so it's something I could actually contribute to.
<mhalcrow> I would not just generate a secret value and use it under the user's nose.
<kirkland> mathiaz: mhalcrow is here (upstream for ecryptfs) to defend his opinion that a conscious mount passphrase is better than a random one
 * mathiaz reads the backlog
<Brazen> lukehasnoname: oops, I meant "admit" not "admin"
<mhalcrow> Well, what I am saying is that a passphrase that the user has stored safely away is better than an unknown secret value tucked away in a .*/ directory.
<kirkland> mhalcrow: ecryptfs-setup-confidential prints ALL values to screen before running its guts
<kirkland> mhalcrow: including both mount and login passphrases
<mhalcrow> Whatever encourages the user to keep that secret value written down on paper and locked in a desk drawer is what I would suggest.
<kirkland> mhalcrow: okay, i can enhance the echo'ing part of the script accordingly
<kirkland> mhalcrow: you have one patch from me changing s/Confidential/Private/
<kirkland> mhalcrow: i'll work on another one to modify the mount passphrase generation and instructions to the user accordingly
<kirkland> mhalcrow: one more thing, speaking of weakest link in the chain....
<kirkland> mhalcrow: what about making mount passphrase = login passphrase (by default) ?
<mhalcrow> That's fine, but users may change their login passphrases at will.
<mhalcrow> That is an easy way to introduce confusion.
<mhalcrow> Since the wrapped passphrase will remain the original login passphrase from when the machine was first configured.
<kirkland> mhalcrow: hmm, okay
<kirkland> mathiaz: any questions for mhalcrow?
<mhalcrow> Once users start encrypting their data and copying their data around to different media and machines, they must have a notion of "the secret to get to my data" and "the secret to login to my machine."
<mathiaz> not really - I think we aggree on most of the points
<mathiaz> The reason to have a long and difficult to guess password is to make the encrypted data stronger.
<mhalcrow> Really, passphrases are a necessary evil that do not work against a sufficiently equipped attacker.
<lukehasnoname> Brazen: Ya, I've heard RoR is handy. I'm pretty rusty on most languages nowadays, I used to know PHP damn well.
<mhalcrow> That's why eCryptfs has key modules (OpenSSL, TPM, etc.)
<mathiaz> IMO asking the user to generate a passphrase is too much. generating one that can be kept around is a good option.
<kirkland> mhalcrow: mathiaz: what if we offered to email the user their wrapped-passphrase?
<kirkland> mhalcrow: mathiaz: it's already encrypted
<mathiaz> kirkland: there isn't a MTA installed by default on a desktop
<jdstrand> email?
<kirkland> mathiaz: that is, if an MTA is found on the system, and the user has an email address, and wants an emailed copy
<jdstrand> no no
<kirkland> jdstrand: mathiaz: okay, we just have to *trust* that users are going to backup this wrapped-passphrase file
<jdstrand> kirkland: I have only kept half an eye on this, but what is wrong with displaying the passphrase to the user at setup?
<mathiaz> I think either printing the passphrase or which files should be backuped.
<mhalcrow> That's what I recommend.
<mhalcrow> The user should know what the mount passphrase is.
<kirkland> mathiaz: mhalcrow: jdstrand: okay, we're in agreement then
<jdstrand> kirkland: eg 'Your encrypted files are in foo, your encryption passphrase is bar, please keep track of these offline in case of problems'
<kirkland> generate a random passphrase, show to the user and encourage that they record it, and backup wrapped-passphrase to offsite media
<ScottK> Maybe even offer to write it to a memory stick for them?
<mathiaz> kirkland: wfm - show the generated passphrase and list the file that should be kept safely.
<kirkland> mathiaz: cool
<kirkland> mhalcrow: thanks for joining
<kirkland> mhalcrow: you're welcome to hang around, or join us again sometime ;-)
<mhalcrow> No problem. Just expect users to forget and lost keys, and be prepared to tell them that they're screwed. ;-)
<InsomniaCity> wait... you expect users to READ!?
<kirkland> i'll just open a bug in Launchpad describing the problem and marking all of the bug reports duplicates there of ;-)
<mhalcrow> Losing your crypto key is necessarily a "no-fix" situation.
<kirkland> mhalcrow: right, mathiaz asked how this was different from losing gpg keys or ssh keys
<kirkland> mhalcrow: the main difference i saw was that your data is essentially gone in this situation
<mhalcrow> It's not; it's just easier for users to run into the problem, since the encryption is so transparent and integrated.
<mhalcrow> Plan 'B' is for Canonical to offer key escrow services.
<kirkland> LoL  :-)
<mhalcrow> But I don't think I want to open that can of worms. ;-)
<mhalcrow> Just tell users to downgrade to a previous version of OpenSSL and use the OpenSSL key module. That should take care of it.
<mhalcrow> I'm actually not entirely joking wrt key escrow. Some business users would probably go for that.
<mhalcrow> As protection against their own bureaucracy, at a minimum.
<kirkland> mhalcrow: you have a recommended length for random passphrase?
<kirkland> mhalcrow: 1024 bytes of hex digits sound reasonable to you?
<mhalcrow> The same number of bits as the symmetric key length.
<mhalcrow> 128 is sufficient.
<kirkland> mhalcrow: 128 characters of hex digits?
<mhalcrow> Too long; there are 4 bits per hex digit
<mhalcrow> 32 hex digits
<kirkland> mhalcrow: head -c 128 /dev/urandom | md5sum | awk '{print $1}'
<kirkland> mhalcrow: work for you?
<mhalcrow> Sure.
<mhalcrow> Although md5 output isn't as uniformly distributed as previously thought.
<mhalcrow> Just grabbing raw /dev/urandom should be a little more random.
<kirkland> mhalcrow: that's going to be far to messy to print out (and write down)
<mathiaz> kirkland: uuidgen | sed 's/-//g'
<kirkland> mhalcrow: ^ ?
<mhalcrow> I don't know how uuidgen does its magic; I really only trust the kernel rng these days.
<mathiaz> kirkland: or add the -r switch to make sure it's random
<kirkland> mhalcrow: i was md5summing it to make it printable and readable (rememberable?)
<mhalcrow> Right, but md5 is not collision-resistant.
<mathiaz> -r requires a high quality  random  number  generator,  such  as /dev/random
<kirkland> mathiaz: okay
<kirkland> mathiaz: that sounds reasonable
<mhalcrow> Okay; then use uuidgen if can produce good random values. But I won't officially endorse it until I've inspected its code.
<a13x> i am back, ubuntu mini cd failed, random download errors, "Loading libntfs-3g23-udeb failed for unknown reason"
<kirkland> mhalcrow: fair enough
<mathiaz> mhalcrow: it's part of the e2fsprogs package
<kirkland> mathiaz: can you point us to other high-security things that uuidgen is used for?
 * ScottK concludes that a13x's hardware is cursed.
<kirkland> mhalcrow: do you have something else you recommend I pipe /dev/urandom through to make it readable?
<mhalcrow> od?
<a13x> memtest86 didn't fail
<mathiaz> kirkland: nope - I've just uuidgen to get some random strings
<kirkland> mathiaz: gotcha
<mathiaz> kirkland: I have no clue whether it's good at it (from a cryptographic point of view)
<kirkland> mathiaz: okay, we'll stick with /dev/urandom then
<Brazen> re: key escrow:  What about a system where businesses can maintain their own key escrow, something like certificate signing?
<a13x> i think something is wrong with the distribution, i am going to try debian
<kirkland> mhalcrow: what do you think of: `head -c 15 /dev/urandom | od | sed "s/^0000000//" | sed "s/\s*//g" | head -n 1`
<Brazen> a13x: try one of the "Installation without a CD" methods on that page.
<JaxxMaxx__> Hmmm.  Is there an easy way to figure out why my apache2  is not starting properly upon reboots?  I have to use the script in /etc/init.d/apache2   to launch it manually after a  reboot -now
<mhalcrow> kirkland: Those are octet vals
<mhalcrow> od -x
<mhalcrow> octal
<mhalcrow> Use the -x flag to get hex
<kirkland> mhalcrow: okay
<lukehasnoname> a13x
<kirkland> mhalcrow: head -c 15 /dev/urandom | od -x | sed "s/^0000000//" | sed "s/\s*//g" | head -n 1
<lukehasnoname> try FreeBSD
<lukehasnoname> amuse me
<kirkland> mhalcrow: that's 32 hex digits, 128 bits
<a13x> i tried mini cd
<mhalcrow> kirkland: That only takes 120 bytes from /dev/urandom, no?
<mhalcrow> bits
<a13x> Brazen: i tried mini cd and i got download errors, i think this is hopeless
<kirkland> mhalcrow: -c 16, sorry, typo on my part
<kirkland> mhalcrow: head -c 16 /dev/urandom | od -x | head -n 1 |sed "s/^0000000//" | sed "s/\s*//g"
<mhalcrow> kirkland: That looks good to me.
<kirkland> mhalcrow: cool
<lukehasnoname> a13x: Try Debian or OpenBSD
<a13x> burning debian now
<vikram> Is there like a turn key switch to get SELinux enabled instead of apparmor?
<vikram> or do we have to do it the hard way?
<vikram> can i just boot with selinux=1?
<vikram> (obviously i'll have compiled policies ready to go)
<kirkland> vikram: you have to install the selinux kernel
<vikram> the server kernel doesnt have selinux?
<kirkland> vikram: the server kernel has apparmor
<vikram> seems to have selinux
<vikram> grep selinux /boot/System*
<mathiaz> vikram: assuming your using hardy - https://wiki.ubuntu.com/HardySELinux
<mathiaz> vikram: both selinux and apparmor are available in the hardy kernels
<kirkland> vikram: i stand corrected....  sorry
<lukehasnoname> pvvn3d
<kees> kirkland: all the LSMs are compiled in -- one just has to select the one they want at boot time.
<kees> vikram: sudo apt-get install selinux should get you on your way.  :)
<kirkland> kees: learn something new every day ;-)
<kees> hehe
<mhalcrow> kirkland: You may want a utility that dumps the wrapped passphrase to stdout, for maintenance purposes.
<kirkland> mhalcrow: agreed
<vikram> I only want the kernel selinux policies, i've got my own userspace stuff, tools, compilers, policies etc...
<kirkland> mhalcrow: we'll need something like that if we set this up automatically in the installer, say
<vikram> thanks
<kirkland> mathiaz: mhalcrow: jdstrand: kees: how's this for syntax?  http://ubuntu.pastebin.com/m47eda7eb
<a13x> debian: failed to copy file form CD-ROM. Retry?
<a13x> i am going to shoot myself
<kees> kirkland: hahah  sure, that works.  :)
<kees> perhaps explain *why* they need to store it, etc.
<kirkland> kees: yeah
<kirkland> mathiaz: mhalcrow: jdstrand: kees: http://ubuntu.pastebin.com/m3d9366cc  better?
<kees> sure, good for now.
<lukehasnoname> your IDE bus is messed up?
<lukehasnoname> a13x that is
<lukehasnoname> ...
<mathiaz> kirkland: wfm - now you just need to i18n it ;)
<kirkland> mathiaz: later
<lukehasnoname> I g2g, see you guys later. a13x, it is a hardware problem of some kind, I can't see it being anything else. Try a non-deb distro if you want to be sure, but that's just weird.
<a13x> hair pulling does not come close to describing this problem
<uvirtbot> New bug: #234367 in apache2 (main) "If many queries come in too quickly, apache2 freezes." [Undecided,New] https://launchpad.net/bugs/234367
<ScottK> ^^^ Happens to me too.
<uvirtbot> ScottK: Error: "^^" is not a valid command.
<ScottK> Oops.
#ubuntu-server 2008-06-11
<owh> Nothing like IRC bonus commands :)
<uvirtbot> New bug: #239025 in nut (main) "usbhid-ups not behaving with Tripplite UPS" [Undecided,New] https://launchpad.net/bugs/239025
<lukehasnoname> Everyone in bed?
<owh> Nope
<lukehasnoname> what's the name of that VM manager starts with an E
<lukehasnoname> Is JeOS only available as 32 bit?
<owh> Did you google?
<Kamping_Kaiser> (or go to the download page?)
<uvirtbot> New bug: #239048 in apache2 (main) "apache2 conf.d and sites-enabled oops" [Undecided,New] https://launchpad.net/bugs/239048
<lukehasnoname> well yes, I went to the download page to only see i386. It just seems odd that they don't have 64 bit guests.
<shelbyscates> hey guys
<shelbyscates> i have ubuntu server hardy heron and my sound dosent work :(
<shelbyscates> could someone pls hellp me make my sound work? :)
<shelbyscates> sorry to be impatient :(
<antdedyet> sound on a sever... ?
<shelbyscates> well, i have desktop and server running on it
<shelbyscates> i use wmii
<shelbyscates> and im wirting a script to notify me when parts of my website have activity
<shelbyscates> but one problem:
<shelbyscates> aint no sound! :P
<specialKevin> shelbyscates: I don't know if ubuntu server includes the sound packages
<shelbyscates> i have ubuntu server & ubuntu desktop.
<shelbyscates> if i boot into desktop, bam, no sound :(
<shelbyscates> no sound nowherez!!!
 * shelbyscates sobs 
<specialKevin> shelbyscates: so you dual boot with ubuntu server and ubuntu desktop
<specialKevin> or you have wmii install on top of ubuntu server
<shelbyscates> well, i installed ubuntu server, then ubuntu desktop on top of it, so i have a weird hybrid desktop server, right now im using gnome and all i want to do is get some sound working
<shelbyscates> :)
<specialKevin> shelbyscates: what command did you use to install ubuntu desktop
<specialKevin> also are you using the server kernel or the desktop kernel
<specialKevin> shelbyscates: and the sound is not just muted
<shelbyscates> yeah, its not, im using working speakers
<shelbyscates> im not sure about the kernel, affter all, it does say its the ubuntu server kernel
<shelbyscates> i installed ubuntu server regularly, then ran sudo apt-get install ubuntu-desktop
<specialKevin> you might be running the ubuntu server kernel and I am not sure but it might not have the sound modules enabled
<specialKevin> I am not sure
<ajmitch> you may want to check linux-ubuntu-modules for the kernel you're running
<shelbyscates> yup, server
<shelbyscates> how do i enable the sound modules?
<ajmitch> as in, do you have the right linux-ubuntu-modules package installed?
<ajmitch> probably linux-ubuntu-modules-2.6.24-18-server
<shelbyscates> thats the one
<shelbyscates> :)
<shelbyscates> 2.6.24-18-server
<shelbyscates> im sorry if im answering your questions wrong, im tired tonight
 * ajmitch guesses that you'd find people more able to help with sound problems in #ubuntu
<shelbyscates> okey dokey then... thanks
<kraut> moin
<CrummyGummy> Anybody got a good replacement for ipac-ng? I don't see it in Hardy.
<_ruben> CrummyGummy: we moved away from ipac-ng because it didnt scale well enough for us .. using pmacct nowadays .. quite different approach, but much more suited for our needs/requirements
<CrummyGummy> Thanks, I was wondering what was going on.
<CrummyGummy> I'm upgradeing to hardy to see if it fixes the udev problem.
<_ruben> ah, the changing nic problem?
<CrummyGummy> yup
<_ruben> what kind of nics are in that box?
<CrummyGummy> thernet controller: Intel Corporation 82546GB Gigabit Ethernet Controller
<CrummyGummy> and
<CrummyGummy> Ethernet controller: Broadcom Corporation NetXtreme BCM5704 Gigabit Ethernet
<_ruben> and what are the exact symptoms after a reboot? they swap places? or what?
<CrummyGummy> eth2 becomes eth0_rename
<_ruben> hmm .. and wat does your persistent_rules thingie file look like ?
<CrummyGummy> http://www.pastebin.ca/1043884
<_ruben> 2 dual port controllers ?
<CrummyGummy> yes
<_ruben> interesting
<_ruben> definately smells like a bug
<_ruben> CrummyGummy: there's one thing i'd try .. replace ethN by intN .. so eth0 -> int0 .. eth1 -> int1 .. that would prevent name clashes .. curious if that'd cause problems still
<_ruben> in the persistent rules file that is (and /etc/network/interfaces, etc as well)
<_ruben> my *guess* would be some sort of race condition caused by the loading of the 2 nic drivers, causing a clash when udev tries to rename them
<CrummyGummy> sounds fair. The I'd have to change shorewall and a few other things. I'll wait for this upgrade to finish.
<whistler> hi, i want to ask smt about SAMBA. Do I HAVE TO create a valid UNIX User just to share smb over windows network machines? I want to create a smb user only via smbpasswd command. How can i skip creating a unix user part? is there a way todo so ?
<_ruben> CrummyGummy: the ethN -> intN change is a nasty workaround at best ofcourse, im also curious if the bug's reproducable in hardy .. i got a gutsy machine with 1 dual port and 1 quad port nic, without any problems, then again, i have those ifs renamed to int0/ext0/wlan0/etc
<_ruben> (was out to lunch for a bit)
<CrummyGummy> My other box hasn't had the same problem. But I'm understandably scared to reboot it at the moment as there are only two nodes in my failover configuration. I'll test a bit in Hardy and see if the same problem comes up before making the recomended changes. Now that you mention it it could be quite useful to have custom names.
<_ruben> CrummyGummy: g'luck :)
<CrummyGummy> _ruben: It did it again.... Changing names now.
<_ruben> odd
<uvirtbot> New bug: #239144 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.0.51a-3ubuntu5.1 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/239144
<Tophat> what should i have/read/look at in order to replace my windows 2003 server network, with a full linux/ubuntu network?  with it being rather easy transition for the users.
<Bert_2> Hi, does anyone know of frontpage 2000 works with apache webdav ?
<hotnuma> Tophat: you should try Samba 4 if you want an AD controller
<Tophat> will samba allow me to keep my domains?  and the users will be able to log in the same as they always do?
<hotnuma> Tophat: yes but Samba 4 is still in alpha stage, there is no printing support currently
<hotnuma> Tophat: I have a Samba 4 server on a test machine, it seems promissing, but is not yet totally ready for production
<Tophat> right on.
<Tophat> i've used samba before to set my a NAS, and always had such a difficult time getting everything to communicate with my windows machines and adding new users.  hopefully samba 4 will resolve many issues.
<hotnuma> I think so, yes
<hotnuma> I tested roaming profiles, GPO and file sharing, it seems to work fine if correctly configured
<Tophat> word
<Tophat> thanks for your help :D
<hotnuma> BTW, there's an experimental package for debian, I think, it is really new
<Tophat> i must check it out then
<Tophat> you know anything about building a raid server?
<hotnuma> no, I'm sorry :(
<_ruben> Tophat: what about it?
<Tophat> ahah its all good
<Tophat> i want to build a hardware raid server, but im not sure what parts i need.  i know mobo and all that jazz, but on the controller card.  do i need a seperate card for each drive?  or can i daisy-chain them together?
<_ruben> you need a hardware raid controller with enough ports to hold all of the disks you want use in your raid setup
<Tophat> right on, do you know what drives would be best for use on hot swaps and performance?
<_ruben> depends on ur budget .. 15000rpm SAS disks are very nice
<_ruben> fiberchannel is top of the line .. and bill
<Tophat> right on. were looking to go maybe 2TB at most with around 1000$ budget (at most)...were at the mercy of the taxpayers so, its a little difficult to get stuff done.
<_ruben> though at home i have several servers with 'standard' disks .. one with (old) 200GB ata disks .. and one with (slightly newer) 250GB sata disks
<Deeps> $1000 on the disks, or $100 for the server total?
<Deeps> $1000*
<_ruben> here in holland you get 1TB drives for 120euro
<_ruben> 3 of those in raid5 would yield ~2TB of storage
<Tophat> total
<Deeps> http://www.qnap.com/pro_detail_feature.asp?p_id=85
<Deeps> you might find that's more suitable
<Tophat> ive seen this one before, and its not bad for the price, but ive gotta find a way of building this for almost half price.
 * Tophat has a really really really strict budget.
<Deeps> does the budget include the time it takes you to do it?
<\sh> quality has its price...especially when you talk about storage and sata and raid
<Deeps> or are you unpaid?
<Tophat> no budget doesn't include time
<\sh> if it's just a private playground...go for simple stuff...
<Deeps> if you are paid, factor in the time you spend learning + setting up + configuring into the budget, vs paying a bit more for preconfigured kit
<Deeps> if it's for your home, go for the 'fun' route and learn as you go
<\sh> good machine, bad number cruncher, but reliable hardware: dl320s of HP...2U form factor..
<Tophat> word.
<Tophat> thanks guys/gals :]
<Deeps> np
<Deeps> that said, i just ordered one of those TS 409s for my house
<Deeps> replace the pos synology diskstation
<slim1> hello all, is there any documenation about how to install webdav on ubuntu-server ?
<jpds> !webdav
<ubottu> Factoid webdav not found
<jpds> hrmm
<PanzerMKZ> !webdev
<ubottu> Factoid webdev not found
<PanzerMKZ> hrmm
<CrummyGummy> Well that didn't work that well. I have lost contact with my server :( That was less than ideal....
<_ruben> ouch
<_ruben> remote location?
<CrummyGummy> Yip. And my cars in the shop. grrrr
<\sh> remote location and no ILO or any other remote insight possibility?
 * CrummyGummy slaps the panel beater.
<CrummyGummy> \sh: I can reboot it etc but my sol doesn't work.
<_ruben> jikes
<\sh> you should have something like a remote console via eric or ilo or cyclades...without such things, never ever do an remote dist-upgrade ;)
<CrummyGummy> The tso has that capability but so far its been mostly vague kernel errors. This was caused by changing the id of my network devices.
<CrummyGummy> Proly pretty dumb in retrospect.
 * CrummyGummy can be stupidly optimistic.
<\sh> CrummyGummy: not as bad as one of my old customer and his cobald raq ;) "Well, I needed more space on the root device..so I moved /lib to /var/backup/lib" *sigh*
<lukehasnoname> anyone else hate it when you forget the password to your server?
<CrummyGummy> \sh: lol
<_ruben> \sh: jikes :p
<\sh> .oO(forgotten passwords? now I know why RHCEs training involves "hack your own server") ;)
<CrummyGummy> lukehasnoname: Never done that my self. I do set the root password these days since I got locked out after using a -g instead of -G on grpmod. Locked all the admin out of sudoers.
<\sh> CrummyGummy: the solution: reboot, grub -> e -> init=/bin/bash ... most distros are stupid ;)
<lukehasnoname> \sh: Ya, it sucks. I don't know how, either, I've used the same admin pass for a year, I don't know if or why I'd change that now. CrummyGummy: rofl
<CrummyGummy> Yeah, its an easy fix. Thankfully THAT one was local.
 * CrummyGummy scratches his head at the thoroughly un-useful Centos/RH fw tool
<lukehasnoname> no man entry for grpmod
<CrummyGummy> Sorry, meant usermod
<Brazen> It would be "groupmod", not "grpmod"
<Brazen> but, yeah, it would have had to been usermod in this situation.
<lukehasnoname> back
<lukehasnoname> wow I was away for almost half an hour
<_ruben> hope you didnt hold your breath during that period
<lukehasnoname> nope... I was reading "Beginning Ubuntu Server Administration" in the breakroom
<slim1> after some search i find something about webdav, from the first try i see it work,  maybe if someone neeed it http://www.digital-arcanist.com/sanctum/article.php?story=20070427101250622
 * lukehasnoname hacks the server
 * _ruben hacks the planet!
<reya276> morning
<reya276> I need some help connecting cyrus Imap, can anyone help troubleshoot this?
<reya276> I currently have postfix running and it works great, but no IMAP connection
<lamont> reya276: you need to install an imap server
<reya276> I did I install cyrus
<lamont> cyrus-imapd-2.2 ?
<reya276> ï»¿lamont: the issue is that cyrus for some reason is not working
<reya276> lamont: yes
<lamont> ah, ok
<reya276> ï»¿lamont:  hold let me show you what my mail log says
 * lamont will have to let someone else help you figure out imap issues atm
<\sh> hmm...?
<\sh> cyrus-imapd doesn't work?
<reya276> Well if anyone can help here is what the logs say: http://pastebin.org/43143
<reya276> ï»¿\sh:  yeah for some reason it does not, as it can't connect
<\sh> reya276: the permissions of the files/dirs cyrus complains you checked already?
<reya276> nope
<reya276> what permissions should I give it
<\sh> cyrus:mail most likely
<reya276> one thing that I'm confused about, shouldn't Ubuntu set the permissions on first install
<\sh> reya276: not for files which are created during runtime or through the admin..if admin doesn't call the cyrus binaries with sudo -i -u cyrus...uhm..you'll stuck with broken files
<\sh> cyrus is no fun
<reya276> so which IMAP can I use with postfix that is easy to use with UBuntu Hardy
<\sh> reya276: but /etc/init.d/cyrus* start script should take you to the correct permissions and calls...if not, it's da beast again
<\sh> reya276: depends what you want...for simple stuff dovecot or courier...for high end high traffic clusterization super duper imap: cyrus :)
<\sh> for me it runs now for years..since 2000 to be precise and I took it from gentoo to ubuntu ;)
<reya276> wow
<reya276> how can I give my cyrus user access to ï»¿/usr/lib/cyrus/*
<melter> i'm trying to install ubuntu server on an all-scsi machine, including a scsi cd drive; is there a boot option i need to give to get it to recognize the cdrom drive?
<\sh> reya276: you could add temporarily a /bin/bash to the user..and remove it later...
<\sh> reya276: but /var/lib/cyrus looks more likely to be fixed before that ;)
<reya276> ï»¿\sh: fixed? what do you mean
<\sh> reya276: the berkely dbs having wrong permissions, when I interpretate your paste...
<spiekey> Hi
<spiekey> we are using a E-Mail Proxy which we put in fron of our real mailserver...
<spiekey> ...the proxy does some spam filtering and we also relay via this proxy...
<spiekey> ...now i was told to "change your firewall settings to block connections to port 25 which do not come from the proxy"
<spiekey> -> in order to avoid mails going to my e-mail server directly.
<spiekey> this canÂ´t be right! Can it? i would not be able to connect to my Mailserver with my e-mail clients anymore?!
<sommer> spiekey: is the mx for your domain pointing to the proxy mail server?
<spiekey> yes
<sommer> then it should be fine to block the port to you other mail server... mail from the outside will go to the proxy then on to the main mail server
<Deeps> wont be able to send mail via that server anymore though
<spiekey> sommer: thats the inbound mail
<sommer> spiekey: probably a good idea to have two proxies though :)
<spiekey> what about my clients? They connect via smtp to my E-Mailserver directly
<sommer> spiekey: from the outside?
<spiekey> yes, our mailserver is hosted in the big bad world :)
<sommer> ah, then I wouldn't close the port
<spiekey> hehe, okay :)
<spiekey> i could reject incoming mails via postfix, right?!
<spiekey> reject all incoming mails except my email-proxy ip
<sommer> I'd think so, not sure how exactly to configure that though
<spiekey> i think i know :)
<ScottK> spiekey: Open port 587 (the submission port) and have your external users get to it that way.
<spiekey> thanks sommer
<spiekey> ScottK: i never heard of that port :)
 * ScottK hands spiekey RFC 2476 http://www.ietf.org/rfc/rfc2476.txt
<spiekey> thx
<nooga> hi
<melter> hello
<spiekey> hiho
<nooga> i would like to know if a specific RAID controller would work with ubuntu
<nooga> tried to search it's name and 'ubuntu' on google
<nooga> but it gives no results
<nooga> is there any way to find it out?
<vikram> raid controller?
<nooga> i mean
<vikram> you mean like an Adaptec raid controller card?
<nooga> yea, it's PROMISE FastTrak SX8300 to be precise
<vikram> i have seen a promise driver kicking around in the 2.6.xx
<vikram> not sure how good it is
<vikram> did you try it out yet, or are you looking to buy?
<vikram> if you are looking to buy, dont buy crap like that
<ScottK> spiekey: More and more ISPs are blocking port 25 outbound, so you'll probably have to enable Submission at some point anyway.
<nooga> i'm looking to buy it
<nooga> and the model is rather a choice of my boss
<spiekey> we have made really goog experiences with the 3ware raid controllers
<vikram> then an email to Silicon Image should solve your problem
<spiekey> goog/good  and they are cheap :)
<nooga> why Silicon Image O_O?
<vikram> dont they own Promise?
<nooga> hmm, it appears that promise products are even cheaper than 3ware ;]
<vikram> 3ware has a descent name for itself in industry
<vikram> Promise doesnt
<vikram> Promise make a lot of chips for typerwriter boards that asrock, ecs and friends sell
<nooga> i have heard that this promise controller works well under fedora and suse
<vikram> but then again, la creme de la creme is Adaptec
<nooga> so maybe if it works under fedora, there is a chance that it will work under ubu ...
<lukehasnoname> hm
<nooga> how about Adaptec Serial ATA II RAID 2820SA bulk (8xSATA-II)?
<lukehasnoname> Do you think a US based ISP that promises "No data caps, no ports blocked" would be profitable?
<lukehasnoname> think about it
<nooga> vikram?
<vikram> looks descent
<vikram> your safe with an adaptec card, its defacto for enterprise
<nooga> vikram: thx
<vikram> you can get adaptec raid cards with 512mb of cache, and with 32mb of cache on the average sas drive these days, a raid5 setup across 4 or 5 disks, is scarily fast
<nooga> i need sth for 8 drives :>
<nooga> okay, thank you and have a nice day
<ScottK> lukehasnoname: At the correct price point, yes.
<lukehasnoname> sweet
<lukehasnoname> I'm on it
<lukehasnoname> If I get all my hardware fron Trendnet and ECS, I'll be good
<ScottK> lukehasnoname: One key point though:  It also needs to quickly and effectively kill off spammers so that they don't pollute the reputation of neighboring net blocks.
<melter> is there a boot option to get the installer to recognize my scsi cd-rom drive?
<AlexC_> hey all
<AlexC_> I've recently removed ClamAV/Amavis from my setup - however, Postfix will no longer send emails, in the logs I get the following:  postfix/smtp[18350]: connect to 127.0.0.1[127.0.0.1]: Connection refused (port 10024)
<AlexC_> and below it: postfix/smtp[18350]: 04522241833F: to=<email@mail.domain.com>, orig_to=<email@domain.com>, relay=none, delay=0.2, delays=0.2/0.01/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]: Connection refused)
<AlexC_> ahh I think I know why, forgot to remove something from /etc/postfix/main.cf
<mathiaz> nijaba: not real progress
<nijaba> mathiaz: thanks.  did you upload anything?
<ScottK> AlexC_: Yes.  You did.
<AlexC_> ScottK, =3 yeah, the Amavis line, fixed it now
<ScottK> OK.
<ScottK> AlexC_: Why did you remove it?
<AlexC_> ScottK, content_filter = smtp-amavis:[127.0.0.1]:10024
<mathiaz> nijaba: nope - I've got some code somewhere - but just the begining of something.
<nijaba> mathiaz: ok.  I'd love to help when you got something suitable for a first upload
<ScottK> AlexC_: Not what, why?
<ScottK> I'm curious if there's something we should be doing better on.
<AlexC_> ScottK, doh, mis-read. ClamAV/Amavis was just using so so much ram
<ScottK> AlexC_: You might try clamsmtp.  If you just want clam, it's more RAM efficient than amavisd-new.
<AlexC_> ScottK, interesting, I'll look into that
<mathiaz> nijaba: sure - I'll have to revisit that project some time during the release
<nijaba> mathiaz: should we spec it somewhere?
<mathiaz> nijaba: that would help IMO.
<mathiaz> nijaba: At least to flesh out the use cases and may the interface
<nijaba> mathiaz: ok I'll work on this tonight then ;)
<mathiaz> nijaba: awesome - thanks :)
 * nijaba was just looking for something to do tonight ;)
<kirkland> mathiaz: hey, some good news on the Debian LSB status_of_proc() front...
<kirkland> mathiaz: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483285
<uvirtbot> Debian bug 483285 in lsb-base "lsb-base: lsb status_of_proc() function" [Wishlist,Open]
<kirkland> mathiaz: the maintainer is open to the idea
<kirkland> mathiaz: even supportive
<melter> when i choose "Install Ubuntu Server" from the cd menu, the server locks up, is there a way to find out what's causing it?
<kirkland> melter: you can view whats going on from one of the other tty's
<kirkland> melter: try hitting <ctrl><alt>F2 ... F3 ... F4 ... F5 ... F6 ..
<melter> kirkland, all i see on all ttys is the blinking cursor in the upper left corner
<kirkland> melter: when you boot the cd again, from the bootloader menu, edit the boot options
<kirkland> melter: you can add "debug=1" to see more kernel debugging messages
<kirkland> melter: also, remove "quiet" and "splash" if present on the kernel boot line
<melter> kirkland, after the "--" ?
<kirkland> melter: sure
<melter> ok
<mathiaz> kirkland: that looks great
<melter> kirkland, i removed "quiet" and added "debug=1" after "--", and now the installer starts just fine
<kirkland> mathiaz: on the right track, at least
<kirkland> melter: hmm, possibly a problem with the splash screen and your video card/monitor
<kirkland> mathiaz: i think there's a "safe graphics" option or some such
<melter> kirkland, ah, ok, it's an old machine being used through a kvm
<melter> kirkland, thanks
<kirkland> melter: kvm could be the problem
<kirkland> melter: i mean, throwing that into the mix could mess up graphics autodetection
<Deeps> you might find xen a better option than kvm if you're using old hardware (ie, a cpu that doesn't have virtualisation extentions)
<Deeps> iirc, kvm reverts to (slow) qemu mode in the event of no vt extentions present
<kirkland> Deeps: i think melter means keyboard-video-mouse?
<Deeps> oh, haha
<Deeps> silly me
<arakthor> If I have 2 NICs in my server, and both are static one assigned to 192.168.0.20 and the other .100, but they are seperate physical networks, will ubuntu be able to deal with that?
<mathiaz> Koon: WSUS-like package ?
<Koon> mathiaz: Windows Update server
<Koon> mathiaz: we discussed it when we discussed auto-update
<mathiaz> Koon: hm - I'm not sure what you're refering to exactly - but nijaba is currently writing a spec about something similar
<vikram> .deb uses spec files?
<mathiaz> Koon: where you can move packages from one rep to another (like unstable->testing->stable)
<Koon> tools that help maintaining package mirrors, moving tested packages from preprod to prod areas
<mathiaz> Koon: using a web interface
<Koon> yes
<mathiaz> Koon: ok - nijaba is working on this spec tonight
<mathiaz> Koon: we had a quick chat about it about an hour ago here
<Koon> mathiaz: great, I wouldn't want that one to slip through
<Koon> hm.. I mean to be forgotten
<mathiaz> vikram: nope - https://wiki.ubuntu.com/PackagingGuide/PackagingOverview
 * delcoyote hi
<lukehasnoname> ScottK: That will be a big job
<ScottK> lukehasnoname: Good access in a good neighborhood is worth something.  Good access in a bad neighborhood is worth much less.
<lukehasnoname> scottk: Nothing some open sauce can't fix, right?
<ScottK> Sure and a fair amount of hard work.
<lukehasnoname> hm...
<lukehasnoname> The initial capital required to set up a privately owned fiber optic network over even a large city would be enormous
<lukehasnoname> Even more so if it attempts to be decentralised
<danshearer> Sometimes the simple things in life are best: here's a central bash logger implemented in a moderate-sized network
<danshearer> http://shearer.org/Cloba
<danshearer> Makes some people happy anyway -)
<lukehasnoname> Interesting
<danshearer> I recommend dev-type ppl run one of the solutions given on their laptops, can save re-inventing lots of wheels.
<danshearer> Does for me anyway.
<maw_> how do I check my 'flowcontrol' status for nic?
<Accio> hi :Ã¾
<danshearer> maw_: not 100% sure what flowcontrol means here but  sudo ethtool eth0 tells you about link modes (eg duplex)
<Accio> i have installed ubuntu server 7.10.. can i have a raid 0 ?
<Accio> whit 2 ide disk
<maw_> danshearer: thanks, that info is sometimes in 'ifconfig' but I couldnt find it
<danshearer> maw_: instead of 'ifconfig' consider 'ip -s link show'
<maw_> ah interesting
<maw_> thanks
<maw_> too many tools that all do similar, but slightly different things :\
<maw_> danshearer: 'dmesg' revealed the status of flow control on my NICs
<danshearer> maw_: ah, what you wanted was 'mii-tool eth0'
<danshearer> maw_: I thought ethtool had completely superceded it but not for Flow Control.
<danshearer> maw_: Is this correct on your system?
<maw_> I don't have mii-tool on this server (SLES10). It probably exists on Ubuntu though :P
<danshearer> Ky impression is that mii-tool is deprecated.
<danshearer> My
<maw_> I wasn't even aware of the tool
<maw_> FreeBSD allows you to do most of these things with ifconfig
<maw_> hence my linux confusion
<danshearer> maw_: ifconfig on non-Linux OSs has to jam in functionality of new standards, and succeeds to a greater or lesser degree
<danshearer> maw_: depending on the OS. On Linux the iproute package (command 'ip') replaces route, arp, ifconfig etc. In other words ip is
<danshearer> maw_: a superset of ifconfig. On linux ifconfig has been ported to use the same interfaces as ip, just a much smaller range.
<danshearer> maw_: From time to time (I presume it still happens?) people talk about replacing ifconfig altogether on Linux and say "why does anyone
<danshearer> maw_: still use that old thing?" :-)
<maw_> thanks for the heads up
<maw_> I have been primarily using ifconfig
<maw_> I will read into the 'ip' toolset
<leonel> I see that postgresql 8.2.9 for gutsy was  accepted   what happened to  8.2.8 ??  and  8.3.3 for hardy is comming  what happened to 8.3.2   since the current PostgreSQL  releases are  8.3.1 and  8.2.7  anyone knows ??
<lukehasnoname> so I've been chatting up a few guys from the Enomalism (Web based Vm/server manager)
<lukehasnoname> http://www.enomalism.com/features/
<nijaba> mathiaz: could you have a look at https://blueprints.launchpad.net/ubuntu/+spec/webmirrormanager ?
<AFJUSD> ï»¿can anyone assist me in integrating Ubuntu 8.04 with and Active Directory Network?
<sommer> AFJUSD: you should take a look at likewise-open: https://help.ubuntu.com/8.04/serverguide/C/likewise-open.html
<lukehasnoname> nijaba: Something like that would be nice to be a PART of the server mgt software that is in the planning
<nijaba> lukehasnoname: small steps...
<lukehasnoname> Well, yes. Assuming both projects are structured properly, it shouldn't be tough to integrate
<lukehasnoname> nijaba: In fact, I'll be downloading a mirror soon, and was wondering about the same things you mention wanting to achieve with your suggestion
<AFJUSD> TY, I have Likewise-Open installed and can successfully join to my domain. However to implement Ubuntu on our students desktops, I need them to be able to logon and authenticate through Windows AD and have their Server-Based Home Directories auto-mounted.... I have looked everywhere and just can't find a solution.... Any ideas?
<sommer> AFJUSD: likewise-open handles the auth part... as for automounting you can add an entry into fstab or use LDAP and libnss to configure it (I believe)
<FabParma> [OT] Does exist a VM/CPU-emulator that can let chooses which cpu (amd or intel) to use into the guest enviroment w/o ties with host hw config? Thank You for help me, Fab
<lukehasnoname> oh damn fabparma, I meant to ask: Do you mean assigning VMs to use only so many cpus, or exactly which CPUs?
<FabParma> lukehasnoname: a specific cpu brend
<AFJUSD> So.... As far as anyone knows, there is NOT any useful documentation to accomplish what I am trying to do?   :)
<lukehasnoname> https://help.ubuntu.com/community/ActiveDirectoryHowto AFJUSD
<lukehasnoname> I don't know if it will help
<lukehasnoname> so you want a guest OS to use either AMD or intel without caring what physical CPU you're running?
<lukehasnoname> people just disappear
<AFJUSD> TY, I have seen that document... It deals with setting up a SAMBA Server, which I do not want to do. I may be at the end of my investigation....  I was hoping Ubuntu had evolved enough to be easily (or somewhat easily) integratable in a Windows AD Network. I may have to scrap this project and stick with Windows XP...... :(
<nijaba> AFJUSD: what os are your student using?
<lukehasnoname> AFJUSD: Email this to ubuntu-server AT lists DOT ubuntu DOT com.
<lukehasnoname> it will get the attention of everyone involved with server dev here at ubuntu
<AFJUSD> Currently, Student Workstations have Windows XP. I was hoping to switch to Ubuntu 8.04 for several reasons. But, I need for them to logon, authenticate and draw their Home directories from Windows AD Server...
<ScottK> Where is danshearer when you need him?
<lukehasnoname> quite possibly dead
<lukehasnoname> Kangaroo to the face
<nijaba> AFJUSD: IIRC, the home directory should be rather straight forward in AD.  Just specify the \\XXX\XXX in some AD field
<lukehasnoname> AFJUSD why can't you set up Samba
<nijaba> AFJUSD: if your server is joined to the same AD and publishind the dirs using samba, no additional authentication should be requested
<lukehasnoname> *won't, just curious
<ScottK> I mention him because this is exactly the kind of problem he was suggesting we needed to make it easy to solve @ UDS.
<AFJUSD> I am the only IT person in this school district. If I have to add/maintain a separate server to implement Ubuntu Desktop, it defeats some of the purpose for me....   :)
<ScottK> AFJUSD: What is your sense of urgency for this problem?  When does it have to be running?
<AFJUSD> If I am going to implement it, it has to happen within the next couple of weeks so I can do my imaging. I have several other projects going on during summer break.  I cannot do this kinfd of a change-over during the school year. I was just hoping Ubuntu was ready for integration in an AD Enterprise.....
<AFJUSD> It really needs to be addressed though....
<ScottK> Agreed.  I'm not that familiar with it myself.  All I have here is Linux.
<AFJUSD> Linux would find it's way into mainstream networks if the integration wasn't so painful....
<lukehasnoname> I'm sure there are people on it. Since you are the only guy in the district, that makes you THE GUY. Why don't you migrate the entire system to Ubuntu in the next year?
<lukehasnoname> again, throwing ideas out
<ScottK> lukehasnoname: It's not nearly that easy.
<sommer> AFJUSD: here's a forum thread with your same question: http://ubuntuforums.org/showthread.php?t=232100
<zul> AFJUSD: you are probably going to get more traction on the server ml since this could be a large complicated change
<sommer> their advice was to look at http://pam-mount.sourceforge.net/
<ScottK> I had enough trouble just migrating my kids.
<sommer> AFJUSD: so in theory you should be able to use likewise-open to configure auth and pam-mount for the /home share
<AFJUSD> Hahaha.... That would be nice, unfortunately, Linux and the Education world are not ready for each other yet... To many programs that will only work in the Windows world..... School Management Software, Accounting.... etc.
<sommer> AFJUSD: looks like pam-mount is packaged in libpam-mount
<AFJUSD> sommer, that article references using a samba server to accomplish this.... Unfortunately that won't work for me... TY though  :)
<sommer> AFJUSD: didn't mean that the article covers exaclty the steps you'll need for what you're trying to do, but if you share a folder from a windows server and use likewise-open to configure the linux workstation to authenticate you should then be able to use pam-mount for the rest
<sommer> likewise-open isn't the same as samba
<AFJUSD> True, but I have K-12 students logging on to multiple workstations. They need to be able to sit down, log in, and pull their AD Group Policy Settings from the AD Server, which includes the path to their Server-Based Home Directory. I have to make it easy and effortless for them..... DANG IT!!!!  LOLRL
<sommer> I understand, and I think those two tools will accomplish that... the effort will be in your learning the configuration
<sommer> and if you want to apply group policies to linux clients there is a non-free version of likewise that will provide that functionality... but since you're a school I'm sure budget is a consideration :)
<AFJUSD> Okee Dokee... I will look into it a little further. Otherwise, I may just have to wait until next Spring to see if the integration develops.... And delay my departure from MicroSoft....
<ScottK> AFJUSD: Making exactly this kind of thing easier is one of the things we are trying to do for the next version of Ubuntu Server.
<ScottK> You may want to stick around and see if things are developing to meet your need.
<AFJUSD> TY ScottK, I just have a short window this Summer to try and implement this. I have been watching Ubuntu and Linux for years and am very excited. I promise. I will not turn my back on it. I just may have to wait until next Summer to try implementing it again!   :(
<ScottK> AFJUSD: Understand.  Just mentioning it because you've arrived at a good time to provide input and see if what is being done would be useful to you.
<AFJUSD> I can be emailed at: mstringer@afjusd.org if you would like my input, struggles, etc. I have been in Educational IT for 13 years in U.S. I know Linux/Ubuntu would gain HUGE entry if this "little" glitch could be surmounted..... hehehe Feel free to contact me. I will assist, brainstorm, etc.
<AFJUSD> O' BTW, if you do email.... my name is Mark
 * ScottK looks around for mathiaz.
<AFJUSD> Thank You Everyone!    :)
<Brazen> Hey I was out of the channel and missed it, what is the "little glitch" you all were talking about?
<lukehasnoname> linux clients effortlessly accessing Windows AD
<mathiaz> nijaba: yeah !
<mathiaz> ScottK: yes ?
<ScottK> I thought some of your work for Intrepid would line up well with what AFJUSD was asking about, but he's gone now.
<Brazen> lukehasnoname: like more than getting user accounts?  oh well, no need to rehash it.
<uvirtbot> New bug: #239299 in samba (main) "nowait config option in inetd.conf is error with xinetd" [Undecided,New] https://launchpad.net/bugs/239299
<lukehasnoname> mathiaz: how hard would nijaba's idea be to impliment?
 * mathiaz reads the backlog
 * Brazen notices in the meeting minutes that Augeas was brought up, which he suggested in the mailing list
<lukehasnoname> er, here
 * Brazen is awfully full of himself
 * Brazen is new at this
<Brazen> can I read the backlog if I was not in the channel?
<lukehasnoname> https://blueprints.launchpad.net/ubuntu/+spec/webmirrormanager mathiaz, it's a spec for a web based repo mirror manager
<lukehasnoname> Brazen: What is Augeas?
<Brazen> lukehasnoname: it's a management backend that interacts directly with the config files
<lukehasnoname> ah
<Brazen> lukehasnoname: it's being developed by Redhat as part of there Emerging Technologies project
<lukehasnoname> Brazen: To quote an Enomalism dev: beholder: Our focus will probably take us more towards automatic reaction systems for scaling up/down and more into providing our REST API, and less into the fancier features of a straight virtualization framework
<lukehasnoname> since we were talking about VM managers
<Brazen> psh,  so what the heck does that mean?
<lukehasnoname> and oVirt is more focused on the virtualization framework idea.  We're a virtualization framework focused on delivering the idea of cloud computing
<lukehasnoname> that means buzzwords are in? heh. I still like the looks of the software. I intend to get a hardy server up this weekend with enomalism over KVM
<Brazen> It's still in beta though, or alpha
<Brazen> I did go back and look over their site yesterday and it looks like they have come a long way since last I had checked.
<lukehasnoname> So is rhythmbox :)
<lukehasnoname> Ya, I want to look at both, and I'm no expert. As I told him though, "Emo" is web based with mysql backend, where oVirt is a guest VM
<Brazen> yeah, but you are comparing something that plays music to something that could potentially be the basic building block of entire datacenters
<lukehasnoname> web appeals more to me
<lukehasnoname> Brazen: TouchÃ©, salesman.
<Brazen> oVirt has a web frontend, and the vm is only for development testing
<Brazen> I read back over the oVirt site and they are definately intending for oVirt to be installed on the bare metal, the vm image that they are distributing for now it just for development testing.
<lukehasnoname> orly
<Brazen> you know, I wondered what would happen if I installed a kvm server inside a VMWare ESX Server vm...
<Brazen> but I'm too lazy to try it out
<lukehasnoname> haha
<uvirtbot> New bug: #239302 in squid (main) "Setting squid's udp_incoming_address address to 127.0.0.1 stop its DNS requests working" [Undecided,New] https://launchpad.net/bugs/239302
<ScottK> !irclogs Brazen
<ubottu> Factoid irclogs brazen not found
<ScottK> Urgh.
<lukehasnoname> !irclogs
<ubottu> Official channel logs can be found at http://irclogs.ubuntu.com/ - For LoCo channels, http://logs.ubuntu-eu.org/freenode/
<ScottK> Forgot the pipe.
<lukehasnoname> !irclogs | Brazen
<ubottu> Brazen: Official channel logs can be found at http://irclogs.ubuntu.com/ - For LoCo channels, http://logs.ubuntu-eu.org/freenode/
 * Brazen checks it out
<nxvl> mathiaz: i have just send you an e-mail some minutes ago
<arakthor> when you install libsasl2 - is it cyrus or dovecot?
<arakthor> or c. other
<mathiaz> nxvl: read - that's fine if you can make it - if you can send a small summary of your findings that would be helpful
<mathiaz> nxvl: *cannot* make it
<Jberg88> So i installed drupal and my friend made an account i was suppose to recieve a notification but drupal error logs said I am sending and receving from the same email
<Jberg88> help please
<ScottK> arakthor: libsasl2 (and IIRC it's libsasl2-bin) is Cyrus
<arakthor> ScottK: thanks
<mathiaz> ScottK:  I've looked into libsasl2 when I was writing one of my spec
<mathiaz> ScottK: IIRC you were suggesting to drop it from main
<mathiaz> ScottK: why ?
<ScottK> We've got Dovecot and Cyrus both right now.  Dovecot is generally easier to set up with Postfix if you're new.
<ScottK> Since Dovecot is our supported MDA, it makes sense to aim at Dovecot for SASL too (we do this in docs) and so why support both.
<lukehasnoname> !ask | ScottK
<ubottu> ScottK: Please don't ask to ask a question, ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely answer. :-)
<mathiaz> ScottK: right - looking at the implementation,. it seems that dovecot SASL is only supported in postfix and exim
 * lukehasnoname is showing Brazen something, dont' worry
<ScottK> mathiaz: So it might not be feasible yet.
<ScottK> We ought to keep it in mind for the future.
<mathiaz> ScottK: there are lots of other packages in main that provide sasl via the cyrus library
<ScottK> Yes.  That's why not yet.
<mathiaz> ScottK: IIUC the integration is completly different - so you'd have to add specific support for the dovecot sasl library.
 * lamont would rather not drop support for cyrus from postfix...
<ScottK> Yes.  This is done in Postfix.  That's the only place I use it, so I don't know about the rest.
<ScottK> lamont: This is an idea that would take years.
<ScottK> mathiaz: Due to the other users, I think it needs to wait quite a while.
<mathiaz> ScottK: agreed. Thanks for the input.
<lamont> that would get me complaints
<lamont> and it's not exactly modular enough to drop without really dropping it
<mathiaz> ScottK: I was wondering if you had other reasons to try to move away from cyrus (other than there are two implementation of sasl in main - let's drop one)
<ScottK> mathiaz: In general we don't have much of Cyrus in main anymore.  No strong reason.  I actually use it myself still.
<ScottK> "Someday" I'll switch to Dovecot.
<mathiaz> ScottK: ok.
<lamont> ScottK: ah, in that case, plot away :)
<lamont> so if I was considering setting up imap for the homenet, and want imaps, should I go with dovecot or cyrus?
 * lamont bets the answer is "dovecot"
 * ScottK would guess Dovecot.
<mathiaz> I suggest dovecot :D
<ScottK> IIRC the standard answer is Dovecot unless it's going to be huge.
<arakthor> I am receiving errors in auth.log regarding sasl plugins for postfix ( http://pastebin.com/d25551bb4 ). I believe it could be that postfix is looking in the wrong directory, but cannot find an option to change the path where it looks. Any suggestions?
<ScottK> arakthor: What's in /etc/postfix/sasl/smtpd.conf?
<arakthor> http://pastebin.com/d2b40860c
<ScottK> Are there really unbalanced quotes in the SQL statement?
<arakthor> uh. yeh. I didn't notice that. :s
<arakthor> now they are balanced; thanks for spotting that
 * ScottK runs of to parent for a while.
<zul> mathiaz: openldap 2.4.9 SRU uploaded again...
<jussi01> Hi all - got ubuntu server running, trying to install sugar crm. its missing the imap modules - which package do I need to install for these?
<ScottK> jussi01: How about sugar-crm?
#ubuntu-server 2008-06-12
<Techiedragon> running 8.04 server - is there anyway to change the display font so I get more on the screen?
<maw_> is there a up to date 'how-to' for setting up ubuntu server as a reliable NTP server?
<owh> maw_: AFAIK it's in the server guide. - see the /topic
<maw_> thanks, I stumbled across this while googling
<lukehasnoname> what up yo, nxvl
<Jberg88> hello?
<Jberg88> anyone
<Jberg88> How can I access my server via ssh remotely... i was at work today and tried me@myip but it didn't work
<ScottK> Did you install openssh-server?
<Jberg88> yes
<ScottK> Can you do it from a desktop at home?
<Jberg88> hold on
<Jberg88> I can but only using the static ip of the server
<ScottK> Did you try the same from work?
<hads> You'll need DNS for anything else.
<ScottK> Jberg88: You're welcome.
<sommer> ScottK: I'll take a look
<ScottK> sommer: Thanks.
<Jberg88> it works woohoo!
<pubo> hi
<pubo> I'm looking for a web application to maintain system accounts (like webmin, but I only want the system accounts part)... can anybody help me?
<ScottK> !ebox | pubo
<ubottu> pubo: ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<pubo> ScottK, ubottu, yes, I know ebox. But I only that the person who is going to maintain user account could not configure anything more
<ScottK> That's the only other one I know of.
<pubo> uhm, ok.. I'll try
<maw_> anyone know how to enable ethernet flow control?
<Brazenn> maw: i think ethtool can do that.
<maw_> ya I got it
<maw_> and you were right :)
<thenewguy> hey how can i setup phpmyamin to run under ssl and is it needed? thanks in advance
<keithclark> Why do I get this error when running gnome-system-monitor via ssh?  SELinux was found but is not enabled.
<keithclark> And evolution running via ssh creates this error of which I know nothing about: WARNING **: couldn't connect to dbus session bus: Failed to connect to socket /tmp/dbus-F7ZRYqizA8: Connection refused
<hads> You have gnome on your server?
<keithclark> hads: yes.  It is an old desktop that I used to use
<hads> I don't know anything about gnome but try connecting with ssh -X or -Y
<keithclark> hads: I am.  ssh -CX user@address
<kraut> moin
<sp20ngebob> hi at all
<CrummyGummy> elo
<liassist> hello, i have just got my ubuntu-server from the company but there this little problem "there is no gui" so any suggestions on a gui suited for servers
<owh> liassist: It depends on what you want to achieve with the GUI.
<owh> !gui
<ubottu> The graphical user interface (GUI) in Ubuntu is composed of many elements, including the !X server, a window manager, and a desktop environment such as !GNOME or !KDE (which themselves use the !GTK and !Qt toolkits respectively)
<owh> Hmm
<liassist> normal server topic (i never want gnome or kde)
<owh> !server-gui
<ubottu> Factoid server-gui not found
<liassist> a gui from which i can run a server
<owh> liassist: That doesn't answer the question really. You can either manage your server from an ssh or command line terminal screen, or you can manage it using software like ebox.
<owh> Personally, I'm an ssh user.
<liassist> ok so what exectly is ebox i currntly dont have a browser right now
<owh> liassist: It's a web-based interface.
<liassist> ok so there is a deabon needed for that right?
<liassist> *deamin
<liassist> *deamon
<foolano> liassist: which services are you planning to use?
<owh> Well from memory it uses apache, so yes.
 * owh has to run and waves bye.
<liassist> ftp, and back office
<foolano> liassist: eBox has not a module to manage an ftp server
<liassist> ok what about pop3
<liassist> and smtp
<foolano> yep, it has that. it uses postfix and courier
<foolano> liassist: but that package is not in the ubuntu repositories, you will have to install it from my ppa
<liassist> my ppa?
<foolano> ppa -> Personal PAckage Archives, its a service in launcpad to build and publish ubuntu packages
<foolano> liassist: if you want to test eBox and you have a spare machine or a virtual machine, you can download the installer from http://ebox-platform.com. The installer is a hardy server with all the eBox modules and its dependencies
<liassist> well se ya later
<Klej> some1 hereee
<logixoul> Hi. I installed Hardy Server Edition on a VIA EPIA box but when booting I get this error:
<logixoul> Hi. I installed Hardy Server Edition on a VIA EPIA box but when booting I get this error:
<logixoul> er,
<logixoul> "this kernel requires the following features not present on the CPU: 0:6 0:8. Unable to boot - please use a kernel appropriate for your CPU"
<logixoul> What do I do?
<_ruben> you need to install the i386 kernel (atleast, thats how i got my epia mobo to work)
<logixoul> https://bugs.launchpad.net/ubuntu/+bug/222253 seems to suggest I need "PAE"
<uvirtbot> Launchpad bug 222253 in linux "Ubuntu 8.04 LTS Kernel does not support VIA C3 CPU" [Medium,Won't fix]
<logixoul> _ruben: How do I select which kernel to install? is this related to writing "huge.s" at the boot prompt, to select a "non-SMP" kernel?
<logixoul> (got this from http://www.linuxquestions.org/questions/slackware-installation-40/via-epia-c3-supported-648669/ )
<_ruben> PAE is for 4+ GB of ram
<_ruben> logixoul: you need to install the appropriate kernel image package (either at the end of the installation prior to rebooting (thats how i did it), or by booting in to a rescue mode)
<logixoul> sorry, net dropped. anyone said something?
<hads> 23:07:31 < _ruben> PAE is for 4+ GB of ram
<hads> 23:08:21 < _ruben> logixoul: you need to install the appropriate kernel image package (either at the end of the installation prior to rebooting (thats how i did it), or by booting in to a rescue mode)
<logixoul> oh, I see. thanks.
<logixoul> _ruben: hmm, rescue mode == recovery mode, right?
<logixoul> booting into recovery mode gives me the same error, so I guess I'll reinstall again.
<logixoul> _ruben: where exactly will I be given the chance to select a kernel? The last message I get in the installation is "remove cd and press Enter". Should I wait for that one?
<_ruben> logixoul: there's no prompt to select a different kernel .. when it prompts for remove cd, drop to a shell (alt-f2) and do apt-get install linux-386 (or smth similar, been a while)
<_ruben> logixoul: you can recover by booting the install disk into recovery mode, or use a live cd
<spiekey> hi
<spiekey> does vmware-server 1.0.6 install smootly on hard now? has anyone tried that yet?
<logixoul> _ruben: hm, linux-386 doesn't seem to exist, and `apt-cache search 386` doesn't show anything
<_ruben> ii  linux-386                                             2.6.24.16.18                                          Complete Linux kernel on 386.
<logixoul> that's on Hardy Server? weird, I get "Couldn't find package linux-386"
<logixoul> maybe I should add some repo?
<_ruben> $ apt-cache madison linux-386 linux-386 | 2.6.24.16.18 | http://nl.archive.ubuntu.com hardy/restricted Packages
<_ruben> linux-image-386 is in main though
<logixoul> Ok, any ideas why I don't see neither linux-386 nor linux-image-386 in this rescue prompt?
<logixoul> sources.list includes both main and restricted
<logixoul> ahh, maybe I should apt-get update
<logixoul> but I've no network in this prompt
<_ruben> the cd should be abail
<_ruben> avail
<logixoul> sources.list doesn't include mentions of the CD. should append it there manually?
<_ruben> it oughta be at the very top, unless the rescue mode is different .. on a decent install machine, the cdrom is listed on the very top
<_ruben> you're probably in some temp environment now, you'd need to chroot into your installation and work from there .. or just reinstall .. whichever suits you best :)
<logixoul> ooh, right, it's there sorry. it's commented out though.
<_ruben> ah ok
<logixoul> but this dumb terminal doesn't support any editor like vi or nano...
<logixoul> how do I remove this single hash commenting sign from there? should I use ed? :)
<logixoul> hm, maybe I'll backup the file and `cat` the line in there
<_ruben> you're not in the right environment .. as in: not in your installation .. you should mount your installation under /mnt and do chroot /mnt
<micheluntu> hi all, I have a question about hot to configure apache2 to listen on IPv6 address
<logixoul> _ruben: no, actually I was asked whether I wanted "prompt in the livecd fs" or "prompt in the installation fs" or a few other things and I selected the installation fs. /home/myusername exists, so it's the right place.
<ScottK> foolano: Have you considered an anti-spam module to go with your Postfix stuff?  I was reviewing the amavisd-new docs last night and there is some serious potential for complexity in it, but it's very powerful.
<ScottK> foolano: I think with that plus spamassassin and clamav you'd have a very powerful feature.
<foolano> ScottK: we have that already
<foolano> exactly that
<logixoul> _ruben: so I uncommented the line, but "apt-get update" returns with no visible delay and "apt-cache search linux-386" still returns nothing.
<foolano> ScottK: we have to add greylisting and rework the UI
<ScottK> foolano: Interesting.
 * ScottK hadn't looked.
<ScottK> foolano: The new version of amavisd-new I uploaded last night has some significant additions too.
<logixoul> _ruben: I'll try booting with the proper network interface this time, so I can get the package from the online repos
<foolano> ScottK: cool, i'll look at it soon
<ScottK> foolano: Which greylisting implementation do you intend to support?
<foolano> ScottK: we don't know yet, some users have proposed a few but we haven't made our mind up yet. We would like to hear from people who are actually using it. So any idea/recommendation is very welcomed
<foolano> ScottK: by the way, I would like to ask you a couple of things about postfix that I still have to work out in our ebox-mail package
<ScottK> foolano: I'd suggest writing the ubuntu-server ML about what greylisting people use.
<ScottK> foolano: Sure.  Ask away.
<ppp> Hiyas :) Basically I just want to allow tcp port 9000 from 192.168.10.3 only in UFW :) Anyone know the command?
<ppp> sudo ufw allow 9000/tcp from 192.168.10.3 wasnt happy :)
<ppp> I figured it - sudo ufw allow proto tcp from 192.168.10.3 port 9000
<ppp> thanks anyway
<foolano> ScottK: i'm working on something else right know. If it's fine i'll bother you with those questions later
<foolano> s/know/now/
<ScottK> Sure.  Anytime I'm around.
<logixoul> _ruben: neither network interface seems to work now, but in the previous dapper install (which someone else did) it worked. I'm trying to configure the network now...
<micheluntu> is anyone using apache2 on IPv6?
<logixoul> _ruben: I managed to get it working with the "generic" kernel. thanks for the help!
<lukehasnoname> good morrow to thee Britons
<jjesse> lol
<jjesse> good mornng lukehasnoname
<Brazen> Are you saying we have bad teeth?
<lukehasnoname> I've heard y'all do
<lukehasnoname> bug #2
<Brazen> ha, nice
<lukehasnoname> ok when I think of "load balancing" I think of auto-live-migration between physical hosts for best utilization of resources
<lukehasnoname> am I correct in that assumption?
<The_ZoRo> usually, no. It means to split inconning requests between backend servers
<The_ZoRo> what you are thinking of is HA :)
<The_ZoRo> High availability :)
<lukehasnoname> I see
<_ruben> its not even HA .. the only example of what was described is the VMware's DRS functionality
<_ruben> HA is usualy just failover from one node to another when the first crashes
<lukehasnoname> so only VMWare's tools can do that?
<lukehasnoname> Cause that's an awesome feature. Of course, that comes AFTER we get a VM manager gui, and AFTER that gui can do manual live migration
<Brazen> yes, you are describing VMWare's DRS, which is basically a sort of virtual machine load balancing.  I remember reading either Emo or oVirt (or both) is going to support similar functionality.
<jjesse> are you talking about the ability to move physical machines to virtual machines and back again?
<jjesse> cause symantec has a product taht can do p to v and v to p
<jjesse> for recovery
<jjesse> its pretty cool
<jjesse> but nothing open that i'm aware
<lukehasnoname> no,
<lukehasnoname> I'm talking about... hold on I'll get link
<lukehasnoname> http://www.vmware.com/products/vi/vc/drs.html
<jjesse> that looks cool
<lukehasnoname> yes, yes it does
<lukehasnoname> Once live migration gets managed, I wouldn't think DRS would be hard
<lukehasnoname> It's simply automating the LM process, triggered by comparing CPU cycles
<lukehasnoname> more or less, Iwould think, maybe <_<
<lukehasnoname> Man, it dies in the Ubuntu channels sometimes, across the board
<lukehasnoname> http://xkcd.com/233/
<sommer> poor littlefoot :(
<Brazen> !test
<ubottu> Failed!
<zul> mathiaz: ping! can you have a look: people.ubuntu.com/~chucks/ldap-sru.diff thanks
<lukehasnoname> Good read
<brewmaster_> anyone know if i can tell if my site is blacklisted by corporate firewalls?
<lukehasnoname> what site
<brewmaster_> www.montrealvip.com
<lukehasnoname> is it work-safe?
<brewmaster_> yeah
<brewmaster_> though it could be confused for not being work safe
<brewmaster_> i remember my mom seeing it for the first time and saying "oh my, this looks like a gentleman's club" --> I still don't know what that means...
<thenewguy> hey guys, how can i configure phpmyadmin to work over ssl
<sommer> thenewguy: there's some information in the server guide about configuring apache for ssl: https://help.ubuntu.com/8.04/serverguide/C/httpd.html
<thenewguy> sommer: Thanks i have done that, but do i need change anything pma
<sommer> pma?
<sommer> phpmyadmin is simply a website so if you configure apache to use ssl then phpmyadmin will use ssl as well :)
<sommer> er web application to be more accurate heh
<thenewguy> hmm thanks
<sommer> and you access the site using https://yousite/phpmyadmin (or whatever url you use)
<melter> is there any way to control on which drive the installer puts the mbr?
<lukehasnoname> it puts it on either root or boot partition's drive, I would guess. In that sense, yes.
<Indiana> Hi all, my server had generated many empty UDP packages to a single ip. rkhunter and chkrootkit doesn't show any (unknown) warnings. Also top (atop) doesn't show any unkown prozess.
<Indiana> Any idea or method to find out more?
<melter> lukehasnoname, so whichever drive has the /boot partition has the mbr?
<lukehasnoname> I don't know, that's an educated guess
<ScottK> In case there is any confusion on the point: I am not a free private help service.  Please don't PM me with questions about how to do/fix stuff.
<lukehasnoname> I dare to assume that is not the first time it's occured
<jambooda> Hey All,  Is there a reason why Ubuntu Server 6.06.2 will install on my Dell R805 but Ubuntu Server 8.04 won't?
<jambooda> I tried multiple CD's for hardy and nothing
<lukehasnoname> what sort of errors?
<jambooda> it gets to the where it says "ISOLINUX Debian ....."
<jambooda> then its supposed to say Loading ......
<jambooda> but doesn't get to that point
<jambooda> no errors
<jambooda> just hangs
<jambooda> it goes through just fine with Dapper release 2
<lukehasnoname> I assume you verify the CD integrity
<jambooda> well i tried multiple cd's but did not check to see if any of those cd's will install on another machine
<jambooda> will do that now
<jambooda> it was the cd
<jambooda> thanks..nevermind
<ghaleb> hello, I need to install gnome to my ubuntu hardy server
<ghaleb> but it couldn't be
<ghaleb> failed by deps
<ghaleb>  gnome: Depends: gnome-desktop-environment (= 1:2.20.2.2) but it is not going to be installed
<ghaleb> E: Broken packages
<thenewguy> u are installing it using apt-get?
<zul> sudo apt-get install ubuntu-desktop should do it
<Xcaliber009> <---- looking for help setting up apache and exim4 on a server, having problems with setting up an FQDN and not sure why
<Xcaliber009> constantly getting a "cannot resolve <hostname> when restarting apache2 and exim4 after editing conf files
<ScottK> Xcaliber009: Is this static or dynamic assignment?
<Xcaliber009> ScottK: Static- It's sole purpose for now is to run a mailing list through mailman
<ScottK> Xcaliber009: Please pastebin what's in /etc/network/interfaces
<Xcaliber009> ScottK: it already has a static IP address via the web (68.189.29.73), the "It works" page shows up, but the DNS hasn't been resolved yet
<Xcaliber009> ScottK: but that's another issue entirely
<Xcaliber009> ScottK: one moment
<ScottK> OK.  Is the hostname correct there too?
<Xcaliber009> ScottK: I have the hostname from godaddy.com as mailman.velociter.net, the hostname on the box is mailman and the domain is velociter.net
<ScottK> What does uname -a on the box tell you?
<ScottK> Err... hostname -f
<Xcaliber009> Unknown Host
<ScottK> How about just hostname
<Xcaliber009> mailman
<ScottK> Now, how about /etc/network/interfaces please?
<Xcaliber009> I'm not sure how to paste it, im IRC via my kubuntu laptop
<Xcaliber009> i can give you line-for-line though
<ScottK> OK.
<ScottK> Wait one.
<Xcaliber009> I've got a thumb drive, so i'll try that
<ScottK> No rush.
<ScottK> I'm looking for a bug.
<ScottK> I want to make sure I remember correctly before sending you on a hunt.
<Xcaliber009> auto lo
<Xcaliber009> iface lo inet loopback
<Xcaliber009> iface eth1 inet static
<Xcaliber009> address 192.168.1.107
<Xcaliber009> netmask 255.255.255.0
<Xcaliber009> gateway 192.168.1.1
<Xcaliber009> auto eth1
<Xcaliber009> iface eth0 inet dhcp
<Xcaliber009> there is the text from the /etc/network/interfaces
<ScottK> Xcaliber009: Pastebin next time please.
<ScottK> !pastebin | Xcaliber009
<ubottu> Xcaliber009: pastebin is a service to post multiple-lined texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu.com (make sure you give us the URL for your paste - see also the channel topic)
<Xcaliber009> will do that next time :-)
<Xcaliber009> <--- n00b to IRC too
<ScottK> Xcaliber009: Sorry I wanted /etc/hosts.  Remembered wrong.
<Xcaliber009> ScottK: ok one moment
<ScottK> Xcaliber009: See Bug #8980
<Xcaliber009> ScottK: http://paste.ubuntu.com/19724
<Xcaliber009> how would I view that bug?
<ScottK> Xcaliber009: There's a bot that should have give a URL.  One moment.
<ScottK> https://bugs.launchpad.net/ubuntu/+source/netcfg/+bug/8980
<ScottK> What happens if you have http://paste.ubuntu.com/19725/ (that's tabs between the IP address, FQDN, and hostname.
<Xcaliber009> that seems to work, hostname -f brings up the correct alias for the IP, so now it should resolve the hostname just fine due to it being a FQDN, right?
<Xcaliber009> no longer getting that hostname errer *whew*
<Xcaliber009> exim should be able to work now as well, though I have to figure out how to configure it to talk with our outside mail server
<ScottK> Why Exim and not Postfix?
<Xcaliber009> I thought exim might be easier
<Xcaliber009> if you recommend postfix, I can easily install that
<Xcaliber009> does postfix integrate better with SMTP servers outside of the network?
<ScottK> I can't compare 'better' because I've never used Exim.
<ScottK> Postfix does have a setup option exactly for that.
<Xcaliber009> ah ok...
<Xcaliber009> will exim4 conflict with postfix if theyre both running?
<ScottK> Postfix and Exim are both supported packages, but Postfix is the primary MTA for Ubuntu.
<ScottK> Yes.  You can only have one installed at a time.
<Xcaliber009> ok one moment, i'll remove the packages
<ScottK> When you install one the other will automatically be removed.
<Xcaliber009> that makes it easier :-
<Xcaliber009> )
<Xcaliber009> any other postfix packages I should install, or just the basic postfix package?
<Xcaliber009> ScottK: I wanted the configuration for postfix as internet site, correct?
<ScottK> You want to relay your outbound mail through another server, right?
<ScottK> Xcaliber009: ^^
<Xcaliber009> ScottK: yes
<ScottK> Xcaliber009: IIRC the option you want is called internet plus smarthost or something like that
 * ScottK needs to run.
<Xcaliber009> ok... having a problem removing exim anyways, its crashing trying to remove the exim4-daemon-heavy
<Xcaliber009> restarting the server and deactivated the exim service prior too reboot
<Xcaliber009> ScottK: ok installing postfix, then installing mailman afterwards
<Xcaliber009> ScottK: That part is done and Mailman is reinstalled
<Xcaliber009> didn't bring up the configuration though for postfix
<telexicon> so that xen kernel networking bug is still not fixed?
<Xcaliber009> telexicon: it would appear that way :-)
<telexicon> >.>
<telexicon> damnit, i dont want to deal with this today
<Xcaliber009> telexicon: what seems to be the problem?
<Xcaliber009> telexicon: my error might have been different from yours, I didn't realize you'd just joined the channel
<telexicon> oh, well nothing other than 8.04 cant be a xen guest
<Xcaliber009> ie as in you can't remote term?
<telexicon> no, as in it panics on boot
<Xcaliber009> I have not witnessed that issue, however, my server is probably different than yours
<telexicon> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/218126
<telexicon> it was reported 2 months ago
<Xcaliber009> have you scrolled down through the fixes? I saw one person that was successful in using a fix to remedy the problem
<telexicon> theres a hack to make it work
<telexicon> but it'd be nice if it was put into proposed or pushed mainstream
<Xcaliber009> yeah the update manager is a bit easier to use :-)
<telexicon> no
<telexicon> its when the system goes down, and takes a bunch of core services offline
<telexicon> i dont get fired for using some hack on some bug tracker
<Xcaliber009> is this problem only in hardy?
<telexicon> yeah
<Xcaliber009> i didn't see anything about it on gutsy
<telexicon> it doesnt happen with gutsy
<Xcaliber009> do you benefit more by using 8.04 vs 7.10? I was using 7.10 until about 2 weeks ago
<telexicon> selinux actually works on 8.04
<Xcaliber009> it works on 7.10 as well i believe, just might be better to migrate back to 7.10 until the bug is resolved in the kernel
<thenewguy> have they fixed otrs
<telexicon> Xcaliber009, ive never been able to get it to work in any debian-derived system until ubuntu 8.04
<telexicon> it always explodes into a pile of nonsense on reboot when enforcing
#ubuntu-server 2008-06-13
<Techiedragon> I am having difficulty getting the wireless card i n my laptop to work right
<Techiedragon> It looks like it is activating correctly but I am unable to even ping the router...
<Techiedragon> running ubuntu 8.04server
<kgoetz> hi all. cron-apt and apt-get are disagreeing about wether a file needs upgrading or not. is this something i should be worried about? (i'm thinking security issues) http://paste.ubuntu.com/19758/
<Techiedragon> don't know - I am fighting with a wireless card
<Techiedragon> It looks like everything works; but can't even ping the router....
<kgoetz> wireless in a server?
<Techiedragon> laptop.
<kgoetz> ah right
<Techiedragon> I am trying to setup the wireless card to act as a backup for when the cats knock out the ethernet cable
<nealmcb> ï»¿yo email experts.  I'm helping folks out with a server which is currently not properly handling email, and the guy with the backup is out-of-town until tomorrow night.  I wonder if there is an easy-to-set-up "mx backup" or "mail bagging" configuration that we can set up on another machine, and redirect the mx records to the new machine and just get the new machine to spool everything for later delivery and thus prevent bounces.
<nealmcb> ï»¿ I know that dns takes time to update so for this situation it may not be appropriate, but I saw webservio's mail-bagging offering, and it got me to thinking that that would be a good service to have handy for other similar circumstances.  Can we do this with a custom postfix config?   http://www.webservio.net/hosting/mail/bagging/index.html
<Techiedragon> that and my first experience with ubuntu..... so learning experience. :)
<kgoetz> Techiedragon: i suggest buying ethernet cables with working clips ;)
<Techiedragon> kgoetz now what does that do with helping me learn about setting up the wireless card???
<kgoetz> Techiedragon: it will help you avoid it : D
<Techiedragon> I was taking unix in college (went back to school ) - I installed ubuntu on a USB HD so that I could work both at home and at school.
<Techiedragon> I have to use Windows for everything else
<Techiedragon> kgoetz that doesn't really help
<kgoetz> oh well. you win some, you lose some.
<keithclark> hey everyone!  I seem to be having a problem accessing a usb drive via an ssh session with nautilus.  It won't mount the drive.
<keithclark> It just gives the following error:
<keithclark> A security policy in place prevents this sender from sending this message to this recipient, see message bus configuration file (rejected message had interface "org.freedesktop.Hal.Device.Volume" member "Mount" error name "(unset)" destination "org.freedesktop.Hal")
<keithclark> Sorry, that did not work.....here is the error:
<keithclark> A security policy in place prevents this sender from sending this message to this recipient, see message bus configuration file (rejected message had interface "org.freedesktop.Hal.Device.Volume" member "Mount" error name "(unset)" destination "org.freedesktop.Hal")
<sommer> keithclark: seems like an issue with nautilus to me... have you tried mounting the drive via cli?
<keithclark> sommer: No.
<keithclark> sommer: I would rather use nautilus and dragging and dropping files is way easier than the cli equivalents
<keithclark> sommer: and more efficient
<sommer> keithclark: gotcha, not sure what to try myself, you might also ask in #ubuntu
<keithclark> sommer: as soon as you mention ssh sessions, they point to here.
<sommer> heh, you might just give it some time then... someone else may know, but one thing that does come to mind is policykit
<sommer> haven't dealt with it myself, but you might need to adjust settings regarding that
<keithclark> sommer: yeah, I have a lot to learn.
 * sommer doesn't really use nautilus for much
<yell0w> !5
<ubottu> Factoid 5 not found
<yell0w> oops
<Buzz_> [05:25] <Buzz_> i have a celeron based fileserver. when doing a network transfer from it, i get speed like 5mb/second. If i run something like "cpuburn" on the machine the speed increases. I assume the cpu is entering some acpi sleep state which is affecting network speed. Has anyone else had similar problems and is there a workaround ?
<Buzz_> ignore me.. i think ive solved it
<Buzz_> i accidently had enabled p4-clockmod. oops
<Buzz_> (doh)
<spiekey> Good morning Ubuntu!
<spiekey> has anyone an idea about my Blue-Ray device? https://lists.ubuntu.com/archives/ubuntu-server/2008-June/001683.html
<spiekey> looks like i just dumped 250â¬ :-/
<LMJ> hi spiekey : sorry, I can't help you neither :-/
<spiekey> okay, thanks :-(
<kraut> moin
<emgent> heya
<sommer> yo
<J_P> hi all
<J_P> people, what fiel configuration I need change to change value for "systems has mounted 30 times, check forced" ?
<spiekey> has anyone here got egroupware with smbldap-tools running?
<mysterycool> Lol, hi. :p
<RaceKondition> hi :P
<RaceKondition> is it safe to dist-upgrade a live server running Gutsy to Hardy?
<RaceKondition> should I remove some packages beforehand or is it safe to just run aptitude dist-upgrade as is?
<LMJ> hello RaceKondition
<LMJ> RaceKondition : are you more a apt-get or aptitude guy .
<LMJ> ?
<RaceKondition> aptitude
<RaceKondition> but I chose the do-release-upgrade tool for the job
<RaceKondition> and I'm running the upgrade now
<LMJ> good, you should have not a lot of package orphaned, right ? (deborphan)
<RaceKondition> you mean dependency conflicts or what?
<RaceKondition> because I had none
<RaceKondition> at least not that I know o
<RaceKondition> f
<RaceKondition> I've been using aptitude since day 1 so everything should be well-managed
<LMJ> good
<LMJ> you can run a dist-upgrade but take some time to check whatever package is removed forever or so
<LMJ> except bad surprise, most of the upgrade I've did went fine
<RaceKondition> LMJ: do-release-upgrade told me it would remove 3 packages none of which are necessary
<LMJ> should be ok
<RaceKondition> I can't figure out whether to keep the old /etc/apache2/mods-available/fcgid.conf or use the new one
<LMJ> are you using this feature or not? did you ever modified it?
<RaceKondition> I guess I didn't modify it
<RaceKondition> if I decide to keep an old version of a configuration file, can I somehow check out the new one after the upgrade?
<LMJ> You can also check a diff between the 2 version, if you choose to overwrite it, it will rename your conf with .dpkg-old or so
<lukehasnoname> Why don't people tell you to use "apt-get autoremove" when uninstalling?
<LMJ> aptitude purge ;)
<RaceKondition> looks like the upgrade was a success. rebooting right now
<RaceKondition> and... everything looks fine
<RaceKondition> other than the apache2-mpm-itk package still being not installable...
<LMJ> sound good ;)
<lukehasnoname> Anyone know how to crack a BIOS password without using a floppy drive or opening the case?
 * _ruben always used the 2nd option..
<lukehasnoname> it's a laptop, and I didn't want to do that. I'm also reading that the Phoenix TrustedCore BIOS doesn't have backdoor pws
<lukehasnoname> and I have to reboot after three unsuccessful tries, which slows down my guessing
<Deeps> opening up a laptop isn't that scary
<Deeps> or infact, scary at all
<InsomniaCity> lukehasnoname: I doubt they'd give them to you even if it did :)
<lukehasnoname> InsomniaCity: Many backdoor pws are on the net. In any case, none of the default phoenix ones worked.
<ScottK> mathiaz or dendrobates: I made https://blueprints.launchpad.net/ubuntu/+spec/amavisd-dkim last night.  Is that enough information or do you want the whole wiki spec template for that?
<kees> good mornin'
<lukehasnoname> good morrow
<ScottK> Good morning kees.
<ScottK> clamav security updates *cough*
<kees> ScottK: yes!  thanks for the reminder.  I was swamping with X.org update regression testing.
<kees> and I know emgent has a few waiting as well.  (/me wants security-in-soyuz so badly)
 * ScottK too.
<ScottK> With the same clamav in all 4 supported releases, figuring out patch is pretty trivial.  Getting it published is definitely the long pole in the tent.
<ScottK> kees: Would it be sensible for me to have access to your clamav regression tests so I can pre-test stuff?
<kees> ScottK: absolutely (and you do) https://code.edge.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master
<kees> see scripts/test-clamav.py
<ScottK> kees: Thanks.
<kees> ScottK: no problemo
<kees> ScottK: what would rock is to add tests for each CVE that comes through (though it's obviously not always possible)
<ScottK> Let me get up to speed on running the tests and then I'll consider adding stuff.
<ScottK> It'd help if clamav were a little more open about what exactly they were worried about.
<dendrobates> ScottK: If it is trivial to implement, you can leave out the spec wiki.
<ScottK> dendrobates: It's 3 MIRs and a small config file change.  I'd call that trivial.
<ScottK> dendrobates: I am very interested in feedback on https://blueprints.launchpad.net/ubuntu/+spec/server-flavors - It's mostly done now (the spec anyway).
<J_P> hey all, what package I need install to works for when I press button for shutdown system eill be halt automacally, without halt command ?
<Kamping_Kaiser> you dont need speical packages?
<Kamping_Kaiser> s/?//
<J_P> Kamping_Kaiser: what I need so ? I try press here, and not shutdown... :-(
<Kamping_Kaiser> J_P, what ubuntu release?
<J_P> VK5FOSS: is Ubuntu server 8.0.4!
<VK5FOSS> J_P, 8.04 (fwiw). it uses upstart, i'm not sure how you handle the shutdown thing (traditionally you'd look at /etc/inittab)
<InsomniaCity> sounds like there's something stopping it shutting down...
<J_P> VK5FOSS:  ubuntu 8.04 don't have ï»¿/etc/inittab
<InsomniaCity> have seen that on other distros.
<VK5FOSS> J_P, no it doesnt, as a result of upstart (basically, i dont know how how to configure it)
<J_P> :-(
<J_P> VK5FOSS: I find this http://gentoo-wiki.com/HOWTO_Shutdown_headless_server_when_power-button_pressed#Shutdown_a_headless_server_when_power_button_pressed  is for gentoo, but may be explain for ubuntu
 * VK5FOSS waits for link to load
<mathiaz> J_P: try to install the acpid package
<J_P> mathiaz: yes, I install it and works :-)
<thenewguy> hey guys how do force phpmyadmin to run under ssl
<leonel> thenewguy: set the directory with a redirect to  https
<thenewguy> leonel: how do i do that
<rainerf> hi all! i was wondering if there is a way to install ubuntu-server to a degenerate raid...?
<leonel> thenewguy: take a look at this : http://spellbook.infinitiv.it/2006/05/25/redirect-your-http-traffic-to-https.htm
<rainerf> i ordered 3 hdds, one of which is DOA... still, i'd like to install my server, and plug the third drive in as soon as it's replaces.. since i'm only going to use raid1 and 5 this shouldn't be a problem with linux's software raid, but i can't get the installer to create the raid on just two disks...
<LMJ> thenewguy : on the config option, under ssl, you can force it to use SSL
<rainerf> i meant to write replaceD, of course ;)
<LMJ> thenewguy : Webmin Configuration > SSL > Enable SSL if available?  <- Yes I guess here ;)
<thenewguy> leonel: LMJ: thanks guy i shall try that
<thenewguy> so i had a question, is there any difference in running ubuntu desktop with LAMP on it verse using ubuntu serve
<thenewguy> i like the gui, is there any security diff
<thenewguy> or speed
<ScottK> More packages == More Security risk.
<ScottK> Desktop is very heavy weight compared to server, so it will slow things down.
<ScottK> Server has a different kernel that's more tuned for server work.
<thenewguy> yaa but most on the time i will not be logged in
<ScottK> Yes.
<thenewguy> ok so the kernel is different
<ScottK> Logged in or not, there is still stuff running unless you modify it.
<ScottK> You might look into ebox if you want something GUI like on your server.
<thenewguy> wat about if i install server then use apt-get to install desktop is that better
<ScottK> That would get you the server kernel, but the other stuff is the same.
<thenewguy> is ebox like webmin
<thenewguy> ahh ebox is pretty, i shall look into it
<thenewguy> thanks for the help ScottK
<Centaur5> If a server has 2G ram is it best to not have a swap partition? Basically I put vm.swappiness=0 but it still starts swapping when only 700 mb of ram is used which doesn't make sense.
<thenewguy> Centaur5: https://help.ubuntu.com/community/SwapFaq "swappiness=0 tells the kernel to avoid swapping processes out of physical memory for as long as possible"
<thenewguy> "Reducing the default value of swappiness will probably improve overall performance for a typical Ubuntu desktop installation. A value of swappiness=10 is recommended, but feel free to experiment. Note: Ubuntu server installations have different performance requirements to desktop systems, and the default value of 60 is likely more suitable."
<erichammond> Centaur5: The RAM and swap requirements may vary depending on the particular server needs and applications running on it.  On some servers I prefer that the software be killed than be swapped, so I don't use swap, but that's not appropriate for all situations.
<Nico_> :
<Nico_> I need help finding an Linux program, Does anyone remember the member:name of that program which is a Frontend program for downloading the top linux apps???Â  It is a graphical front end, and has catagories likeÂ  " Games,Â  Audio Apps, Internet Apps", and the program just downloads them for you
<Centaur5> erichammond: Okay, I just thought that ratio seemed rather odd cause when that much memory is free I would think it would continue filling the memory rather than swapping.
<erichammond> Centaur5: Since I generally run without swap, I'm not much of an expert on swap behavior :)
<psufan> anyone to make the install cd just drop to a shell and then do nothing else
<psufan> in a kickstart
<[mad]Berry|Lappy> hey guys i'm trying to get wpa_supplicant to work on a laptop with hardy but the daemon doesn't seem to start any ideas?
<Centaur5> erichammond: I think I'll just go without swap then. I didn't put that much ram in to not have it used.  :)
<erichammond> Centaur5: Note that there is "used" and there is "used" when talking about RAM.  Having lots of "free" ram being "used" by cache is often a very good thing for performance, especially with databases.
<jambooda> Does anyone have any idea how to go about monitoring my RAID on a Perc 6/i or Perc 6/E controller?
<jambooda> i'm trying to query smart values from the controller using smartmontools and no dice
<Centaur5> erichammond: Let's say in the case of a desktop used for web browsing and office apps with 512 ram using 200 on startup and starting to swap at 300 "used" with just a few applications open. Do you think that machine could do without swap?
<jambooda> Dell is telling me they don't support Ubuntu Server so they can't help
<jambooda> anyone?
<intermediavishnu> is there is any diff between ubuntu and ubuntu server
<hads> The same actual packages, just a different set.
<Deeps> different default kernel
<intermediavishnu> you mean the softwares
<intermediavishnu> KDE or gmome
<hads> Typically a server wouldn't have either.
<intermediavishnu> then how will they work
<Deeps> you can install them if you want to
<Deeps> but server isnt installed with any gui by default
<Deeps> as there arent many gui tools to control a server, mostly command line or web based
<intermediavishnu> ok
<intermediavishnu> i want to study Computer hardware & networking
<intermediavishnu> is the linux networking good
<Deeps> intermediavishnu: speak to InsomniaCity about that, he's here too
<Deeps> pm him if he doesn't reply in here
<InsomniaCity> intermediavishnu: well, I'd say if you're looking to study it
<InsomniaCity> you'd want to look at all OSs
<InsomniaCity> but yeah, as far as I know Linux networking is very good quality.
<intermediavishnu> is all linux netwoking same or i have to choose the os
<InsomniaCity> Different distributions configure networking in slightly different ways, but most have tools and so on to help you
<InsomniaCity> But under the cover, yeah, Fedora networking is the same as Ubuntu.
<intermediavishnu> ko
<intermediavishnu> ok
<intermediavishnu> does linux contains the command ping
<InsomniaCity> yes
<keithclark> Is it possible to start an ssh session from windows and run an application?
#ubuntu-server 2008-06-14
<a13x> thanks for helping me out with my broken server, turns out the processor was busted
<emgent> kirkland: here?
<teamcobra> anyone here use ubuntu 8.04 as a xen dom0?
<thenewguy_> this might help http://www.howtoforge.com/high-performance-xen-on-ubuntu-8.04-amd64
<teamcobra> thanks, reading it now :)
<teamcobra> d'oh
<liassist> hello, i need to setup a dia-up ppope interface on the ubuntu server on the lan card eth0
<airstrikeivanov> Hello everyone
<airstrikeivanov> I have recently reinstalled my server, but my new hard disk reports:
<airstrikeivanov> ata1.00: status: { DRDY ERR }
<airstrikeivanov> Any way to fix it?
<geegollygauche> anyone arownd?
<FuRom> Hey, does anyone know of a good way to estimate a site's download speed?
<geegollygauche> how do you mean furom?
 * delcoyote hi
<LMJ> hi
<Techiedragon> I have been pulling my hair out - when ever I run wpa_cli I get could not connect to wpa_supplicant retrying
<Techiedragon> greets JanC
<osmosis_> I broke my munin server install by  rm -rf /var/lib/munin/*   Now my munin-update.log says    ERROR: Could not rename file: No such file or directory.   Any ideas?  Can i use apt-get to reload the default files or something?
<osmosis_> help
<osmosis_> Jun 14 09:45:23 [6258] - INFO: Changing type of thing.com -> host.thing.com -> apache_processes -> busy80 to GAUGE.
<osmosis_> Jun 14 09:45:23 [6258] - ERROR: Could not rename file: No such file or directory
<osmosis_> munin error
<osmosis_> can someone paste a working munin-update.log for me so I can see what its suppose to look like?
<asisak> osmosis_: what about you create an empty dir /var/lib/munin? (and chown it to munin:munin)?
<osmosis_> asisak: yah, did that already.
<osmosis_> asisak: munin is actually creating some files in there already
<asisak> oh I see
<osmosis_> asisak: and all permissions look okay
<osmosis_> i have the web page being generated, no graph
<osmosis_> errors look like this
<osmosis_> http://dpaste.com/56609/
<asisak> This ERROR you cited seems pretty weird, error log does not say anything at all
<asisak> Can you reach your munin-node?
<asisak> E.g., telnetting to port 4949
<osmosis_> asisak: yah, that part works fine.
<asisak> Can you also query plugins (i.e., do they provide data)?
<osmosis_> asisak: i telnet'd to the hosts and all.  munin-update log shows all the connections working fine.  at the end of each run though, it spits out those errors and never prints the finished msg.
<osmosis_> asisak: via telnet, yes plugins provided data
<osmosis_> asisak: the only thing that has changed in my environment was that I  did a  rm -rf /var/lib/munin/*  on the server.
<asisak> That should not hurt
<osmosis_> asisak: i didnt think so. thats why I did it.
<asisak> (except for losing previously acquired data)
<osmosis_> asisak: well, i actually did a  mv, so I have all the old files still
<osmosis_> asisak: check out the diff  http://dpaste.com/56610/
<asisak> Well, looks very weird
<asisak> Sure that munin:munin is the owner of /var/lib/munin?
<osmosis_> asisak: yup
<asisak> Okay
<osmosis_> munin-update.stats  never gets created. just a tmp.
<osmosis_> and datafile doesnt exist
<osmosis_> dont know what those files do
<asisak> I try to have a look at a working installation
<osmosis_> asisak: yah, i dont know what else to try. guess I could just put the old files back.
<asisak> BTW why did you delete them?
<osmosis_> asisak: i wanted to reset the data
<asisak> It seems that 'datafile' and 'munin-update.stats' both are refreshed
<asisak> I guess it is enough to delete the directories
<asisak> I am almost sure, actually
<osmosis_> asisak: maybe i can try that
<osmosis_> asisak: i even tried a  apt-get remove munin; apt-get install munin
<asisak> You might only copy datafile, munin-update.stats and munin-graph.stats back
<osmosis_> asisak: that didnt seem to do anything. maybe i need to  dpkg --reconfigure or something like that ?
<asisak> And check if it works again
<osmosis_> asisak: i put back the old files and it looks like the errors are gone now.
<osmosis_> asisak: no new graphs yet, but the errors are gone
<osmosis_> okay, now I have graphs too
<osmosis_> good thing I saved the files. :)
<asisak> Yep, sure :9
<asisak> I am not aware of your TZ but, the link you sent me (in private) seems to be okay for me
<osmosis_> asisak: good idea on just deleting the rrd files. that might do what I need
<asisak> I did that some times :)
<osmosis_> i wonder if a apt-get reconfigure command would have recreated the missing files for me. hmm.
<osmosis_> since this channel is DEAD, guess we'll never know.
<asisak> It is not dead
<asisak> Actually it is pretty much Saturday everywhere
<osmosis_> hehe, most of the other hardcore channels stay strong through the weekend. no that thats healthy or anything, but its hardcore.
<asisak> :D
<osmosis_> there are dudes who are like there 24-7 answering questions i swear
<osmosis_> i go away for 12 months, come back...they are still there. amazing. :)
<asisak> 12 months?
<osmosis_> yah, like a break. go outside. get some sun. ya know.
<osmosis_> come back, all kinds of new software to learn.
<asisak> Sounds cool
<osmosis_> asisak: do it while you can. now im in a fast paced 9-5 director of development position.
<jambooda> Does anyone know how to update megaraid on ubuntu server 8.04
<jambooda> the one that it ships with is an older version that isn't fully compatible with my Perc 6i raid controller
<jambooda> Dell released an updated version but its an rpm package
<jambooda> does anyone have any experience with this?
<sayotte> is there a way to restrict ubuntu's nfs-kernel-server to NFSv3 or below?
<sayotte> I am having trouble getting a network install over NFS to work and need some insight into what's going wrong, but ethereal can't decode NFSv4
<sayotte> really what I'm aiming for is to figure out the absolute path of the file it's trying to find
<sayotte> I know the relative path is valid somewhere, but I'm not sure what it's mounted
<sayotte> and showmount -d lies in nfs-kernel-server
<Kakurady> I installed LAMP on Ubuntu-server. But /var/www/ is owned by root:root, and I want to write to it somehow (and allow PHP to write to it too).
<thenewguy> Kakurady: it should be owned by www-data i think
<sayotte> Kakurady: make apache run as user "www" or somethhing similar
<sayotte> and change the group-ownership
<sayotte> make the directories setgid and group-writeable
<thenewguy> use sudo to write to it more make it urs with chown
<sayotte> he wants PHP to be able to write to it
<Kakurady> Okay, and how do I add myself to www-data?
<sayotte> edit /etc/group and add yourself to the line for www-data
<Kakurady> ... is there any other way...?
<sayotte> I'm sure there is some hamstrung half-assed GUI tool out there
<sayotte> if that is what you're asking
<sayotte> if you want to do it programmatically I think you'd call "id <user>" to ge ta list of current groups, then use "usermod <user> -G<group list, including the new group>"
<sayotte> or were you even asking if there is any other way to add someone to a group?
<sayotte> there are other ways to make the directory writeable
<Kakurady> I meant GUI, but command line is fine too,
<Kakurady> though modifying seemed to work...
<sayotte> :)
<Kakurady> Nautilus still won't let me write in it.
<sayotte> try this on a command-line: touch /var/www/blahfile
<sayotte> if that succeeds, it's a Nautilus problem
<sayotte> if not then you still don't have write permission
<Kakurady> Nope, can't create empty file.
<Kakurady> Neither does mkdir work...
<sayotte> ok do: ls -l /var | grep www
<sayotte> and then do: id <your username>
<Kakurady> Did all those already
<Kakurady> drwxrwxr-x  3 www-data www-data 4096 2008-06-14 15:49 www
<Kakurady> uid=1000(nekoyasha) gid=1000(nekoyasha) ç»=1000(nekoyasha),4(adm), ..., 33(www-data), ...
<sayotte> well that's odd... try logging out/back in? or reconnecting if you're on a shell
<sayotte> I wonder if he just found a really obvious solution and left immediately
<sayotte> or if he's just logging out/in
<Kakurady> Yes, it works now.
<sayotte> excellent :)
<sayotte> did you have to log out/in to make it work?
<Kakurady> Yeah.
<Kakurady> ... but Apache can't open what I throw into /var/www ...
<Kakurady> Oh
<sayotte> ps -ef | egrep 'http|apac'
<Kakurady> Nev
<Kakurady> nvm
<sayotte> ok
<Kakurady> Maybe I should just let it run under my user/group since I'm probably only running this for myself.
<sayotte> I'm just guessing here
<sayotte> but I bet that whatever user apache runs as by default has a restricted or invalid shell
<sayotte> expressly for security reasons
<Kakurady> www-data:x:33:33:www-data:/var/www:/bin/sh
<Kakurady> Even nobody has a valid shell...
<sayotte> I can't help you any more right now, but my vote is "no" to making apache run as your user
<sayotte> it's a really bad habit to get into
<sayotte> and whatever is holding you up is probably something small
<sayotte> that you will find after a bit more investigation
<sayotte> you're close at this point
<Kakurady> Yeah...
<Kakurady> I think I need to search the forum for this, but basically, every file I copy into /var/www gets owned by nekoyasha:nekoyasha, not www-data:www-data.
<sayotte> chmod g+s /var/www
<sayotte> for that matter
<sayotte> chmod -R g+s /var/www; chgrp -R www-data /var/www
 * Kakurady facepaws
<Kakurady> Thanks...
<thenewguy> wat does g+s do
<Kakurady> +s = sticky, I think...
<thenewguy> ahh and wat does chgrp do
<sayotte> for directories g+s makes any file created in that directory be owned by the group that owns the directory
<sayotte> for executable files g+s makes the program take on the group that owns the program, rather than the group of the person who ran it
<sayotte> and chgrp changes which group owns a file or directory
<thenewguy> is it bad to make /var/www user right able so it is essier to put files on it
<thenewguy> write*
<sayotte> it is bad to make apache run as a normal user, and in particular to make it run as the primary user on a system
<air-wolf-000> THIS is magpy need a bit of server side get_browser advice, any one at home
<trappist> I think I'm pretty close to getting sasl auth to work, but I'm stuck on this: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
<trappist> I de-chrooted postfix, added postfix to the sasl group, and checked the perms on /var/run/saslauthd
<trappist> what could I be missing?
<sommer> !serverguide
<ubottu> Factoid serverguide not found
<sommer> trappist: the serverguide has a section on postfix and configuring it to use dovecot sasl: https://help.ubuntu.com/8.04/serverguide/C/postfix.html
<sommer> trappist: but if you need to use cyrus sasl you might double check that the postfix user is in the sasl group (or whatever group owns the sasl dir)
<trappist> sommer: I'll check out the howto... postfix is in the sasl group
<trappist> what differences are there between dovecot sasl and cyrus that I would need to use cyrus?  I'm trying to auth against system accounts, if that makes a difference
<sommer> there's not much that I know of... more apps use cyrus at the moment, but the good thing about dovecot sasl is that you can leave postfix in a chroot and still use it
<trappist> I've successfully used cyrus with postfix chrooted too, it's just more work
<sommer> with cyrus you to use postfix in a chroot you have to change it's directory which can cause issues with other apps, but depending on your server that may not be a problem
<trappist> yeah I won't have anything else using sasl for authentication
<sommer> I take a look at dovecot sasl it's pretty easy to setup
<trappist> I got a guy in #postfix who's maybe onto something, I'll definitely check out dovecot if he runs out of ideas, thanks for the link
<jambooda> Hello,  Has anyone had any experince with Ubuntu Server 8.04 and the Perc 6i/6E RAID controllers?  In particular the megaraid drivers
#ubuntu-server 2008-06-15
<pteague> i'm having issues setting up suphp on apache2... it doesn't seem to like "suPHP_UserGroup user group" in the vhost & removing it seems to write files that are www-data:group ...
<sayotte> this is very helpful for debugging NFS, particularly item #24
<sayotte> http://stromberg.dnsalias.org/~strombrg/NFS-troubleshooting-2.html
<jambooda> Hey has anyone successfully installed megaraid 00.00.03.16 on ubuntu server 8.04?
<jambooda> is anyone in here running ubuntu server on dell hardware using perc 6i?
<jambooda> is anyone even running it in an enterprise level environment?
<jambooda> is anyone running it period...this channel is DEAD
<Twigathy> 0xDEADC4AN
<Twigathy> And nope, sorry. I use onboard sata and a pair of dirt cheap chinese siI cards
<jambooda> that def sucks..I've pretty much resigned myself to moving to CentOS since I hear it works just fine
<jambooda> ubuntu is great on the desktop but they're dragging their feet on the server end it seems
<hads> Works fine for us
<sayotte> jambooda: I've seen it deployed by some application service providers
<sayotte> but not really large ones who need someone's monetary neck to wring if it goes wrong
<jambooda> those app service providers aren't giving back to the community then because i've been tyring to find info for two days on how to upgrade the megaraid drivers and nada
<jambooda> the drivers ubuntu server ships will isn't adequate for the perc 6i raid controllers
<jambooda> there are issues under heavy load
<sayotte> maybe
<sayotte> you shouldn't be using Dell hardware in your Enterprise Level Environment
<jambooda> haha
<sayotte> but I won't suggest Ubuntu would be any better on different hardware
<jambooda> is that so
<jambooda> what should I be using then?
<sayotte> if you're asking seriously, I will in all seriousness recommend HP, IBM or Sun
<jambooda> to me that's an easy way to brush the problems to the side by saying you shouldn't be using x hardware
<sayotte> no, I'm not brushing it aside
<sayotte> I'm not suggesting Ubuntu would be fine if you just weren't using cheap hardware
<sayotte> I'm not
<sayotte> it's just a "while you're at it..." comment
<sayotte> there might be a correlation, since if you weren't on Dell hardware you wouldn't be dealing with their annoying-ass PERC controllers
<jambooda> dude the amount of money I spend on my hardware is definitely not cheap
<jambooda> furthermore if its good enough for redhat and suse to support it fully then why not ubuntu
<sayotte> how many hundred grand per machine? it's not cheap to *us* because we're individuals, but it's cheap in the world of enterprise hardware
<jambooda> i'm a little peeved because I was looking forward to installing ubuntu solely in my environment but so far the support I've gotten from the community and ubuntu hasn't been much
<sayotte> bottom line: if you need a Supported Linux Platform, you need to be talking to a Linux Vendor
<sayotte> and Ubuntu is not a linux vendor
<jambooda> now I need to move to another distro that i'm not really familiar with and have no interest in using
<jambooda> kinda sucks
<sayotte> yeah I feel ya
<sayotte> I run Ubuntu for all the interesting machines I have outside of work (the application servers anyway)
<sayotte> at work I run mostly Solaris
<sayotte> but we've started rolling out Linux machines recently because our customers want us to support that
<sayotte> they asked, we recommended some debian distribution because they don't suck
<jambooda> i see...well I guess Ubuntu is going to remain a fun OS to use and not one to be taken seriously
<sayotte> we didn't recommend SuSE only because the Novell/MS thing is making that distro a little annoying
<sayotte> so, inevitably, we ended up on Redhat
<jambooda> you want a serious distro go redhat, suse
<jambooda> heck even centos
<sayotte> yeah pretty much
<sayotte> it's sad that the best software available is usually *not* what we get to use where it would do the most good
<sayotte> but that's not the measuring stick... the measuring stick is the availability of 1000 goons to show up at your site and fix whatever is wrong, as agreed upon in a support contract, when everything blows up all of a sudden
<jambooda> true indeed
<sayotte> :(
<jambooda> anyway thanks for the chat..gotta do some research on some serious vendors
<hads> haha
<Brazenn> Ubuntu may not be a linux vendor, but Canonical is!
<robvdl> Is there a way to ensure that daemon1 starts before daemon2 in ubuntu? currently they are starting in the wrong order, as one is reliant on the other I need one to start first
<hads> robvdl: That's controlled by the names of the links in /etc/rc$NUMBER.d/ which is usually managed with the program update-rc.d in Ubuntu,
<robvdl> I created one daemon script myself /etc/init.d/assp because assp isn't in the repository, assp has to start after clamav
<robvdl> but will check out the man page for update-rc.d thanks
<hads> Basically you just need to make sure that the links to assp have a higher number than clamav
<robvdl> assp is a great spam filter by the way :) I find it loads better than spamassassin
<robvdl> just not sure why its not in universe yet, but it's easy enough to install manually
<hads> I should check it out some time.
<robvdl> it acts like an smtp proxy
<robvdl> so stops mail before it hits the mail server
<robvdl> it's written in perl and there's an easy guide on the howtoforge
<hads> Not a whole lot of spam hits amavis here since using greylisting and spamhaus RBL
<robvdl> assp has that functionality too, another cool thing is the web based configuration
<robvdl> I used to run assp through courier on edgy but since reloading my server I now use citadel as mail/groupware
<robvdl> which kind of does everything in one, pop, imap, groupware and web based interface, kind of like a slimmed down zimbra
<thenewguy> i really like assp it has done wonders on my server
<robvdl> cool, got it sorted now clamav starts before assp, thanks
<Valsum> Hello! I'm trying to update my GPG key in Launchpad, but it seems the keyserver is down...
<ray-irc> Is any one here that can help me set up a USB modem?
<ray-irc> Or does any one know a good place for help setting up a USB modem for Ubuntu server?
<Kamping_Kaiser> Valsum, perhaps tell #launchpad
<Valsum> ok, thanks KK
<ray-irc> I asked for help at http://ubuntuforums.org/showthread.php?t=798793 it's been weeks and no one has helped.
<Kamping_Kaiser> Valsum, np
<Kamping_Kaiser> ray-irc, is it posable for you to get a not-horrible modem?
<ray-irc> I don't know what not-horrible modem is? Are you saying the USB modem I have is bad for Ubuntu?
<Kamping_Kaiser> usb modems are bad full stop (imnsho of course ...)
<ray-irc> I have a old RS232 + USB 3Com U.S. Robotics 56K Voice Faxmodem Pro that works. But I don't like that's it's about as big as the Ubuntu server I have Ubuntu running on. That's why I like some small USB modem.
<ray-irc> The big USB modem that works easy with Ubuntu modem no. :0525 it's like plug and play with ubuntu.
<ray-irc> So I thought any USB modem would work easy with ubuntu. But this USRobotics USR5637 56K V.92 USB modem I just can't get to work.
<Kamping_Kaiser> its posable the server kernel doesnt hae support for the modem
<ray-irc> I read that it works with Fedora and I think it's has the same kernel.
<Kamping_Kaiser> i'm pretty sure ubuntu desktop+server have different kernels
<ray-irc> So would have to compile a new kernel to get it to work? I guess that's to hard to do.
<Kamping_Kaiser> i dont know. its just a thought
<ctx144k> hello all
<ctx144k> anyone knows the default-options "relatime" and "notail" in /etc/fstab for reiserfs-filesystems?
<ctx144k> iam using ubuntu8.04-LTS server
<ctx144k> ok, i founded that options in "man mount "
<RainCT> Hi
<RainCT> I'm trying to setup OpenVPN but I'm not sure what to write in the KEY_* fields in /etc/openvpn/easy-rsa/vars. Can someone help me?
<yann2> hi :)
<yann2> I got 3 major issues installing dapper on a sun fire x4100 :/ anyone has the same type of hardware?
<yann2> https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.15/+bug/37452
<ctx144k> anyone has an idea where to look when NFS is extremly slow?
<yann2> this means there is no possibility to install dapper on officially supported hardware.. for me its a disaster :(
<ctx144k> is installed nfs-kernel-server - and when iam connecting via client and want copy a 100mb file i get data only with 100-200kb/s
<ctx144k> both mashines are in the lan
<Kapli> Does everything i put into cron.weekly run weekly?
<yann2> yes
<Kapli> Is there any log to check if it ran correctly or something?
<InsomniaCity> output gets mailed
<Kapli> And if I don't get any email?
<yann2> install postfix? :)
<InsomniaCity> lol
<InsomniaCity> Kapli: check by adding output to it
<InsomniaCity> but no mail means no output, if it ran
<Kapli> Nono, see the problem is that I don't get an email
<Kapli> well the script i put into cron.weekly is a db backup script, it backs up correctly but im not recieving email
<Kapli> well see i installed sendmail when i first set up the server, but that didnt work so i installed some other thing exim4 or osmetihng
<Kapli> someone told me to test emailing by mail command, didnt work but suggested installing mailx, so i did that and mail command works but still not getting email by the script
<Kapli> hmm, after taking a closer look into the script it appears it sends the mail via mutt, will mutt work properly with all the different mail stuff i have installed?
<Kapli> i installed mutt and it worked :)
<aplsin> why does ebox depend on 100MB of crap like x11-common?
<Nafallo> because it needs it I'd assume :-P
<aplsin> i thought ebox was for remote admin of server's, who put's X11 on a server? (well i do but that's on my sandbox-server because i wanna a remote (XDMCP) gnome-desktop)
<Deeps> read the sauce, luke
<Bhavesh> YAY so many people
<Bhavesh> setup: Dual PIII, 1GB memory, onboard Promise FastTrak Lite controller, trying to install ubuntu-server with two drives connected to the promise ctrl, at install time kernel panics
<Bhavesh> if i try to install it without having hdd connected to promise ctrl, install goes fine
<Bhavesh> and if i install server and THEN connect drives to promise ctrl, it won't boot
<Bhavesh> any suggestions/ideas?
#ubuntu-server 2009-06-08
<jmarsden> billybigrigger: check the MX records for mydomain.com really do point to your mailserver...  dig mydomain.com mx
<billybigrigger> yeah it all works
<billybigrigger> it all worked before, im transfering over servers
<billybigrigger> trying to setup 192.168.1.100 and 192
<billybigrigger> trying to setup 192.168.1.100 and 192.168.1.103 and then just switch the ip's around on them...but when i switch ips, apache works, and the mailserver won't accept incoming mail
<fbc-mx> How do I get my nfs shares to show up in the Network browser?? I have them setup already and I can manually mount them with no problems, but other users aren't very savvy. I would like to make them idiot proof.
<jmarsden> You will need a public IP if you want to get email from hotmail... 192.168.*.* is a private IP range ?
<fbc-mx> avahi deamon? or something like that?
<fbc-mx> billybigrigger, or you can load ddclient get a DDNS and put your computer in your routers DMZ.
<fbc-mx> billybigrigger, it's not the optimal solution.. you'll bounce mail for about an hour once a week when your provider changes your IP, but after it propagates again through DNS you should be good for another week.
<billybigrigger> i haven't had an ip change for years
<jmarsden> billybigrigger: So when you swap IPs for the servers, you are also changing the router's NAT settings appropriately?
<FFForever> can i make openssh check ~/.ssh/authorized_keys and /root/.ssh/authorized_keys for each login?
<fbc-mx> FFForever, not abosulutely sure, but I think it would be a qustion of adding another pam_module pointing to the other keys file.
<fbc-mx> How do I get my nfs shares to show up in the Network browser?
<giovani> FFForever: why would you check root's home dir for keys for other users?
<fbc-mx> anyone? Beuller? Beuller?
<giovani> network browser?
<giovani> you mean some gui thing? that's not an ubuntu-server issue
<fbc-mx> giovani, yeah but they don't show
<giovani> ^
<fbc-mx> I open up my network browser and do not see nfs shares even though I can mount them manually.
<giovani> this is #ubuntu-server
<giovani> you're talking about a desktop app -- ask in #ubuntu
<fbc-mx> giovani, I know,,, I'm runing it on ubuntu-server
<giovani> GUIs are not supported here
<giovani> please go to #ubuntu for that
<fbc-mx> giovani, so your saying the server does not have to announce the server? It's the desktops responsibility to detect them?
<giovani> "announce"?
<fbc-mx> giovani, sorry I menat annouce the service?
<fbc-mx> giovani, Yeah, Like some kind of broadcast teling everyong one what it is sharing.
<giovani> nope
<giovani> that's a windows thing
<fbc-mx> giovani, aha... ok, so then it's really not a server issue...
<giovani> ask #ubuntu what you're supposed to do with that tool
<giovani> it's not a server tool, so it's not supported here
<bogeyd6> Anyone know how to unzip several files in a directory?
<Alex_21> sudo unzip *.zip maybe
<Alex_21> I have no idea
<dthacker> bogeyd6: unzip *.zip?
<Nikilos> Hi everyone, I just installed Ubuntu Server on a really old computer of mine, and when it boots up, it gets to the command line just fine, but the text is extremely huge and I can't see what I'm typing. Is there an easy fix to this?
<Alex_21> Re installl or fix the resolution on your Monitr\
<Alex_21> Monitor
<Nikilos> I tried reinstalling and it didn't do anything. How do I fix my resolution?
<PhotoJim> just a shell login I assume.  no GUI running.
<PhotoJim> if so, weird problem.  not seen that.
<Nikilos> Right, no GUI
<PhotoJim> my machines that are servers just boot into text mode, like DOS does.  they would work on a CGA system.
<PhotoJim> there are some paramters you can use in grub to force the kernel to boot up in different video modes.  I wonder if that's your solution.
<PhotoJim> I don't know t he details, but googling might help.
<Nikilos> Alright, I'll try looking around. Thanks. I'll report back with results
<PhotoJim> please do.
<PhotoJim> parameters, even
<PhotoJim> darn netbook keyboard :)
<Nikilos> Netbooks rock
<PhotoJim> I love mine, but the keyboard occasionally annoys :)
<PhotoJim> it's not bad though
<PhotoJim> everything else about it is great
<Nikilos> What kind is it?
<PhotoJim> AA1, 1.5 GB RAM, 160 GB SATA HD
<PhotoJim> in pretty sapphire blue :)
<Nikilos> Oooh, that's great
<PhotoJim> yep
<PhotoJim> dual boot, XP and Jaunty
<PhotoJim> I use Jaunty most of the time
<Alex_21> Does anyone know why eSpeak is broken in Jaunty?
<Alex_21> I run an eSpeak server
<Nikilos> Be riiiight back
<PhotoJim> I don't, sorry
<Nikilos> No idea if that worked...test test
<Alex_21> Can you test it in Jaunty?
<Alex_21> eSpeak I mean
<PhotoJim> Nikilos: so did it work?
<Nikilos> PhotoJim: I'm still in the process of trying to fix it :P
<Nikilos> Well, I was able to edit my menu.lst file without problems...I think. I can't really tell since I can't see what I'm typing, but hopefully it worked
<Nikilos> Great, I completely murdered my display settings
<Nikilos> Would using Xubuntu as a server be practical?
<PhotoJim> practical but not optimal
<PhotoJim> why not ssh into it from another system on your network?  I think sshd is configured to run by default on ubuntu server
<Nikilos> Sorry for asking such a dumb question, but how do I do that?
<PhotoJim> do you have shell access to another machine on your local area network?
<Nikilos> I'm not sure. How do I check to see if I do?
<PhotoJim> if they're your machines, you surely have access :)
<PhotoJim> either that, or you can use a Windows machine and get the ssh client PuTTy
<PhotoJim> if you have a Linux machine with a GUI like Gnome or KDE though you can just log in and open a terminal
<PhotoJim> ssh is built-in
<PhotoJim> (essentially)
<Nikilos> OH, wow, I feel really dumb now. Yes, I do :)
<PhotoJim> :)
<PhotoJim> do you know what IP addresses your machines have?  (in particular, your server)
<Nikilos> I know what this machine's IP address is, not the server's
<PhotoJim> you need to know the server's
<PhotoJim> how is it getting an IP, by DHCP?
<Nikilos> I have no idea, sorry. :(I have the server connected to a wireless router via an ethernet cable and I'm on my notebook right now, which it connected wirelessly
<PhotoJim> what is your notebook's IP?
<PhotoJim> how do you use your server if you don't know its IP, by the way? :)
<Nikilos> 192.168.1.2 is my notebook's IP
<PhotoJim> my guess is that your server is 192.168.1.1 or 192.168.1.3... your gateway is probably .1.1 so try .1.3
<PhotoJim> you're running Linux on your notebook?
<Nikilos> I'm actually running OS X, but its Terminal will still work, right?
<PhotoJim> it will.
<Nikilos> Oh, I successfully connected
<Nikilos> It was 192.168.1.3
<PhotoJim> how did you connect?  did you do an ssh login?
<Nikilos> I used Coda's terminal and used its "Connect via SSH" option and entered in the information
<PhotoJim> so you're in?
<Nikilos> Yup, I was able to undo the change I made to /boot/grub/menu.lst
<PhotoJim> oh, cool.
<PhotoJim> ssh is a very useful tool.
<Nikilos> Thanks for stepping me through this, Jim, you're a lifesaver
<PhotoJim> not exactly :) but you're welcome.
<PhotoJim> not dumb questions, by the way.
<PhotoJim> we were all newbies once.
<Nikilos> :)
<PhotoJim> my server is in my basement.  I almost never do a real console login.  always ssh from upstairs, or even away from home.  like yesterday, I sshed from 4000 km away :)
<PhotoJim> today ssh is just a few feet :)
<Nikilos> So how would I SSH to my server if I was not connected to my home network?
<Alex_21> ssh username@192.168.x.x
<PhotoJim> you'll need to port forward a port from your router to your server, and have a static IP address you can use elsewhere
<Alex_21> Replace the last two with the proper values
<PhotoJim> Alex_21: that won't work outside his LAN :)
<Alex_21> If you don't have a static IP use DYNDNS.net
<Alex_21> Ok
<PhotoJim> yup, that'll work too, not quite as well but reasonably well
<Alex_21> And do: ssh username@something.homelinux.net
<PhotoJim> my ISP gives me 2 static IPs, so my router (which is a custom Alix Linux box) has one and my server has the other
<PhotoJim> dual NICs on both, so they have separate connections to the LAN
<PhotoJim> my WiFi router just does WiFi, no routing
<Nikilos> Two routers would definitely complicate the situation, I assume...
<Alex_21> Depends on the sicuation in the first place :)
<Alex_21> It is up to you
<PhotoJim> not really.  my access point is set to route all traffic through 192.168.222.26, which is my router's IP
<PhotoJim> works perfectly :)
<PhotoJim> and it doesn't give out IP addresses by DHCP, that's disabled.
<Alex_21> I have to run
<Alex_21> I hope I could help
<Alex_21> Thanks for your help
<PhotoJim> ciao Alex
<Alex_21> Good night
<Nikilos> Well, I think I can figure out the rest from here. Thanks for all the help!
<Nikilos> I'll most likely return sometime in the near future, though :)
<PhotoJim> you're most welcome
<chelehandsome> how can I mount a RAID 5 in my server?
<jaypur_mb> hi, i installed apache and my internet provider blocks the access of port 80, so what port should i use at the ports.conf file and at my router?
<jmarsden> jaypur_mb: Any port you like... but usually if the ISP blocks port 80 it is because their Terms of Service forbid servers, so make sure they actually permit (not just technically but contractually/legally) use of a server on whatever port you choose.
<jmarsden> Ports 81 or 8000 or 8080 would be common choices for alternative web server ports.
<Alex_21> I have ap roblem. On boot I get
<Alex_21> Code: "[        25.251737] Freeing initrd memory: 8263k freed"
<Alex_21> Any ideas
<Alex_21> Please
<ssm> that's a normal boot line, Alex_21
<Alex_21> But it is hanging for half an hour on the same line
<ssm> Alex_21: does it continue to boot after the half hour pause?
<Alex_21> It hasn't booted yet. It is a vannila install
<ssm> Are you booting from an install cd? Is this a normal boot from disk, and a problem that's just appeared, have you done any upgrades lately, does your disk make funny noices, black smoke, anything else?
<Alex_21> Nothing. It is a vanilla install and I am booting from the HD. It has software raid on it
<jmarsden> Alex_21: It might be good to try doing a fresh install onto just one of the HDs, just to check that the basic hardware is OK?  Then if that works, the issue is probably RAID related in some way, and you can go back and troubleshoot that?  A 30+ minute delay means it's probably not going to finish that install, in my opinion.
<Alex_21> It finished the install
<Alex_21> This is the first power up
<twb> If the delay is reproducible, I would blame nss.
<twb> For example, if you have network manager installed and are running a NIS client, you will get that behaviour.
<twb> Because NM retardedly tries to look in /home or something, before the network is even up.
<Alex_21> I just realized something
<Alex_21> The domain is assigned to this machine is not correct
<ssm> twb: Network Manager has surprised me lately.... :/  I have ldap auth here...
<ssm> Alex_21: DNS or NIS domain?
<twb> ssm: well, with ldap you can at least bind softly.
<Alex_21> I don't know the difference
<twb> I dunno if/how to do that in NIS.
<ssm> twb: yes, or I can add the interface to /etc/network/interfaces :)  The default install gives you network after you've logged in
<Alex_21> I have the domain from dyndns.com fried-rice.homelinux.net
<twb> ssm: that's fucking retarded
<ssm> Alex_21: then you're not running NIS, I'd guess
<twb> I hate NM so much.
<twb> At least wifi-radar leaves my wired nics the hell alone
<ssm> twb: I'd say NM is a mixed blessing, at least :)
<Alex_21> Ok. Could this be my problem. That is not resolving correctly
<twb> Alex_21: boot without "quiet" (or "splash") in your kernel command line, and take a note of the text immediately before the freeze occurs.
<ssm> Alex_21: not sure, that should not pause the boot process
<Alex_21> Because I did have Ubuntu installed before and it worked fine. But I need Raid 1
<twb> Alex_21: then boot with "single" or into a live CD, and add tracing on those files in /etc/rcS.d
<Alex_21> What will that do?
<ssm> I think the last line Alex_21 quoted was from the kernel freeing initrd memory, that's way before any init scripts.
<twb> ssm: it can't be.
<twb> ssm: if it's freeing the ramdisk memory, it has to be past the ramdisk
<ssm> point
 * ssm needs more coffee....
<ssm> first kernel, then initrd stuff, then pivot-root and then there's a pause....
<Alex_21> [ 25.244020] checking if image is initramfs ... it isn't (bad gzip magic numbers ); looks like an initrd
<ssm> the next line after that in my dmesg is audit, but that's after 0.9 seconds, and the initrd message from Alex_21 was after 25 sec
<Alex_21> Is what it says before the freeze
<Alex_21> Code: "https://help.ubuntu.com/community/Installation/SoftwareRAID"
<Alex_21> Code: "[ 25.244020] checking if image is initramfs ... it isn't (bad gzip magic numbers ); looks like an initrd" Sorry about before
<Alex_21> What does this mean?
<ssm> Alex_21: you could try booting from the cdrom again, in rescue mode, then do "update-initramfs -u -k all".  The image should be initramfs, at least it is here, on my jaunty desktop install.
<ssm> your dmesg says that the image is not a vaild initramfs image, and it therefore assumes that the format is "initrd" instead.
<ssm> Alex_21: http://ubuntuforums.org/showthread.php?t=1163519 also looks related
<ssm> you could try adding rootdelay=200, since your boot obviously takes a while.  That's bitten me on some servers earlier
<Alex_21> So I boot the disk. Then what?
<Alex_21> There is no DHCP Server on the network BTW
<Alex_21> I am at the Ubuntu Splash
<ssm> when grub comes up, hit "e" for edit, navigate to the line that starts with "kernel", hit "e" for edit again, add "rootdelay=200" to the boot parameter list, then enter, and "b" for boot
<ssm> also, remove the "splash" and "quiet' words on the grub kernel boot line
<Alex_21> I mean on the CD
<Alex_21> Do I go to Reque mode?
<ssm> Alex_21: CD rescue mode for the "update-initramfs" trick, to see if that works, or grub menu on the hard disk for the "rootdelay" thingie
<Alex_21> I have Lelo
<Alex_21> Not Grub
<ssm> Alex_21: if you boot from "lilo", then just add "rootdelay=200" after the default, which probably is "Linux"
<ssm> Alex_21: the ubuntu install gives you lilo if you have everything in LVM, and grub if you make a /boot partition outside LVM when you install.
<Alex_21> I have no idea where to edit this file for Lello
<Alex_21> It was all done in LVM on top of Raid1
<Alex_21> Thanks for your help
<Alex_21> Good night
<twb> If you boot into lilo, give up and reinstall
<twb> lilo is totally NOT the right thing for LVM, though it will appear to work at first
<twb> It works by remembering the block offset, so if you actually try to, you know, resize or move extents, lilo will just break.
<soren> twb: ...and grub doesn't know about lvm at all. So what would you use?
<twb> soren: you put /boot on a separate RAID1 array OUTSIDE LVM.
<twb> (Note that current versions of Grub *do* understand LVM -- but Ubuntu, and everyone else, still run Grub Legacy.)
<twb> Although personally I would prefer to use extlinux over grub, if it was as well-supported by d-i.
<twb> And, you know, kernel-img.conf and such.  Though I think that's mostly programmable; you'd mainly need to write an update-extlinux(8) script.
<a_ok> say i make an initscript what is the best way to set it up in the runlevels?
<soren> twb: Yes, so that renders your lilo argument moot, doesn't it?
<soren> twb: You're saying not to use lilo if your kernel is on lvm, because it'll break when stuff moves around, but what you clearly actually mean is to not put your kernel on lvm.
<soren> ...which is completely different.
<twb> soren: sorry, yes, that was implied
<twb> But even without LVM, lilo would be vulnerable against e.g. replacing your ext2 filesystem with another one that contains that same files.
<twb> (another ext2 filesystem, that is.)
<twb> That's why grub-install tends to only get run once, whereas lilo needs to be reinstalled into the MBR practically every time you upgrade your kernel.
<soren> twb: s/practically //
<ghostlines> hi all
<ghostlines> does anyone have experience with recovering shredded files?
<soren> ghostlines: shredded?
<soren> ghostlines: As in shred(1)ded?
<ghostlines> yeah
<soren> I'd forget about it.
<ghostlines> soren, it's possible to recover shredded files
<ghostlines> http://ubuntuforums.org/showthread.php?t=707373
<ghostlines> check out that thread
<henriquelm> Hello there
<henriquelm> My Ubuntu server is giving me a "Segmentation fault" error msg during OS boot, what should I do?
<uvirtbot> New bug: #384193 in quagga (main) "BGP: Assertion `len < str_size' failed in file bgp_aspath.c, line 519, function aspath_make_str_count" [Undecided,New] https://launchpad.net/bugs/384193
<uvirtbot> New bug: #356164 in php5 (main) "php5 crashed with SIGSEGV in execute() (dup-of: 284661)" [Medium,New] https://launchpad.net/bugs/356164
<skarufue> hello
<skarufue> i have a mysql on ubuntu question
<skarufue> i managed to make my old server unbootable (dont ask)
<skarufue> so i set up a new one
<skarufue> and everything is fine now
<skarufue> except for the innoDB tables
<skarufue> they arent there anymore... and i remember there was some way to fix this... but i cannot remeber how
<skarufue> anyone?
<Sam-I-Am> did you copy all the files over?
<skarufue> yes
<skarufue> but /etc/mysql restart failed
<Sam-I-Am> whats the error?
<skarufue> so i took out anything but the dbs
<skarufue> so ibdata1 was recreated
<skarufue> ill recreate the error with the original ibdata1 just a moment
<kwork> should raidutils be able to manage adaptec cards ?
<skarufue> well i dont see anything in the /var/log/mysql* logs
<tdn> I am trying to make use of my geode aes engine by using LUKS/dmcrypt for encrypted partitions. But for some reason it does not work with the geode_aes module loaded.
<skarufue> syslog gives me a series of those:
<skarufue>  hosting /etc/mysql/debian-start[29594]: Error    : Table 'roundcubemail.cache' doesn't exist
<skarufue> Jun  8 15:43:14 hosting /etc/mysql/debian-start[29594]: error    : Corrupt
<skarufue> Jun  8 15:43:14 hosting /etc/mysql/debian-start[29594]: roundcubemail.contacts
<skarufue> Jun  8 15:43:14 hosting /etc/mysql/debian-start[29594]: Error    : Table 'roundcubemail.contacts' doesn't exist
<skarufue> Jun  8 15:43:14 hosting /etc/mysql/debian-start[29594]: error    : Corrupt
<Sam-I-Am> did your files copy correctly?
<tdn> Here is terminal log of what I have tried: http://thomasdamgaard.dk/p/P1310.html
<Sam-I-Am> and does mysql know about the database?
<skarufue> yes
<skarufue> yes
<Sam-I-Am> are the indices there?
<skarufue> as i recall this is something common with innodb tables when the databases are simply copied (e.g. not using mysqldump)
<skarufue> indices?
<Sam-I-Am> index?
<skarufue> yes it say for example gallery2 db has 63 tables but i can only view 3 of them (all who are not innodb)
<skarufue> (to be honest i dont get the indeces question)
<Sam-I-Am> not sure if you have to regenerate any indices if the database is physically moved
<Sam-I-Am> or some command that make it work on a different instance of mysql
<skarufue> well the last time i think i had to read them from binary backup with some sort of offline method
<skarufue> but cant remember what exactly
<Sam-I-Am> maybe you need to use the same procedure?
<Sam-I-Am> google might be useful :)
<skarufue> yeah well i tried that a lot but its a hard search term since the internets seems to be full of people who try to restore some sort of mysql database
<Sam-I-Am> can you get mysql to return a more specific error, or an error number?
<skarufue> Jun  8 15:51:56 hosting mysqld[29526]: of InnoDB though the .frm file for the table exists. Maybe you
<skarufue> Jun  8 15:51:56 hosting mysqld[29526]: have deleted and recreated InnoDB data files but have forgotten
<skarufue> Jun  8 15:51:56 hosting mysqld[29526]: to delete the corresponding .frm files of InnoDB tables, or you
<skarufue> Jun  8 15:51:56 hosting mysqld[29526]: have moved .frm files to another database?
<skarufue> Jun  8 15:51:56 hosting mysqld[29526]: See http://dev.mysql.com/doc/refman/5.0/en/innodb-troubleshooting.html
<skarufue> Jun  8 15:51:56 hosting mysqld[29526]: how you can resolve the problem.
<skarufue> Jun  8 15:51:56 hosting mysqld[29526]:
<skarufue> Jun  8 15:51:56 hosting mysqld[29526]: 090608 15:51:56090608 15:51:56 [ERROR] Cannot find table gallery/g2_User from the internal data dictionary
<Sam-I-Am> have you looked at what it tells you to look at?
<skarufue> yes it isnt very helpfull
<skarufue> it suggest to use CHECK TABLE which ist really an option whe mysql doesnt start
<Sam-I-Am> got me...
<skarufue> the thing is if i move ibdata1 out of /var/lib/mysql then the server starts (and a new ibdata is created) then i see the databases but the innodb tables are empty
<Sam-I-Am> http://dev.mysql.com/doc/refman/5.0/en/innodb-backup.html
<Sam-I-Am> same versions, same platforms?
<skarufue> yeah have binary logging turned on.. but i just realised that maybe it isnt enough to just swap out ibdata...
<skarufue> ill try that
<skarufue> ok
<skarufue> as usually it was a file permissions fuckup
<skarufue> thanks for bearing with my stupidity
<skarufue> :)
<jaypur_mb> hi i'd like to know a free temperature monitor to my server... does someone know?
<uvirtbot> New bug: #384821 in samba (main) "samba segmentation faults" [Undecided,New] https://launchpad.net/bugs/384821
<phoenixz> I have opted for home directory encryption in my ubuntu server installation which causes SSH not to be able to use ssh keys anymore.. anbody who could help me to fix this problem?
<soren> kirkland: ^ :)
<phoenixz> rob_p: well, in my case, I opted for home directory encryption during the ubuntu server installation. Result seems to be that SSH is not functioning correctly with keys anymore.. How can I fix this?
<kirkland> phoenixz: encrypted home and ssh public key authentication are (mostly) incompatible technologies
<phoenixz> kirkland: in other words.. once using encrypted home directories... you can no longer use ssh with public key authentication.. ?
<kirkland> phoenixz: i say "mostly" ...
<phoenixz> okay... but how could I then get them to work?
<kirkland> phoenixz: there are two non-ideal work arounds
<phoenixz> kirkland: oh oh...
<kirkland> phoenixz: basically, encrypted-home means that you *must* enter a password to mount your home directory -- that's the design/definition of the feature
<kirkland> phoenixz: you can ssh in with a password the *first* time
<kirkland> phoenixz: and then subsequent ssh's via pubkey should work
<kirkland> phoenixz: as long as your home dir stays mounted
<kirkland> phoenixz: if you rm ~/.ecryptfs/auto-umount, it won't be unmounted on logout
<kirkland> phoenixz: which is perhaps a slight security risk to your data, but will key your pubkey auth working
<kirkland> phoenixz: that's option #1
<kirkland> phoenixz: option #2 ...
<phoenixz> kirkland: gottit..
<kirkland> phoenixz: you can move your ~/.ssh/authorized_keys file out of your encrypted home directory
<kirkland> phoenixz: put it in your unmounted, read-only home
<kirkland> phoenixz: this will get your ssh public key auth working
<kirkland> phoenixz: but your home dir will not be auto mounted on login
<kirkland> phoenixz: you will need to run ecryptfs-mount-private
<phoenixz> because there is data there...
<phoenixz> gottit...
<kirkland> phoenixz: and enter a password, and then home is mounted
<kirkland> phoenixz: this is documented in various scattered places
<kirkland> phoenixz: i'm going write a blog post that documents it now :-)
<kirkland> soren: thanks for the pointer
<phoenixz> kirkland: This is a detail that might be documented a bit clearer yeah :) maybe during installation or something :)
<phoenixz> kirkland: thanks a lot!
<soren> How about changing the location of the authorized_keys ?
<soren> I once taught ssh to look at a fuse mountpoint that would fetch ssh keys from launchpad on the fly.
<soren> I feel much better now, though.
<kirkland> soren: that was option #2
<soren> kirkland: Oh, I misunderstood. Sorry.
<soren> huats: Hey. The changelog in your merge says that Intrepid and Karmic were merged upstream. If it's cool with you, I'll change "Karmic" to "Jaunty" and go ahead an upload?
<huats> soren hey
<huats> 2 minutes I am on the phone
<soren> huats: Sure.
<soren> kirkland: I'm reading your option #2 again, and I'm not sure we're speaking about the same thing.
<kirkland> soren: okay, i simply meant option #2 to convey moving ~/.ssh/authorized_keys out of $HOME
<kirkland> soren: out of encrypted home, anyway
<kirkland> soren: somewhere that the system can find it, unencrypted
<kirkland> soren: what are you meaning?
<soren> kirkland: Right. Like /var/lib/ecryptfs-workarounds/<username>/authorized_keys or something.
<kirkland> soren: sure
<soren> And adjust AuthorizedKeysFile in sshd_config accordingly.
<kirkland> soren: i suggested unmounted $HOME, but it could be mostly anyway
<kirkland> anywhere
<kirkland> soren: ah, and you mean modifying the sshd_config too
<soren> Right.
<huats> soren: I am back
<huats> hey :)
<soren> o/
<huats> oups
<huats> indeed
<huats> intrepid and jaunty were merged :)
<huats> go ahead
<huats> you can change that :
<huats> :)
<huats> (sorry for the mistake)
<soren> Cool :)
<soren> huats: I didn't expect you to object, but it felt wrong changing stuff that is signed by you without your consent. :)
 * soren breaks
<huats> btw I will send the patch I have added (that adds karmic) to upstream and debian too...
<huats> sure I understand
<huats> btw I have done locally the virt-manager update, are you interested ? :)
<huats> I mean the merge
<soren> huats: Sure, bring it on :)
<huats> hehe
<huats> I will
<huats> I have just to deal with a last patch
<huats> (I might need your opinion on it btw)
<soren> Sure.
<kirkland> soren: i'll document your suggested method too :-)
<soren> ;)
<huats> soren: In fact the patch that bothers me a bit is : http://paste.ubuntu.com/190975/
<huats> in fact the new interface has changed quite a bit
<huats> and there is not anymore the distinction para virt/full virt (from my understanding and that has been confirmed when I have launched the application)
<huats> so I am not sure this is needed...
<huats> (by instance I am running it without being the kvm group)
<huats> soren:  I need to run
<huats> I might be connected later tonight or tomorrow :)
<Damir> hey guy's
<Damir> anyone experiance with apache
<Damir> and the mod_proxy loadbalancaing
<uvirtbot> New bug: #352170 in openvpn-blacklist (main) "openvpn - openssl-vulnkey:24: DeprecationWarning: the sha module is deprecated; use the hashlib module instead   import sha" [Low,Fix committed] https://launchpad.net/bugs/352170
<Damir> im getting this config error: BalancerMember can not have a balancer name when defined in a location
<Damir> and i'm using this config : ##custom configuration loadbalancing
<Damir> <Proxy balancer://servertje>
<Damir> BalancerMember http://127.0.0.1:8080/ loadfactor=100 # Balancer member 1
<Damir> BalancerMember http://localhost:9090/ loadfactor=80 # Balancer member 2
<Damir> </Proxy>
<Damir> ProxyPass /test/ balancer://servertje/
<Damir> any idea what it could be ?
<rsr> hello all
<rsr> I have a question... I wpuld like to know what this is: dd bs 1 if /proc/kmsg of /var/run/klogd/kmsg : I found this despite not knowing what it is referring to... Can anyone enlighten me?
<_ruben> copy .. with block size 1 .. from /proc/kmsg .. to /var/log/klogd/kmsg
<_ruben> looks like a "bridge" between a file within /proc and socket for klogd
<rsr> yes
<rsr> no problem
<rsr> should I use the latest version or the LTS version for my server?
<jpds> Whichever you want.
<rsr> but which one is recommended for a mission criticall service? there must be a reason for LTS
<rsr> another question
<rsr> should I upgrade distro on a server
<rsr> ?
<Oasisbhrnw> Hello.  I just installed Ubuntu Server 9.04.  During the install there was an option to turn auto-updates on, which I did.  My question is, is there anyway to check when auto-updates last ran and/or is there a way to make it run manually?
<jmedina> Oasisbhrnw: AFAIK, auto update wont update your system quitely, insted will download list like apt-get update
<Oasisbhrnw> I just don't know how to verify it's working.  I'm paranoid it's acutally not running.
<sommer> Oasisbhrnw: there will be new entries in /var/log/apt/term.log
<sommer> Oasisbhrnw: you can also adjust the settings in /etc/apt/apt.conf.d/50unattended-upgrades
<Oasisbhrnw> K, thanks.
<orudie> hi, i'm struggling with this http://www.debian-administration.org/articles/590
<orudie> trying to lock user in home dir.
<orudie> can someone help me with this ?
<orudie> please
<ghostlines> what's the prob?
<orudie> well first off cant even test it with sftp user@host because i'm using ssh private key
<orudie> how can i specify port with sftp user@host ?
<jmedina> man scp?
<orudie> jmedina-> sftp
<orudie> its -o something
<orudie> forgot what
<jmedina> orudie: then man sftp
<orudie> looking cant see
<jmedina>  just type: /port and there you go
<jmedina> :D
<jmedina> the fist match
<jmedina> For example, to specify an alternate port use: sftp -oPort=24.
<orudie> yup see it thanx
<orudie> i didnt know how to search inside man pages lol
<orudie> now i know
<jmedina> Â¬Â¬
<jmedina> orudie: the first thing is learn how to use man pages
<jmedina> man man
<orudie> :)
<jmedina> use man before googling or ask in forums/chats...
<orudie> good stuff
<jmedina> it is easier, and most of time will save some time to you and to others
<jmedina> and you look Pro :D
<jmedina> orudie: then you dont know how to search in more/less?
<orudie> do not know what you are asking
<jmedina> Im taking about pager programs like more or less
<jmedina> man uses a pager, I think by default is more unless you install  less (1)
<orudie> never used those
<jmedina> :O
<orudie> so yeah cant test within the host
<jmedina> virtualize!!!!!
<orudie> Failed to add the host to the list of known hosts (/home/paul/.ssh/known_hosts).
<orudie> Permission denied (publickey).
<orudie> but its obviously doesnt work because i can actually browse to other directories if i do su user
<orudie> anything ?
<orudie> anyhing anyone ?
<ghostlines> what vpn solution do you guys recommend?
<mathiaz> ghostlines: openvpn is a good solution and may fit your needs
<ghostlines> I have experience with open-vpn, wondering if they're are any better ones
<jason^> has anybody installed ubuntu server on a dell r710 server?  i'm getting errors like "cannot find a valid memory map"
<ta3one> Greetings fellow Ubuntu affectionados! I have a question about getting mod_proxy to work - I keep getting forbidden error
<ta3one> can anyone please help?
<matthewmpp> Hi, I am new to server-editions.  I created a user on my server with: useradd -m matthewmpp, but it never asked me for a password for matthewmpp. How do I create or change the password for this new user?
<matthewmpp> ping
<ta3one> hey matthew
<matthewmpp> hi
<ta3one> use passwd username
<matthewmpp> okay
<ta3one> sudo passwd username
<ta3one> you can reset any password like that from the cli
<matthewmpp> by using passwd username?
<ta3one> yeah
<ta3one> by the way, you should be using adduser
<ta3one> not useradd
<orudie> after following this guide http://www.debian-administration.org/articles/590 i can not figure out where they authorized_keys file with ssh key should go
<orudie> had been stuck on this for many hours already
<ta3one> useradd is low level utility
<giovani|work> orudie: that guide has nothing to do with ssh keys
<giovani|work> so, clearly that's not a good place to find the answer
<ta3one> orudie, what are you trying to do?
<ta3one> you mean like automatic logon?
<orudie> giovani|work-> yes, but i cant connect
<orudie> ta3one-> lock user in directory with help of chroot
<ta3one> ohh sorry, I've never done that ...
<orudie> giovani|work-> its like ssh doesnt know where to look for authorized_keys file after i followed the guide
<orudie> giovani|work-> for that particular user
<orudie> where does the authorized_keys file go when using chroot in sshd_config ?
<FFForever> is anyone around that has setup proftpd before?
<FFForever> i keep getting ProFTPd warning: cannot start neither in standalone nor in inetd/xinetd mode. Check your configuration., and i only installed it i have not modded the default configuration
<orudie> FFForever, why not use sftp ?
<FFForever> orudie, because this is for a client and not me personally
<FFForever> any ideas?
<FFForever> bah =( Fatal: unable to load module 'mod_lang.c': Operation not permitted
<FFForever> anyone around?
<billybigrigger> reconfigure it?
<billybigrigger> dpkg-reconfigure proftpd
<billybigrigger> unless it was compiled
<FFForever> it was installed via apt
<FFForever> i get this http://pastebin.ca/1452500
<FFForever> billybigrigger, any other ideas?
<billybigrigger> sudo dpkg-reconfigure proftpd
<billybigrigger> ?
<billybigrigger> hmm
<billybigrigger> nm
<FFForever> i am root
<billybigrigger> didn't see root@
<FFForever> ahh
<billybigrigger> is it a functioning fp server?
<billybigrigger> ftp?
<billybigrigger> purge it and reinstall
<FFForever> billybigrigger, i did that
<FFForever> no luck
<FFForever> i have made no modifications
<jmedina> billybigrigger: why dont you set your locales?
<billybigrigger> FFForever
<billybigrigger> not i
<billybigrigger> :P
<jmedina> sorry :S
<jmedina> FFForever: why dont you set your locales?
<FFForever> cause i do not know how?
<jmedina> for easy: apg-get install language-pack-en
<jmedina> is that a virtual machine?
<FFForever> yeah
<jmedina> :D
<FFForever> that worked...
<jmedina> now try to restart proftp
<FFForever> perfect
<jmedina> ok
<jmedina> probably a bug with proftpd init script, it is catchig local exict code not proftp daemon
<jmedina> you can help sending a bug report
<jmedina> probably someone else can confirm this
<FFForever> i am on dialup at the moment ill so ill have to do this tomorrow
<FFForever> dialup + bnc == fun
#ubuntu-server 2009-06-09
<jmedina> :S
<FFForever> :D
<jmedina> Im from the broadband generation :D
<FFForever> same here
<FFForever> but i am not at home at the moment so i am using my phone + usb cable + netzero :)
<jmedina> I never used a modem for internet connection, only for fax machines
<FFForever> i have never used a modem for faxing
<FFForever> i use efax
<jmedina> well, last time I used a fax was 5 years ago, when I configure those machines :D
<jmedina> fax is evil!!!!!
<FFForever> lol
<FFForever> yeah sadly businesses live by them
<billybigrigger> netzero is still around?
<FFForever> a lot of stuff is moving to email but not everything
<billybigrigger> is it still free?
<FFForever> yeah
<billybigrigger> right on
<FFForever> http://www.netzero.net/start/landing.do?page=www/free/index
<billybigrigger> hmm
<orudie> so yeah
<orudie> still cant find a way to to connect with ssh key when using chroot in sshd_config
<jmedina> orudie: have you contacted openssh people?
<jmedina>   /j #openssh
<jmedina> :)
<orudie> im in there
<orudie> they are not saying anything
<orudie> this is really weired
<pmatulis> orudie: what kind of errors are you getting when you try this?
<orudie> pmatulis, the problem is that its not seeing ssh key
<pmatulis> orudie: are you putting all the key location info in the chroot area of sshd_config?
<orudie> pmatulis, that is exactly what I am trying to figure out, is where to put the authorized_keys for this user
<pmatulis> orudie: put it in the chroot i suppose.  what i meant was, are you putting in settings like 'AuthorizedKeysFile' below 'Match'?
<pmatulis> orudie: i'm going to try this tomorrow.  are you here often?
<orudie> pmatulis, yes every day
<pmatulis> orudie: i'll ping you
<orudie> pmatulis, ok
<Bullterd> Hey All
<Bullterd> Ive just finished off my hosting cluster
<Bullterd> ive setup rsync to sync the /etc/apache2 folder
<Bullterd> how do i get apache2 to reload every so often so that it picks up the new configs ?
<pmatulis> orudie: still there?
<orudie> pmatulis, yup
<pmatulis> orudie: i just got it to work at home.  nothing special done.  not sure where your problem is
<orudie> pmatulis, with ssh key ?
<pmatulis> sshd[23736]: Accepted publickey for chrooted_user from 192.168.3.101 port 31007 ssh2
<orudie> you  have password login disabled ?
<pmatulis> orudie: yup
<orudie> ok, whats the path to your authorized_keys file ?
<pmatulis> like i said, nothing special done.
<orudie> can you tell me please ? i have been stuck on this
<pmatulis> that file is in .ssh directory of the chroot directory, which also happens to be the user's home
<twb> If it accepted the public key, then he got in.
<twb> The problem could be that bash isn't installed in the chroot.
<twb> (And bash is his default shell.)
<pmatulis> i surely hope he set up the shell
<twb> pmatulis: /home/foo is his chroot?
<orudie> yes
<twb> pmatulis: and he's running rsync with --rsh=ssh?
<pmatulis> /home/chrooted_user (user is chrooted_user)
<pmatulis> so /home/chrooted_user/.ssh/authorized_keys
<pmatulis> maybe your chroot directory is not the home directory?
<twb> What are you trying to do with this chrooted ssh session?
<orudie> sftp
<twb> Hmm.
<pmatulis> orudie: anything else before i leave?
<twb> I suggest you talk to #openssh about it, since I don't know if that's supposed to work, or what to do to debug it.
<matthewmpp> Hi, I am new to servers.  I added a user to my server by typing: useradd -m username.  This created the user and the home directory.  Then I used: usermod -a -G admin,adm,group1,etc username. This added the new user to existing groups.  Next, I typed passwd newuser as root, which allowed me to set a password for the new user.  The problem I have is that when I login as the newuser everything...
<matthewmpp> ...in front of "$" is missing. It should show something like username@hostcomputer:directory$.  Thanks in advance, any help would be appreciated. - MatthewMPP
<matthewmpp> ping
<oh_noes> Anyone installed Zend Optimizer?  In ./install.sh it'a asking for apache httpd.  However apache2 doesnt have it
<twb> matthewmpp: you should be using adduser, not useradd.
<twb> matthewmpp: the former is a high-level wrapper that will handle most of the work.
<twb> matthewmpp: the reason "everything in front of the $ is missing" is because that is the default behaviour for /bin/sh, which is the default shell.
<twb> matthewmpp: only if you use adduser(8) will /etc/adduser.conf be used, and this is what sets the default shell to bash, and populates the new home directory with the contents of /etc/skel.
<orudie> pmatulis, so the path is /home/chrooted_user/.ssh/authorized_keys , why doesnt it wanna work for me then ?
<matthewmpp> twb: cool.
<twb> orudie: did you read the log files?
<matthewmpp> twb: what syntax do I use?  adduser -m newuser?
<twb> matthewmpp: RTFM
<orudie> twb, auth.log does not produce any new logs when i try to connect
<twb> orudie: is sshd running?
<pmatulis> orudie: maybe you have bad file permissions.
<pmatulis> orudie: .ssh in particular should be 0700
<twb> pmatulis: the log will tell you if that is the case.
<orudie> you know what? i'll try to create a new user and start over , i think i messed with this particular user account way too much trying to figure this out
<orudie> i'll let you know what happens
<pmatulis> orudie: good idea
<twb> oh_noes: sounds like your install.sh assumes RHEL; I suggest you talk to the Zend people about it.
<pmatulis> orudie: also, make sure you can connect with password before going to key authentication
<orudie> pmatulis, i tested on 2 boxes, one with password the other with ssh key
<twb> as there are no entries in auth.log, there is something seriously wrong with your sshd service.  I would investigate that before trying to get the client side working.
<orudie> pmatulis, the one with password worked like a charm , took me 2 seconds to set it up
<pmatulis> orudie: ok
<orudie> twb, you are wrong
<orudie> twb, the other user with different ssh key works very well, its my company's box
<pmatulis> orudie: i got a quick recipe for this if you're interested, you might be missing something small
<orudie> ok
<pmatulis> orudie: will msg
<twb> orudie: if you are not seeing rejection notices in auth.log for failed login attempts, then either the service is not running, it is not writing to auth.log, or your client is not connecting to the ssh server.
<twb> I suppose that could indicate a failure in a firewall or a misconfigured client.
<orudie> twb, are you familiar with ssh keys ?
<twb> orudie: yes.
<twb> Reading the log files is *the* way to find out why your connection was rejected by ssh.  It deliberately does not provide any detailed information to the client.
<orudie> twb, trust me there is nothing wrong with sshd
<twb> With respect, you're in here asking for advice.  That's the advice I'm giving.
<orudie> twb, hold on
<orudie> ok
<orudie> to begin, here is the copy paste from my sshd_config
<orudie> http://pastebin.com/m87120f4
<orudie> now i'm looking here http://www.debian-administration.org/articles/590
<pmatulis> orudie: did you at least try to just ssh (not sftp)?
<orudie> i will create user and add him to group sftponly
<orudie> pmatulis, yeah man
<orudie> i did
<twb> I agree, I'd also get basic SSH working first.
<orudie> pmatulis, around ?
<twb> From #upstart, which is asleep:
<twb> 11:42 <twb> I am looking at /etc/event.d/ on an Ubuntu Server 8.04 system.  Can someone explain why tty1 and tty2 differ in their start/stop parameters?  It looks like tty2 through 6 are only active for runlevels 2 and 3.
<ha1331_> how can I prevent ssh session from terminating because of timeout?
<ha1331_> I know I need to add soething to ssh_config, but what?
<w3wsrmn> ha1331_: you could set ServerAliveInterval in ssh_config on your client, and/or ClientAliveInterval in sshd_config on the server
<ha1331_> w3wsrmn: are the units for the value seconds?
<w3wsrmn> ha1331_: yup
<twb> ha1331_: I cheat and use -o BatchMode=yes
<ha1331_> twb: what does that do?
<twb> It enables TCP keepalives.
<twb> As a side effect, I mean
<twb> Typically if I want keepalives, it's because the connection is unattended, e.g. ssh -w'
<ha1331_> twb: that setting is aplicable also for sshfs?
<twb> sshfs should do it automatically IIRC.
<ha1331_> IIRC?
<twb> Perhaps you want -o reconnect
<ha1331_> oh: IIRC = If I Recall/Remember Correctly
<ha1331_> knew lol already
<ha1331_> :)
<FFForever> What is the best way to do a jailed shell
<twb> FFForever: OpenVZ
<FFForever> i am already on a vps :P
<twb> Then stop.  You are done.
<FFForever> i want to give users on my system a jailed shell
<twb> Good luck with that.
<FFForever> i know there is a way
<twb> AFAIK there's no particularly secure way.
<FFForever> there has to be a bettery way then to just give them a regular shell
<twb> Well, yes, but basically what you end up doing is approximating a VPS system in userland, insecurely.
<FFForever> but they will only have access to cp, mv, rm, uptime, nano, how can they destroy that?
<twb> FFForever: if that's all they have access to, how will they log in?
<FFForever> what do they need to login?
<twb> FFForever: well, login(8) and sh(1).
<FFForever> not bash
<twb> And access to /dev/pts
<FFForever> (8)?
<twb> login is a chapter eight program.
<twb> Oops, it's not
<FFForever> what is a chapter program?.
<twb> man man.
<ixpl> hey
<ixpl> i need to know if it is possible to run ettercap on my remote box via ssh
<ixpl> i got some errors and just wondering if there's a workaround
<ixpl> possible to run ettercap remotely via ssh?
<matthewmpp> Hi, In ubuntu-server 9.04 is it okay to edit the fstab file manually?
<matthewmpp> It does look like the standard config file I am used to.
<matthewmpp> ping
<matthewmpp> mistake: it does not look like the standard config file. :-(
<jmarsden> matthewmpp: man 5 fstab  # describes its format
<FFForever> what is a good tutorial for quota's?, also what happens when a user runs out?
<matthewmpp> yeah, i found an answer. thanks though.
<FFForever> root@chr1831:~# edquota -u meklort -f PRGMRDISK1, edquota: Cannot stat() given mountpoint PRGMRDISK1: No such file or directory, any ideas?
<TimReichhart> can anybody help me out is there anyway that I can hide port 8080 on url
<twb> TimReichhart: "hide" it how?
<TimReichhart> instead of going to mail.domain.com:8080/rc cant I just put it like domain.com/rc
<TimReichhart> the webmail and webserver are on 2 different servers
<twb> TimReichhart: that would involve putting a proxy webserver on port 80
<twb> e.g. mod_proxy or mod_rewrite
<TimReichhart> ok
<twb> FFForever: PRGMRDISK1 doesn't sound like a filesystem
<ball> What tape backup software can I use with Ubuntu Server?
<ball> tar?
<twb> ball: tape is super yuk
<twb> Unless you already have your tape drive and hardware, get a HDD or DVD solution instead.
<TimReichhart> so twb can u show me what a mod_rewrite looks like
<twb> TimReichhart: no.
<TimReichhart> alright
<ball> twb: it's already in place (and for many systems, DVD simply isn't large enough)
<ball> the drive shows up as st0
<ball> ...but my usual tar incantation doesn't work.
<ball> I lack practice with Linux
<twb> ball: right; you'd use multiple DVDs for each backup.
<twb> But anyway, you have tape infrastructure already.
<twb> I don't know much about the nasty details of tape, but I would start by looking at amanda (the "overkill" end of the spectrum) and tar (the "underkill" end up the spectrum).
 * ball tries tar again
<ball> ah, I needed the "-" for Linux
<twb> Theoretically, TAPE=/dev/st0 tar c /etc/ or similar.
<twb> Which "-"?
<ball> "tar -tf /dev/st0"
<ball> I come from a world where there is no - there.
<twb> You shouldn't normally need the - there.
<twb> Unless you have stuff before it, e.g. you can't say "tar cf /dev/st0 C /etc ppp" -- you have to say "tar cf /dev/st0 -C /etc ppp"
<ball> I was trying *t*f, to get a table of contents.
<twb> Yes, that should work.
<twb> I don't know why it didn't.
<ball> I'm just backing up some files now, will compare checksums after a restore.
<twb> If you're making WMRN-type backups, --lzma or -j might be a nice idea to save space, at the cost of extra CPU during the backup
<ball> straight tar is fine
<ball> Looks promising too.
<ball> it was just the "-" that threw me.
<twb> OK, cool.
<ball> Hmm... seems like I have to keep power cycling the drive though.  That's not good.
<twb> I'm afraid I can't help with that.
<oh_noes> Anyone awake to help me with a mdadm RAID10 problem?
<ball> damnit.
<_ruben> oh_noes: not unless you give us some more details on the problem
<oh_noes> I posted my problem here:  http://forums.overclockers.com.au/showthread.php?t=787262
<oh_noes> forum should be open to hte world
<oh_noes> but basically, madm has dropped my md5 RAID10 volume  and I have no idea what next steps to try
<ball> time to reach for your backup tapes perhaps.
<oh_noes> Why?  All 4 disks are live and sdd1 confirms they are healthy
<oh_noes> but mdadm has dropped the disks
<oh_noes> (maybe its just trying to prove why it doesnt belong in the enterprise space)
<ball> could be.
<_ruben> looks like all 4 are marked as spare
<_ruben> and the 'fault removed' lines sound scary as well
<ball> ouch.
<twb> From what I've seen of OCAU weenies, I wouldn't trust them to do ANYTHING linux-related.
<oh_noes> I don't really half a choice, I bum around on that forum so i might as well ask
<twb> YMMV, but I tend to think of them as mainly being hardware weenies -- particularly Windows gaming hardware.
<twb> Fair enough.
<oh_noes> twb: you dont have a sec to see the state of my madm in that post?
<twb> Incidentally, why are you using RAID10 instead of RAID5?  Are the disk pairs of different sizes?
<twb> I make a point of not reading web forums, because they seem to have deliberately poor accessibility.
<ball> twb: RAID1+0 may be lighter in terms of CPU load
<twb> ball: I suppose...
<ball> (slightly ;-)
<twb> I'd have to think about the failure more for RAID1+0, but I'd be more scared of it than RAID5 or 6.
<twb> Assuming by 0 you mean striping and not mere catenation
<_ruben> raid10 is atleast as safe as raid5
<ball> twb: usually it's taken to mean a stripe over mirrored pairs of disks.
<_ruben> raid10 can sustain multiple diskfailures, as long as they're not part of the same raid1 set
<_ruben> also raid5 has lousy write performance
<twb> _ruben: OK, so it's kinda 1Â½ parity drives :-)
<ssm> _ruben: unless you pay big $$$ for hardware that does raid5 for you, then it _may_ be fast.
<_ruben> raid10 doesnt do parity
<_ruben> raid5 will *never* be as fast as raid10
<ssm> you don't need parity for raid1+0
<_ruben> raid5 is fine for a fileserver or so .. but for db's or vm storage, you'd need raid10 to get a bit of decent performance
<ball> ssm: that's what we did, and I rather wish we hadn't.
<ssm> _ruben: on my EMC hardware, raid5 on 4+1 disk _is_ faster than raid10 on 4 disks.  On MD, it's not.
<ssm> I don't like raid5 anyhow.   Stripe and mirror everything important
<ball> I'm going to bed.
<ssm> unless it's raid5 on ZFS, then you'll get rid of the possibility of rad5 write hole.
<_ruben> ssm: 4+1 ? thats a hotspare i assume?
<_ruben> ssm: also, workload is a very important factor here
<oh_noes> 4+1 is most SAN speak means 4 data 1 parity or 5 disk RAID5
<ssm> _ruben: 4+1 is one of the two raid5 combinations on EMC clariion, the other is 8+1.
<oh_noes> RAID10 is typically faster for writes, RAID5 reads may beat it but with slower write performance
<ssm> oh_noes: true
<_ruben> if 4 data + 1 parity .. its an unfair comparison ..  4 versus 5 disks
<ssm> oh_noes: unless you've got a good write cache, and a storage processor to layout the data to avoid disk seeks.
<oh_noes> which, in our example (mdadm on sata) you don't have.
<_ruben> must admit i havent been lucky enough to get my hands on a EMC/EQL/EVA/etc .. just various levels of poorman's sans
<oh_noes> I needed write speed and performance over space,so RAID10 in my use is the obvious answer
<oh_noes> but, why mdadm thought it would die, was not part of my asumptions
<_ruben> oh_noes: have you tried anything to revive it? if so, what?
<oh_noes> I havent tried anything.  I'm not familar with mdadm.
<_ruben> odd
<oh_noes> Thats my problem, i have no idea what to try next.
<oh_noes> heck, I don't even understand mdadm --detail and I'm not sure what state it's in
<_ruben> as i interpret it, the seperate disks disagree on the state of the other disks
<oh_noes> http://pastebin.com/m10018694
<twb> I'd be nervous about a nine-way array with only one parity disk
<oh_noes> thats the (non forum) output
<_ruben> at this stage i'd be prepared to lose your data (and thus get the backups ready, if any), and try to rebuild the array, the data *might* not be lost
<_ruben> s/to lose/to have lost/
<jmarsden> If you really think all disks are 100% fine, you could try using mdadm --re-add to add devices back into the array... but I'm definitely *not* an expert on this, and unless you have good backups, at this point it looks like you need an expert :)
<_ruben> jason^: re-add wont work i think, as they're currently all listed as being part of it already and marked as spare, atleast that's my interpretation of those (S)'s
<_ruben> jmarsden: ^
<_ruben> damn autocomplete
<oh_noes> the part that I have found weird is, mdadm --detail /dev/md5 returns "mdadm: md device /dev/md5 does not appear to be active."
<oh_noes> What does that mean?  it doesnt have enough active/online dev to bring it online?
<ssm> _ruben: if you've got disk space somewhere else, you could try to dd your disks, and try to use mdadm to assemble the virtual disks
<oh_noes> I'm trying to see a higher level 'what mdadm thinks' against all 4 disks... is it DEGRADED with 3 of the 4 disks down?
<_ruben> ssm: indeed .. (though im not the one with the problem ;))
<ssm> _ruben: ah, it's oh_noes :P
<_ruben> oh_noes: it depends on which disk you ask that question .. mdadm's point of view is that is sees 4 spares (i think)
<twb> oh_noes: /proc/mdstat?
<oh_noes> twb: mdstat is at the bottom of that pastebin output
<oh_noes> _ruben: where is it showing them as spares?
<_ruben> md5 : inactive sdf1[3](S) sde1[2](S) sdd1[1](S) sdc1[0](S)
<twb> oh_noes: the (S), I imagine
<oh_noes> _ruben: I dont want to ask the disk, I want to ask mdadm..  Surely mdadm manages every IOP to ensure each dev gets the command and in the case of RAID10, ensures both dev's (the '0' part) ackowledge and return ok
<_ruben> mdstat output
<_ruben> mdadm's point of view is represented in /proc/mdstat
<soren> That's not entirely accurate.
<soren> /proc/mdstat is the kernel's point of view.
<_ruben> got a point there :)
<twb> "mdadm" is being used loosly to refer to the underlying md.ko or whatever, I think
<ghostlines> hi all
<ghostlines> i was trying to run an script using sudo and it didn't run, I had to switch to root to get it to run
<ghostlines> why is this?
<ghostlines> it was s simple script from open-vpn http://openvpn.net/index.php/open-source/documentation/howto.html#pki
<owh> Is anyone aware of a tool that will provide me with a web based UI into a maildir directory? I'm not really looking for an full IMAP webmail client, or installing sqwebmail with courier - the only functionality I really need is to view the message in a browser so the user can manually process the message in another web based process.
<owh> Even a command-line tool that would render a message would do the trick.
<twb> owh: mutt -f /path/to/maildir
<twb> Or did you actually mean CLI when you said CLI? ;-)  People tend to include charcell GUIs in that list ;-)
<twb> Strictly speaking, cat(1) will render a message in a maildir
<owh> Well, if it was a CLI, then I'd hope to run the magic parser command and render it within a web-frame :)
<owh> cat doesn't qualify as a parser :)
<owh> Well, I suppose, technically it does, parsing bits and all :)
<owh> I mean, make a maildir message human readable :)
<owh> And with human, I mean, *not* a programmer like me -- think secretary.
<twb> Chop of everything before the first \n\n sequence.
<owh> Yeah, except that lots of this mail has multi-part crap in it with funky encodings and line wraps.
<twb> owh: haha, then you need a mime demuxer
<owh> Imagine I rewrote my question appropriately :)
<owh> Oooh, mimedecode and mpack are ringing bells.
<twb> what language are you writing in?
<owh> php
<owh> Yes, I could write it all from scratch - I'd rather not :)
<owh> Just for the record, I'm trying very hard not to have to use php-mail-mimedecode and decode each message manually if I can avoid it.
<twb> Sorry, I don't condone the use of PHP.
<owh> That's ok, it's not on your server :)
<owh> twb: It's not on mine either, but that's just semantics :)
<_ruben> ghostlines: without looking at the url but judging from my memory, it involves sourcing a file with variables, and with sudo you get a temp shell (afaik), so the sourcing wouldnt do what you want
<BrixSat> is there any way to connect to a machine and administer like team viewer or log me in?
<_ruben> ok .. this is nuts .. i can resolve an internal hostname using 'host', i can ping the corresponding ip, but i cant ping the hostname: it says it cant resolve it
<ewook> dns-missmatch.
<_ruben> hmm .. it doesnt even attempt to contact my dns server
<ewook> check what dns-servers you have set it to use.
<_ruben> $ host vn-t-mx04.mailtest001.local ; ping vn-t-mx04.mailtest001.local
<_ruben> vn-t-mx04.mailtest001.local has address 10.0.64.134
<_ruben> ping: unknown host vn-t-mx04.mailtest001.local
<BrixSat> Failed to query Postfix config command to get the current value of parameter home_mailbox: /usr/sbin/postconf: fatal: open /etc/postfix/main.cf: No such file or directory
<_ruben> hmm .. its not a local issue, other machines show the same .. lets check my dns server
<_ruben> hmm .. the .local seems to be the issue here .. i see avahi and multicast traffic going on
<BrixSat> is there any way to connect to a machine like team viewer or log me in, i need to bypass lots of router's and i cant port forward all?
<_ruben> BrixSat: still dont have a clue what you're asking
<BrixSat> :p
<_ruben> stupid mdns stuff .. editing /etc/nsswitch.conf did the trick
<BrixSat> i used to have a machin running windows inside a huge network, and i used team viewer to administer it, now i have ubuntu server and i cant connect to it from the interner, cause it has at least 10 routers and im not the network administrator
<BrixSat> got it?
<_ruben> well, you'd need atleast a single port opened to it in order to be able to connect it .. and routers arent the problem, its most likely firewalls that are interfering
<BrixSat> i have port 22 ssh
<BrixSat> but how can i reach the machine from the outside world?
<stanman1> hi, i'd like to run postfix as a relayhost for an exchange (sbs 2003) server, anyone done this before?
<stanman1> or knows a tut
<BrixSat> _ruben?
<_ruben> stanman1: inbound or outbound?
<_ruben> BrixSat: ask the network admin(s) to open up port 22
<BrixSat> [_ruben] lool dont you think i have done that before? he wont open!!
<BrixSat> teamviewer did not need that and log me in was the same! no port opening on router
<_ruben> teamviewer would need atleast one port to be open as well .. atleast to (for example, as i dont know that tool) a teamviewer server
<_ruben> if no inbound connections are allowed, then its probably for good reason
<_ruben> having the box initiate an outbound vpn connection to a known place *might* do the trick, assuming outbound isnt filtered
<stanman1> _ruben: both in- and outbound
<_ruben> stanman1: the biggest challange is telling postfix the list of valid email addresses, tho there's quite a few scripts out there on the net that dump the AD info into a file that postfix understands
<ewook> not that hard.
<_ruben> probably not, indeed
<ewook> pull the addys from ad, and insert into file/db.
<ewook> and the format for postfix is already defined. so, ya.
<qiyong> can I use php cgi, withouth #! ?
<qiyong> how do i install a pkg without installing its depends?
<PhotoJim> qiyong: if the depends aren't installed, your package won't work.  if they're already installed, they won't be reinstalled.
<qiyong> PhotoJim: my package can work
<qiyong> libapache2-mod-passenger depends on mpm worker, but i don't like to use worker
<qiyong> PhotoJim: ^
<orudie> questin. how do i view the keys on my host ?
<PhotoJim> qiyong: you may need to install from source, then.  or convince the libapache2-mod-passenger developer that the dependent package is not actually required.
<qiyong> can i ignore the depends?
<PhotoJim> that depends on whether that dependency is actually required or not.
<soren> qiyong: I told you already.. You don't have to change anything in your php scripts or directory layout or anything to use php via fastcgi.
<soren> All you need it to change your apache configuration a tiny bit.
<qiyong> soren: sorry, i can't get my apache confed properly for fastcgi
<soren> I use libapache2-mod-fcgid myself. See http://fastcgi.coremail.cn/ for docs.
<iulian> Can someone please point me to a list of server specific merges that should be done?  I remember seeing a wiki page about this but unfortunately I cannot find it anymore and google is no help :-(
<soren> iulian: I don't know if we maintained such a list this time around.
<soren> iulian: Ask mathiaz when he shows up.
<soren> Probably within the next hour or so.
<iulian> soren: OK, I will then check on launchpad for packages that need to be merged.
<iulian> I mean, where -server is subscribed.
<iulian> Aha! https://bugs.edge.launchpad.net/~ubuntu-server/+packagebugs
 * iulian hopes they are not all in main.
<soren> Most are, I'm afraid.
<soren> Please don't let that stop you.
<iulian> It doesn't matter, I will just attach the debdiff to the bug.
<soren> Myself, mathiaz, and kirkland can all sponsor stuff for you.
<soren> as well as any other core-dev.
<iulian> Indeed.
<iulian> That's odd.  I'm wondering why bacula has as the Maintainer the MOTU developers and the package is actually in main.
<soren> iulian: Probably because noone bothered to fix the maintainer when it was promoted.... three releases ago. :)
<iulian> soren: Yeah, well, in 2.2.8-4ubuntu1 they modified the Maintainer.
<soren> From what to what?
<iulian> No idea, that was back in Hardy.  The changelog only mentions that the maintainer field has been modified.
<iulian> Ah
<iulian> It was first modified in Gutsy, 2.0.3-4ubuntu1.
<iulian> Blah, it doesn't matter when it was modified, we just need to update it, that's all.
 * iulian shakes head.
<pschulz01> Greetings.. I'm not going to be able to join the meeting, but I have been looking into the VirtualBox OSE repository (svn).. and their Debian packaging.
<pschulz01> Is dkms the 'prefered' way to include modules these days?
<soren> pschulz01_away: Yes.
<LordDicranius> is there a way to make Courier-IMAP deliver to an external mailbox (of the same name locally) using the MX records (rather than just dropping it off locally)?
<uvirtbot> New bug: #385221 in apache2 (main) "Error 403 after changing default root" [Undecided,New] https://launchpad.net/bugs/385221
<iulian> zul: Ah, I've just been preparing the nut merge :-)
<zul> iulian: sorry :)
<iulian> Heh, no worries.
<joe-mac1> helloy all, i've created a custom repo with reprepro and it works pretty great, except i get a warning from apt on my nodes when they run an update saying expected distro hardy but got ), presumably just an empty string. i looked at the distributions file and it looks set... any ideas?
<orudie> why am i having so much trouble with ssh keys ?
<fbc-mx> IS there no equivalent in Ubuntu-server that announces/broadcasts nfs shares like samba does for it's shares?
<Jeeves_> fbc-mx: Does that even exist for nfs?
<fbc-mx> My desktops can only see the windows shares but not nfs shares
<fbc-mx> Jeeves_, I dunno, that's why I'm asking.
<fbc-mx> Jeeves_, I mean there has to be a way of making them show up to my desktops.
<Jeeves_> fbc-mx: Yes, by mounting them
<fbc-mx> Jeeves_, I'll try to download one of those UBUNTU PDFs from some torrent site. Maybe I can get some insight as to how it's supposed to be done in a network environment.
<Jeeves_> fbc-mx: afaik, nfs does not broadcast
<Jeeves_> neither does samba, afaik
<Jeeves_> showmount -p can do some stuff with nfs
<Jeeves_> but that is to be run from the client, asking the server which mounts he has
<fbc-mx> Jeeves_, NFS does not broadcast??? Neither does samba?? Then every desktop goes out and port scans every computer to find shares? That's very ineffecient.
<Jeeves_> fbc-mx: No, a desktop will broadcast to see which computers reply
<fbc-mx> Jeeves_, There has to be a broadcast of services by Samba. It would be so inefficient for every Machine to do that.
<fbc-mx> Jeeves_, ahh.
<Jeeves_> fbc-mx: Ok, whatever you want
 * Jeeves_ will shutup now
<fbc-mx> Jeeves_, ah, ok  so a desktop puts out a special query packet that the samba server responds to with a list of shares. Is that correct?
<Jeeves_> no
<Jeeves_> the client asks which other samba clients there are
<Jeeves_> those clients show up in the 'windows networking' stuff
<Jeeves_> and than you click further and further
<jmarsden> http://www.ubiqx.org/cifs/Browsing.html may be a relevant chapter of "Implementing CIFS" ?
<fbc-mx> Jeeves_, so back to the problem. I have to go to every computer mounting NFS shares every morning when they boot up? There has to be a better way.
<Jeeves_> vi /etc/fstab
<Gena01> hi
<Jeeves_> hi
<jmarsden> fbc-mx: Are you aware of autofs ?  https://help.ubuntu.com/community/Autofs
<Gena01> I am running Ubuntu Server 9.04 and apache+php.. and when I change apache2/php.ini error_log=/var/log/apache2/php_err.log it's not working.. I tried chown root.adm and 666, but it keeps writing errors to error.loh
<Gena01> error.log i mean
<Gena01> is it a known issue or I am doing something stupid?
<jmarsden> Gena01: Did you restart Apache?
<Gena01> yup
<Gena01> the cli works. it's able to write to the file.. it's 666 now... but apache still doesn't
<Gena01> should I file a bug?
<jmarsden> I'd see if you can get someone else to duplicate it first, but you could if you want.  I have to head out to work so I can't help further right now, I'm afraid.  I generally use syslog logging rather than direct-to-file logging on "my" servers, so I don't have much experience with using error_log=
<Gena01> jmarsden: for us it helps to have 1 error log file for both apache and cli apps
<jmarsden> Sure, but can't the cli apps also log via syslog?
<Gena01> i want all php errors to go there.. they could.. if they can catch and redirect things.. but that's more complicated
<orudie> can someone help me ssh key ?
<Gena01> and some errors are not possible to catch from php..
<jmarsden> If you just set error_log = syslog   then whatever would have gone to your file goes via syslog... right?
<Gena01> jmarsden: mmm.. i guess it could work.. but then I have to change syslog and redirect php errors out to a separate file and fix permissions so that devs can read the file
<jmarsden> Probably.  man 5 syslog.conf
<Gena01> jmarsden: still weird that it's not working
<jmarsden> Yes, it should work your way too.  But I need to get out of here... sorry :)
<Gena01> jmarsden: np, thanks for your help
<jmarsden> orudie: See http://ubuntuforums.org/showthread.php?t=30709
<uvirtbot> New bug: #385251 in php5 (main) "apache2/php.ini error_log=/var/log/apache2/php_err.log not working" [Undecided,New] https://launchpad.net/bugs/385251
<jmarsden> Gena01: One more thought: check permissions on /var/log itself.  Or try error_log = /tmp/php_err.log as a test.
<Gena01> jmarsden: but that would only matter if that file doesn't exist.. right?
<tomsdale_> there is a command to force a file not to get overriden by the system but I forgot. trying to make my resolv.conf unchangable.
<Gena01> jmarsden: mmm... ok..  /tmp/php_err.log works..
<tomsdale_>  chattr +i  that's it. Makes a file unchangable
<jmarsden> So you have a permissions issue in /var/log, I would strongly suspect.  Syslog handles that for you :)
<jmarsden> tomsdale_: Better to tell your dhcp client to leave DNS info alone that do strange things like that, surely?
<tomsdale_> jmarsden: it's temporarily so I'll change it back.
<jmarsden> Your choice.  Editing /etc/dhcp3/dhclient.conf to do a supercede for the domain info seems more logical to me...
<iulian> Would anyone like to sponsor bug#385262?
<tomsdale> can anyone explain this. host www.mydom.com => IP1     ping www.mydom.com => IP2.   Why is the name resolution via hostfile disregarded by some programs?
<tomsdale> I have an extra entry in my /etc/hosts for www.mydom.com. Ping resolvs via the /etc/host
<mathiaz> tomsdale: ping uses the libc library (and thus nsswitch+resolv.conf) while host doesn't use the libv resolver but talks *directly* to dns servers
<mathiaz> tomsdale: host is a utility to query dns servers and debug them
<tomsdale> thx, that makes sense mathiaz
<uvirtbot> New bug: #385262 in tomcat6 (main) "Merge tomcat6 6.0.20-1 from Debian unstable" [Wishlist,Fix committed] https://launchpad.net/bugs/385262
<muszek> hi... I'm trying to do a remote backup using ninjabackup.  It uses rdiff-backup.  I have hardy on production server and jaunty on home server.  ninjabackup complains that rdiff-backup has a different version on each computer and doesn't want to proceed.  Any solutions?  There's no rdiff-backup in hardy-backrports
<muszek> or maybe you can recommend some other backup solution?  needs to handle mysql and regular files.
<iulian> mathiaz: Thanks.
<shadow98> what is the best way to have an active/active failover for our webserver/mysql server
<orudie> how do you specify port with scp ?
<PhotoJim> orudie: scp -P xxxx
<orudie> can someone have a look at this and maybe hint me on whats wrong ? http://pastebin.com/d5a3338fd
<alex_muntada> orudie: it seems that the remote server is closing the connection
<orudie> alex_muntada-> yeah but why ?
<alex_muntada> it will be very helpful to see the logs on the other side
<alex_muntada> orudie: you can try increasing verbosity level as in sftp -vvv ...
<jared555> what are the advantages/disadvantages of ubuntu server with kvm vs centos 5.3 with xen?  I have mostly used centos with xen
<shadow98> what is the best way to have an active/active failover for our webserver/mysql server
<ivoks> drbd
<ivoks> and mysql in master-master replication
<ivoks> drbd for web site
<pmatulis_> ivoks: don't you need a ha component?
<ivoks> depends on setup
<ivoks> if you have two nodes in 'cluster'
<ivoks> and both serve the same stuff
<ivoks> then drbd in primary/primary should be enough for web site
<ivoks> and mysql in master/master replication for mysql
<ivoks> hopefully, you have a loadbalancer that can load the traffic on them
<ivoks> if you don't have it, then you need to manage IP failover
<ivoks> on top of drbd you can have ocfs2 or gfs2 (if you want gfs2, then you need redhat cluster suite)
<orudie> ivoks-> hi, are you familiar with sftp when using ssh key ?
<pmatulis_> orudie: you still didn't get it working?
<orudie> no but i'm getting a different error this time
<orudie> how did you configure your sshd_config ?
<pmatulis_> orudie: last time you were trying to chroot with ssh, is this the same now?
<orudie> yeah exactly
<pmatulis_> orudie: did you try to use just ssh (not sftp) with the simplest config (no groups, etc)?
<pmatulis_> ivoks: thank you for your answer
<orudie> pmatulis_-> yes ssh worked with ssh key i figured that out
<pmatulis_> orudie: in chroot right?
<orudie> nope not in chroot
<orudie> still having a problem with chroot
<pmatulis_> orudie: so sftp problem is not related to chroot right?
<Hillaballoo> hey all, I need some emergency help- after a reboot, libvirtd is hanging repeatedly
<Hillaballoo> 9.04 64x86
<Hillaballoo> hangs pegging one CPU core...but after it manages to kick off the KVM machines that are auto-start
<ivoks> 'night
<yann2_> hi
<yann2_> W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/hardy-updates/main/binary-i386/Packages.bz2  Hash Sum mismatch
<yann2_> I've been getting this for weeks - am I the only one?
<phoenixz> What are the max. specs on CPU and memory for ubuntu-server?
<phoenixz> as in, howmany CPU's could it support
<phoenixz> and howmuch memory?
<phoenixz> What are the max. specs on CPU and memory for ubuntu-server?
<jmedina> phoenixz: from the ubuntu oficial site: http://www.ubuntu.com/files/server/UbuntuServerBrochure804LTS.pdf
<phoenixz> thanks!
<jmedina> ups
<jmedina> it is not there
<jmedina> http://www.ubuntu.com/getubuntu/download-server
<phoenixz> jmedina: just a detail... 9.04 specs are equal to 9.04 specs? I need the 9.04 limits.
<jmedina> thgere is a link to  Installation requirements"
<jmedina> phoenixz: I dont know I dont use 9.04 for servers, only LTS
<steffan> jmedina: If I recall correctly those are minimum requirements? phoenixz is asking for maximum
<phoenixz> steffan: correct
<phoenixz> I need maximum supported..
<LMJ> phoenixz  : ubuntu is a kind of bundeled open source softwares with one famous called Linux : the kernel. Is the one who deals with hardware, check on the Linux kernel max specs instead (according to the ubuntu kernel version) You will see limits are pretty huge
<phoenixz> We're looking at as sweeet 24 core IBM server which probably will run some 500+GB memory... I'd like to be sure that ubuntu-server will keep running on it
<jmedina> phoenixz: and that will depend on the arch
<phoenixz> LMJ: I know the kernel limits yeah, thats pretty high.. but I dunno if ubuntu itself has some lower specs of that?
<phoenixz> jmedina: i386 architecture
<LMJ> phoenixz : pretty sure : no, maybe you could have some sysctl tweaks or a custom ubuntu kernel to optimize the ressource utilisation
<phoenixz> LMJ: pretty sure: it will work, or pretty sure: it will not work?
<phoenixz> Its not very clear :)
<LMJ> it will ;)
<jmedina> phoenixz: so what do you expect?
<jmedina> do you already have a requirement?
<LMJ> 500GB : nice, but i'm wondering why you are not running AIX crap on this hardware to have full support from IBM, ubuntu is kinda exotic
<jmedina> ups, /me scrolling up
<shadow98> ivoks: sorry i stepped a way for a bit and just got your message
<shadow98> ivoks: ok so I am going to use drdb and mysql replication master/master
<shadow98> what is the purpose of the new filesystem ocfs2?
<LMJ> cluster oriented shadow98, developped by oracle iirc
<phoenixz> LMJ: its sweet yeah, but its still all planning.. Using ubuntu because.. it simply works :) Going to do virtualization with it.. correction bout the memory by the way, its going to be more like 100 - 200 GB..
<jmedina> phoenixz:  what are you planning to use for virtualization?
<LMJ> it may work but you should use 64bits architecture is CPU can handle it
<LMJ> if*
<phoenixz> looking at kvm based solutions.. We've done quite a bit of testing, looks good so far
<phoenixz> LMJ: it should be 64 bit yeah.. if the CPU could not handle that, I doubt the server would be able to exist in the first place :)
<LMJ> you have an efficient storage too? That's the typical virtualisation bootleneck
<phoenixz> LMJ: Fiberoptic SAN.. probably multiple cards per server to be able to sustain high throughoutput (how do you write that again?)
<phoenixz> another thing we're working on.. it should be possible to "bundle" multipe (say 4) network cards together to access them like if they were only one network card, right?
<shadow98> so are the majority in agreement the best bet for an active/active failover is drdb
<phoenixz> LMJ: ubuntu server also supports fiberoptic cards like Qlogic and Emulex?
<jmedina> phoenixz: for storage is multipath, IBM has a RDAC drivers wich is not supported in ubuntu, you can use kernel DM-Multipath which works fine
<jmedina> and channel bonding for network interfaces
<orudie> pmatulis_-> pm
<phoenixz> so we should not have a problem with the fiberoptic cards under ubuntu?
<jmedina> it depends, I have used QLogic HBAs
<phoenixz> jmedina: and that worked fine... ?
<phoenixz> qlogic..
<jmedina> yeap
<jmedina> I have IBM bladecender H
<jmedina> well my customer :)
<Sam-I-Am> jmedina: the launchpad ops have yet to fix my PPA issue so i dont have those packages up yet... but they're done.
<jmedina> Sam-I-Am: good, can I get them from other site?
<Sam-I-Am> i dont have any place to put them unfortunately
<jared555> how is ubuntu/kubuntu's virtualization compared to centos? I know ubuntu uses kvm and centos is xen.  I only have experience with xen so I could use some info from real world usage (not just benchmarks)
<Sam-I-Am> but i have openldap-2.4.16-cvs w/ gnutls and openssl... dhcp, bind9, samba, and miscellaneous libraries backported from jaunty to hardy
<yann2_> jared555 > exciting but new and not very stable
<Sam-I-Am> oh, and heimdal
<jmedina> bind9 with ldap?
<jared555> if I am going to be using virtualization heavily would you suggest centos for the server side then?
<phoenixz> jmedina: I just checked in the linux channel.. They say if the motherboard supports it, the linux kernel will support it.. So ubuntu will also support a 24CPU/256G server?
<yann2_> would recommend waiting or very, very properly testing if it is for prod
<Sam-I-Am> jmedina: well, i'm rolling out a bunch of newer apps for hardy... bind9 is one of them.
<yann2_> jared555 > I don't know centos - but I am unsure about kvm in jaunty
<jmedina> Sam-I-Am: good, I need bind9+ldap
<Sam-I-Am> got em :)
<Sam-I-Am> they both need my rebuilt db4.7 libs... also included in the mix
<yann2_> jared555 > the most serious issues may have been fixed by now though
<jmedina> and what bout samba? do I need new version to support new libldap?
<Sam-I-Am> no, i didnt force bind to need libldap 2.4.16
<jared555> well, my entire home network will be relying on the virtualization heh
<zoopster> jared555: centos is a bit behind jaunty for kvm - kvm was a focal point in Jaunty because of ubuntu enterprise cloud
<Sam-I-Am> i'm trying to keep most of the apps as non-interdependent as possible
<yann2_> its probably good enough for home network :)
<jared555> well I meant centos's xen
<phoenixz> What is the larges (known) server running ubuntu-server? largest as in, highest hardware specs ?
<jared555> basically I will be running either xen on centos or kvm on ubuntu server
<zoopster> jared555: well xen in centos is well behind kvm in jaunty...if you have vt extensions...kvm in jaunty would be a better option
<shadow98> exit
<jared555> ok, thank you
<phoenixz> What is the larges (known) server running ubuntu-server? largest as in, highest hardware specs ?
<Sam-I-Am> i've run it on 8 cores and 64 gigs of ram...
<phoenixz> Sam-I-Am: If all goes as planned, I'll probably run it on a whee bit more than 8 cores
<Sam-I-Am> just a few?
<phoenixz> Sam-I-Am: 24
<phoenixz> not more than that, simply because I can not find anything bigger on the i386 platform :)
<Sam-I-Am> what needs 24 cores?
<steffan> phoenixz: I'll have an account on this server, okay :)
<phoenixz> Sam-I-Am: virtualization
<Sam-I-Am> i'd recommend against more than 8 cores or so in an x86 box
<phoenixz> steffan: You have any idea on what the largest known ubuntu-server installation might be, hardware wise?
<Sam-I-Am> x86 is just too bandwidth-limited
<Sam-I-Am> you'd be much better off with 3 eight-core boxes
<jmedina> phoenixz: why dont you send a message to ubuntu server mailing lists
<phoenixz> Sam-I-Am: well, virtualization usually means larger == better
<phoenixz> jmedina: I may just do that, yeah
<steffan> phoenixz: Follow philosphy (as you are in a Linux channel) and push it too it's extreme :)
<steffan> phoenixz: You will soon find out that way.
<phoenixz> steffan: as in, you think its too extreme?
<steffan> phoenixz: No, I think you should try it.
<phoenixz> steffan: we'll probably get the server anyway, its just a question of what operating system. Because of very good experiences with ubuntu on servers (and  very bad ones with RHEL, SLES, etc), I want to give it the chance it deserves..
<Sam-I-Am> linux is linux though... rather, its just a kernel
<Sam-I-Am> the kernel probably scales fine to 24 cores, but x86 itself does not.
<mathiaz> kees: hey - I saw you made a bunch of upload around May 11th: No-change rebuild to gain FORTIFY defaults.
<mathiaz> kees: what is this for exactly?
<ajmitch> is there a new default compiler option for gcc?
<ajmitch> funny, launchpad has gone back to the original joining date for ubuntu-server for me, in 2005 :)
<mathiaz> ajmitch: launchapd remembers *everything* for *ever*
<ajmitch> yeah I know
 * ajmitch is just reading over the meeting log now
<orudie> i followed this guide http://www.debian-administration.org/articles/590 , but i cant write with chrooted user
<orudie> how can i check what the user's home directory is set to ?
<littleendian> who wants to help a noob with postifx?
<littleendian> better make that postfix
<littleendian> fatal: no SASL authentication mechanisms
<littleendian> postfix and dovecot / I followed the guide at https://help.ubuntu.com/8.10/serverguide/C/postfix.html#postfix-configuration
<kees> mathiaz: it was to catch things that had not been rebuilt in main since the hardening options were introduced in intrepid.
<ajmitch> that was a little while ago
<kees> mathiaz: the goal for 100% of main being covered by the next LTS
<kees> ajmitch: yup, but still a lot of ELF packages hadn't been rebuilt.
 * ajmitch isn't too surprised about that
<mathiaz> kees: oh ok. So not a new feature.
<kees> mathiaz: right
<mathiaz> kees: just making sure that everything will be covered for the next LTS.
 * kees nods
<littleendian> fatal: no SASL authentication mechanisms can anyone help me with this?
<muszek> hi... how do I disable the stuff printed out to STDOUT when I log in via ssh?  This output prevents rdiff-backup from working properly
<uvirtbot> New bug: #385373 in samba (main) "Segfault in smbd" [Undecided,New] https://launchpad.net/bugs/385373
<_cpod_> i want to put a bigger hard drive in my server but don't want to lose any files/configurations. what is the best way to copy everything from the old drive to the new one?  (both are currently mounted)
 * _cpod_ is sure that's a noob question
<phoenixz> _cpod_: cp -a /path/to/source /path/to/destination
<dinger2006> is it raided?
<_cpod_> no, ive got an old 30GB IDE drive that i want to replace with a 320GB IDE drive.  no raid or sata
<phoenixz> New verbs.. I raid, you raid, we raid, we raided, we were raided...
<_cpod_> lol
<phoenixz> _cpod_: mv /path/to/source /path/to/destination cleans the source right away as well
<dinger2006> ok
<jmedina> I prefer rsync
<jmedina> rsync -a /path/to/source /path/to/destination
<_cpod_> oh, and the old drive will be removed.  if that matters
<jmedina> if cp fails you have to start from the begining
<orudie> jmedina, i'm tired of fighting with chroot, can you recommend a secure ftp modality ?
<_cpod_> jmedina/phoenixz: ok i'll give those a try. and how would i copy/redo my MBR?
<jmedina> orudie: I use pure-ftpd with virtual users
<jmedina> _cpod_: you use dd
<phoenixz> _cpod_: you want to have like an image? use dd
<phoenixz> _cpod_: dd if=/dev/sda1 of=/dev/sdb1 for example
<jmedina> I think is dd if=/dev/hda of=/dev/sda bs=512 count=1
<jmedina> I prefer to reinstall grub in the new drive
<_cpod_> alright thanks guys i think thats exactly what i need
<phoenixz> jmedina: you have to specify block and count for dd? I thought for those operations you could just dd if= .... of=.... and done
<jmedina> dd will also copy partition table
<orudie> jmedina, can you give a link with instructions on setting that up ?
<jmedina> phoenixz: well that way wil only copy MBR
<phoenixz> _cpod_: dd copies on block level.. basically on the lowest level you can get
<jmedina> dd is really slow, it copies even empty blocks
#ubuntu-server 2009-06-10
<dinger2006> if u want an image why not use clonezilla live cd?
<jmedina> orudie: grub-install /dev/sda
<_cpod_> dinger2006: never heard of it... i'll check that out
<dinger2006> worth a look, the new one is built on intrepid i believe
<jmedina> when you use clonezilla the destination partiion is bigger than the source, you have to resize your filesystems to fit new partition space
<_cpod_> jmedina: alright so if i use clonezilla and then gparted i should be good?
<jmedina> yeap
<jmedina> wel, I dont know gparted
<jmedina> I use something like: resize2fs /dev/sdc1
<jmedina> for ext3 filesystems
<_cpod_> okay
<_cpod_> alright well i think i've got all the info i need
<dinger2006> clonezilla grows it as long as its bigger
<_cpod_> thanks a ton guys!  i appreciate it
<jmedina> dinger2006: you make me doubt, I think I needed to resize when I used dd_rescue
<dinger2006> im sure it does it but might be wrong
<awmcclain> Here's a silly question: What's the best way to run a cron job as root? I have a service I need to restart daily.
<erichammond> awmcclain: Perhaps /etc/cron.daily/YOURNAME (executable script) or /etc/cron.d/YOURNAME (crontab format)
<awmcclain> erichammond: But what user does that run as? root?
<erichammond> awmcclain: cron.daily runs as root.  cron.d files specify the user in each entry.  See the existing files that are probably in those directories.
<awmcclain> erichammond: Ah, perfect! Thank you.
<erichammond> awmcclain: man cron
<awmcclain> erichammond: No, I have custom scripts in cron.daily, but for some reason I thought they ran as a less-privleged user.
<r_myoung> Hi, I'm having trouble getting amavis to work with my postfix setup. It sems to be running OK but messages are not being passed to amavis as best I can tell. I'm not dure where do go from here. I can't find anything helpful in my logs.
<pmatulis> r_myoung: telnet to the amavis port, does it respond?
<r_myoung> Yes, it responds: 220 [127.0.0.1] ESMTP amavisd-new service ready.
<twb> r_myoung: write a message to it, then.
<pmatulis> r_myoung: i guess your postfix configuration is messed up then, maybe pastebin your master.cf and main.cf somewhere
<r_myoung> Here's my master.cf http://dl.getdropbox.com/u/247534/master.cf
<r_myoung> and here's my main.cf http://dl.getdropbox.com/u/247534/main.cf
<r_myoung> I wrote a message using telnet to check the transport chain and it seems to work OK.
<ScottK> Your main and master .cf look OK to me.
<ScottK> I guess he left ....
<qiyong> how do i let my app to use vendor rails, not gem rails?
<oh_noes> How do I tell Ubuntu Hardy, to try to find a DHCP server for eth0.  BUT, if it cannot, set a specified IP address and subnet?
<TimReichhart> I need some help on getting my 56k modem to work and I am using ubuntu 9.04 server with HSFi CX11252-11
<twb> Sigh.
<twb> Why isn't aufs modprobable anymore on my 8.04 server system?
<twb> Ah, probably because some fucking idiot decided to deploy openvz on the system
<twb> Is module-assistant still the approved way of building kernel modules from foo-source packages?
<twb> ^dkms
<uvirtbot> twb: Error: "dkms" is not a valid command.
<twb> !dkms
<ubottu> DKMS is Dynamic Kernel Module Support. See https://launchpad.net/dkms for more.
<twb> !m-a
<ubottu> Sorry, I don't know anything about m-a
<twb> !module-assistant
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<twb> Sigh.
<d22> hi
<_ruben> dkms is prefered over m-a indeed
<_ruben> though for most -source packages, m-a is still the way to go (as they not yet support dkms)
<twb> _ruben: is there a "dkms for m-a weenies" article somewhere?
<twb> Or: how can I tell if dkms will work with aufs-source?
<twb> Not that it matters, because "m-a a-i aufs" on an OpenVZ kernel just bombed out with retarded arity errors.
<_ruben> twb: they're quite different in how they work/are setup
<_ruben> there's no simple "do this, do that" to turn m-a package into dkms
<_ruben> dkms in fact is easier (in my experience) to package than m-a though :p
<_ruben> once you get your head around it
<twb> Eh, this isn't -devel.
<twb> I just wanna get an aufs.ko that I can modprobe in my current kernel.
<_ruben> then again .. now that i think about it .. all you might need is a proper dkms.conf in addition to the source that's provided by the -source package .. perhaps aufs upstream already has a dkms.conf available
<twb> Nope; not on 8.04 anyway
<_ruben> that's why i said upstream .. meaning the authors of aufs .. and thus not (directly) related to ubuntu (versions)
<twb> Ah, OK.
<twb> I hope dkms is as pleasant to use as m-a is, by the time I'm forced to use it.
<d22> when i buy commercial support from canonical, the price of 750$ is per server per year, right?
<twb> NFI.
<twb> !commercial support
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
 * twb finds http://www.canonical.com/services/support
<twb> I note that page doesn't seem to indicate whether VMs (under KVM) are considered separate servers.
<d22> hmm, jep...
<d22> can i buy commertial support at any time?
<d22> i mean, setup my server try if everything works, and when everything is okay, the buy the suppotzt
<twb> There's a bug in the Ubuntu Server Support Service Description version 1.2
<twb> It refers to Order before it is defined.
<twb> And indeed it doesn't appear to be defined subsequently.
<d22> which support service description do you mean?
<twb> The one linked to in the above URL
<dhruba> Hi, I have installed Ubuntu Server 9.04 with NTP, DHCP, DNS and OpenLDAP on it. I have created a few users through phpLDAPAdmin. But while trying to login from the Ubuntu Client 9.04, it is giving a problem that the Home directory is not present. Again, it is giving that it is ignoring .dmrc file. But even through ls -la I could not find any .dmrc file
<ssm> dhruba: there is a pam module that can create home directories for you, when a user logs in
<ssm> dhruba: http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-pam_mkhomedir.html
<dhruba> ssm: Thanks a lot. I am going to try the same.
<drcode> hi all
<drcode> can I install ubuntu-server without lamp and so, I want to use small server for firewall/router
<drcode> also if someone know good firewall console gui
<simplexio> drcode: shorewall? if i remember right is in ubuntu, but usually you dont run X on server, but in other hand you can run that gui on your desktop via ssh X tunnelig
<ewook> drcode: yes you can.
<Appiah_> i entered session required pam_mkhomedir.so in common-session but it does not seam to work
<Appiah_> I dont know what to do from here?
<Will> noob question: say i've bought a new tower, w/o cd drive, grphx, screen etc (a server), whats the best way of getting linux installed on the hdd?
<Will> best = easiest i guess
<_ruben> without a graphics card most pcs dont even boot .. use a screen from another computer .. use an usb cdrom drive/usb stick/netboot installer to install the os
<Will> seems like most tower servers have dvds and integrated grphx anyway
<Will> thx
<nick_schembri> Good Morning cjwatson
<Appiah_> How come I dont get to choose resolution when i do dpkg-reconfigure xserver-xorg?
<_ruben> because ubuntu-server doesnt have xserver-xorg
<Appiah_> umm
<Appiah_> but i just apt-get installed igt?
<Appiah_> it*
<_ruben> then it no longer qualifies as -server im afraid
<Appiah_> I dont understand
<_ruben> you're now running a desktop with the server kernel
<Appiah_> so ubuntu server removed that option (or more) from the dpkg-reconfigure and only has the keyboard options
<_ruben> not really .. installing X on a -server flavour, turns your machine into -desktop, concerning getting support that is
<Appiah_> ?
<_ruben> in othe words: ask the desktop people in #ubuntu
<Appiah_> still a server kernel but ok
<_ruben> this channel is for server related support .. which does not cover X
<Appiah_> I just edit xorg.conf by hand
<cjwatson> nick_schembri: can I help you?
<Appiah_> thought it was bug or something
<_ruben> Appiah_: it could very well be .. but it'd be a desktop bug, not server
<Appiah_> k
<cjwatson> Appiah_: these days X tries much harder to autodetect resolution and so no longer offers that via debconf
<Appiah_> ye , and that really sucks when it autodetects something your monitor does not handle :D
<Appiah_> but I'm gonna leave it at that
<cjwatson> Appiah_: please do file a bug on xorg about that
<cjwatson> we can only improve the autodetection with good bug reports
<cjwatson> Appiah_: http://wiki.ubuntu.com/X may help
<nick_schembri> cjwatson: All of my notes are on firefox and it crashed. I need a minute
<nick_schembri> cjwatson: I had everything planned out to make this sort ad sweet. I'm sorry.
<nick_schembri> cjwatson: I just remastered the livecd for a project at work. I'm sure you do this a better way.
<nick_schembri> I looked your scripts on launchpad. They talk about download-live-filesystem from a build server.  It this image a hand tweaked desktop?
<nick_schembri> Should I build my image up from server + ubuntu-desktop?
<nick_schembri> I'm going to have to build a set of livecd for this project, 100+
<tdn> I have a samba server and several Windows XP clients. The clients have each of their homes mounted as drive H: and a shared drive on S:. Some of the Windows clients are suddenly getting this error, when trying to open the S: "Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied.", but at least one of the clients does not get this error. I cannot see anything i
<nick_schembri> cjwatson: brb
<cjwatson> nick_schembri: livecd-rootfs builds the live filesystem
<cjwatson> nick_schembri: it's a separate piece because if you're building for multiple architectures then the livefs build has to happen on a different machine for each architecture, whereas the ISO image build can be central
<nick_schembri> cjwatson: thanks I'll look at livefs.  that saved me a lot of time digging :)
<tomsdale> After a site has been blacklisted by google and DNS providers because of malicious content being downloaded from another server - how long does it take until you get your name cleared again once the problem is resolved.
<uvirtbot> New bug: #379597 in samba (main) "Failure to install in Ubuntu 9.04" [Undecided,Incomplete] https://launchpad.net/bugs/379597
<teddy_> Ubuntu ready for production servers ?
<teddy_> Ubuntu 9.04 ready for production servers ?
<Fumoh> Hmmm I've got a hardware question... I've compiled this NIC driver without any problems, but when trying to use insmod i get the error message "-1 file exists".
<Fumoh> I've also tried to use modprobe to install the driver, but I don't get any error messages.
<Fumoh> What should I check first?  I'd like to try and track down an error message for modprobe, but I can't find anything when I tail /var/log/messages.
<uvirtbot> New bug: #373619 in openssh (main) "jaunty openssh-client tries all keys available in ~/.ssh" [Undecided,Incomplete] https://launchpad.net/bugs/373619
<Fumoh> Alright so I've verified with lsmod that the driver was installed, but I still can't see eth0
<Fumoh> I've restarted my network service, but I still got nothin'
<Fumoh> how can I activate a network card that I just installed the driver for?
<refnumzx> just upgraded my hard box to the latest dansuardian from repository. getting all kinds of segfaults.  is there a way i can revert to the older version?
<refnumzx> hardy and dansguardian.
<\sh> hmm...which meta package is installed by ubuntu-server ? ubuntu-minimal or ubuntu-standard?
<gustavonarea> Hello. I have a home server on which I'll be running a couple of Linux distros via KVM. I'm trying to create a network bridge for each guest, but I'm pretty confused because my /etc/network/interfaces file only contains one interface: lo
<gustavonarea> All the tutorials I've seen assume that eth0 is defined and use it to create the bridge
<gustavonarea> What interface should I use to set up the bridge? SHould I configure eth0 explicitly?
<gustavonarea> (ifconfig shows 4 interfaces: eth0, eth1, lo and virbr0)
<gustavonarea> Actually, do I really have to create a bridge interface while virbr0 is already available?
<psyferre> hey folks, i've got something very odd going on... over the weekend all of my ubuntu servers suddenly developed problems with outgoing connections to the internet.  Windows and OpenBSD systems are all fine, but every one of my ubuntu servers have very slow internet access... slow enough that outside ssh connections can't even connect.
<psyferre> Can anyone hit me with the cluebat?  I'm completely lost.  Even weirder... one of them is a vmware host, and all the virtual machines on it are doing just fine.  But I can't connect to the host unless i do so on the local network.
<psyferre> Should I just call a priest and be done with it?
<sommer> psyferre: are there any errors in /var/log/syslog?
<psyferre> hmm... a whole mess of "console-kit-daemon[29051]: CRITICAL: cannot initialize libpolkit"
<refnumzx> why.  i should have left my hardy system running rather then doing nice  job and  upgrading hardy now dansguardian is segfaulting and i have no idea
<jmedina> refnumzx: so, why dont you install previous version?
<refnumzx> jmedina, if i could figure out what that was. i would.
<jmedina> probably in your dpkg.log
<psyferre_> sommer: I've got a lot of "cannot initialize libpolkit" errors in syslog, but it looks like that's a bug.  In any case, it's in syslog long before the problem started...  I've got 5 ubuntu boxes, some that have been working perfectly for over a year, and for some reason this weekend they all stopped getting normal internet access.
<refnumzx> i tried browsing the package lists on  ubuntu
<refnumzx> 3dpkg only tels me that it had unpacked dansguardian. not what it instal from as i removed
<refnumzx> sorry to be more clear, dpkg.log only has details about unpacking the latest dansguardian, not what it is going to remove
<sommer> psyferre_: they are ubuntu server installs?  are they trying to get dhcp or something?
<psyferre_> sommer: yes, ubuntu server.  They all have static IPs on bonded nics.  All are accesible on the local network just fine, but internet access on them is VERY slow.  From outside the local network I cannot reach them.
<uvirtbot> New bug: #385614 in net-snmp (main) "package snmpd 5.4.1~dfsg-12ubuntu3 failed to install/upgrade: el subproceso post-installation script devolviÃ³ el cÃ³digo de salida de error 127" [Undecided,New] https://launchpad.net/bugs/385614
<sommer> psyferre_: could it be a dns or gateway issue
<psyferre> sommer: sorry for the blips in and out... thunderstorm keeps knocking out my power
<\sh> does anyone of you work with FAI?;)
<jared555> what file system would probably be best for a home network virtualization server? ubuntu server 9.04
<holoway> just run ext3
<holoway> if you have no other requirements
<jared555> k. thank you
<Faust-C> anyone know much about imap and backups?
<jmedina> Faust-C: why?
<Faust-C> jmedina, i want to use a imap server but idk much about if a user deletes a email how do you retrieve it
<jmedina> you can't
<diffra> Faust-C: generally you'll be using maildir format, so each message is a file.  you can take backups by tarring the maildir directory, and to restore, you have to find the message file and restore it to the maildir.
<diffra> that may not work... i think there's an index somewhere that would need to be updated as well.
<jmedina> well some mail clientes only mark emails for deletion
<orudie> hi. whats a good way of providing public ftp
<jmedina> Faust-C: I would configure a backup system
 * Faust-C sigh
<jmedina> I consider backups the second most important task for a sysadmin
<Faust-C> yeah
<jmedina> fist: keep systems running, so is a must
<Faust-C> jmedina, yeah but around here users constantly delete emails they need, we need to get past emails etc
<Faust-C> and i dont see a llot of options for that
<diffra> telling the users they're idiots isn't an option?
<Faust-C> diffra, it hasnt helped .... nothing helps
<jmedina> Faust-C: so what is te problem with backups?
<jmedina> you can do incremental backups
<Faust-C> jmedina, its has to be simple enough for other admins to manage
<jmedina> :D
<Faust-C> ill be leaving once im done so i want to make sure they can manage this
<jmedina> so what you want?
<diffra> you can backup the maildirs, and then when you need to retrieve a message, you untar the backup, and grep the directory for whatever you're looking for.  if they can't use tar and grep, they aren't admins.
<diffra> wow, i'm really condescending today.  sorry.
<Faust-C> mainly just the ability to retrieve emails, restore/archive simpler,
<jmedina> diffra: good point
<Faust-C> diffra, lol
<Faust-C> diffra, would you happen to have a written example of that? like does it work well?
<jmedina> what about something like a mail archive system?
<jmedina> you can doit with simple bcc using postfix
<jmedina> or something like mailarchiva
<Faust-C> ic
<diffra> Faust-C: it all depends on what you want.  Are you using virtual users or unix users?
<awmcclain> Is there any way to delete the mail spool? It's a little late now... but when the site went down it generated 100K emails to me for every request that wasn't working (which then generated mail-daemon bounebacks)
<awmcclain> bouncebacks
<Faust-C> diffra, virtual of course
<diffra> awmcclain: postfix?
<awmcclain> Yup.
<orudie> i just did sudo apt-get install vsftpd
<orudie>  and it was suppose to create user with home directory /home/ftp and it didnt
<diffra> postsuper -d ALL should do it
<diffra> that'll remove everything in the queue.
<diffra> man postsuper if you want to be specific
<diffra> Faust-C: you could just tar czvf /media/backup/mail.tar.gz /home/vmail/ for the backups  if you want to do incrementals, check out rsync.
<diffra> you could also write some kind of script to troll your vmail dir for user folders and back each one up individually.
<Faust-C> diffra, funny how simple youve made it!
<Faust-C> i mean really its a simple issue
<Faust-C> brb
<awmcclain> diffra: Thank you!
<diffra> Faust-C: it's much more fun in here than doing my real job, which i'm avoiding (deploying jboss apps on windows 2008.)
<diffra> awmcclain: glad to help
<wadmurr> What do i need to append to /etc/apache2/envvars to umask apache2 to 002?
<wadmurr> ...on 8.04
<Faust-C> diffra, well at least youre productive, i myself on the otherhand feel lost
<diffra> wadmurr: try this http://ubuntuforums.org/showthread.php?t=549457
<wadmurr> diffra: thanks. i just realized that it's a debian box and the envvars file is different
<orudie> does shell refer to ssh ?
<diffra> it can.  specifically, it refers to the command interpreter.
<diffra> bash is the most common example of a shell
<diffra> however, some people say 'login to shell' when they mean sshing in to access said shell
<orudie> for the purpose of using just ftp, how can i take away the use of shell from one of my users ?
<diffra> set their shell to /bin/false
<diffra> i think there's a command to do it, or you can just modify /etc/passwd
<diffra> ah, usermod -s /bin/false username
<orudie> :)
<orudie> worked
<ivoks> RoAkSoAx: you know that i get mail when your ppa's fail? :)
<bardyr> Hey, im have installed apache/php but what ever i do im not allowed to access tmp files created by apache trough php
<bardyr> how can i fix that?
<sammy> has anyone ever tried installing ubuntu server, then installing the ubuntu-desktop meta package on top?
<sammy> I'd like to run an ubuntu server in VM, but I'd also like to run NX on the box for remote desktop sessions as well... I'd much rather have the kernel and such tuned to server performance, so this seems like the way to go
<diffra> sammy: i'd recommend just installing the ubuntu desktop version then.
<sammy> diffra: really? any particular reason(s)?
<diffra> the kernel is slightly different, but not enough to make much of a difference.  Put it this way: you'll get way, way more of a performance hit by adding the GUI than you would running the desktop kernel.
<sammy> that makes sense
<sammy> they're VMs so I guess I could make two
<sammy> that seems like a bit of a waste, though. they *are* going to be really low-strain servers
<sammy> apache and a few other things that wont be heavily used or doing anything complicated. all things that run just fine on the desktop kernel
<diffra> yeah.  I'd just rock one ubuntu desktop installation.  If you want to lighten the load on the host machine, maybe look into xubuntu or crunchbang(openbox ubuntu)
<sammy> crunchbang i've been wanting to look into. i remember openbox back in the day, though I like the gnome integration
<sammy> we'll see. I'll probably just end up with the one desktop install... and maybe I'll go with crunchbang.
<diffra> yeah, just a suggestion.  The nice thing about VMs is they're easy to create and throw away.
<sammy> off to clean the kitchen and contemplate. bbiab
<orudie> for fsvtpd in /etc/ftpusers instead of adding each user can i add a group ?
<diffra> orudie: short answer is definitely no.  long answer, i'm not sure that vsftpd supports using groups for that
<orudie> how do i change the user's password
<diffra> passwd username
<schilds> Hi, I'm trying to upgrade from Intrepid to Jaunty server. All was going fine until it got to the /etc/default/slapd configuration file. It's asking me if I want to keep my current file, etc. However, it seems like the input is locked up and I can't continue. Can I kill the process and restart?
<maxb> Why do you think the input is locked up?
<maxb> Is this a GUI or console upgrade?
<maxb> (update-manager or do-release-upgrade)
<schilds> No key strokes are echoed to the terminal and hitting enter (default=N, which I want) does not continue the process. Oh sorry, do-release-upgrade (console)
<maxb> Hmm
<maxb> I guess I would probably look at ps -efH and try to work out what process to kill to get past the stuck prompt with minimal disturbance to the upgrade
<schilds> It's running /usr/bin/dpkg --force-overwrite --status-fd 56 --configure linux-libc-dev libc6-dev (etc. etc. wall-of-text)... I'm ok with restarting the upgrade or whatever.. just don't want to kill my server if at all possible :D I'm SSH'ed in and if it dies it will be a major headache
<Schlabby> Hi there! Don't know if I'm right here with an apache problem (authentication pgsql/mysql)
<diffra> Schlabby: it can't hurt to ask!
<Schlabby> :-) great
<schilds> Sigh.. well thanks for the input maxb. I guess my options are just to kill it or stare at it for eternity anyway... we'll see what happens.
<Schlabby> too many ubuntu-channels.. well: apache installation, different virtual host. some use mod_auth_pgsql and some use mod_auth_mysql. those that use mysql produce those errors:  [mod_auth_pgsql.c] - missing configuration parameters
<Schlabby> i didn't find a way to disable/enable mod_auth_pgsql for specific virtual hosts
<schilds> Looks like do-release-upgrade was smart enough to attempt a recovery dpkg --configure -a which completed the rest of the upgrades. So far it looks like it worked... thanks again, maxb!
<diffra> schlabby: that doesn't sound fun.  #apache might be the way to go though -- i doubt it's an ubuntu-specific issue.
<Schlabby> #ubuntu was first try after googling for 3 hours....
<diffra> yeah, sorry, maybe someone else in here knows, but probably someone in apache knows for sure.  come back and let me know what the solution is though?  you've got me curious.
<diffra> And you're right, my google-fu is coming up empty too.
<Schlabby> i can't believe i'm the only one who uses both auth types on a single server. maybe the only one who cares about the error_logs ;-) because it's running like a charme. only "warn"s. i'll keep on searching and tell you.
<matthewmpp> I am new to servers. I have read everything I can find on OpenSSH, however, I am currently stuck. I know how to use OpenSSH and scp, but I am having trouble getting the dsa keys working.
<matthewmpp> I have sshd installed on my server, and ssh installed on my laptop (remote host).
<diffra> matthewmpp: what OS are you using on the server and your laptop?
<matthewmpp> laptop: ubuntu desktop 8.10, server: ubuntu server 9.04
<matthewmpp> I used the following command to generate the dsa keys: ssh-keygen -t dsa.
<matthewmpp> Then I used scp from a remote_host_terminal: scp root@server:/root/.ssh/id_dsa.pub /root/.ssh/id_dsa.pub
<diffra> rockin.  ah ha!  there's your problem.
<diffra> the remote host should have the public key in the file /root/.ssh/authorized_keys
<diffra> (this is where i halfheartedly tell you you should be using user accounts to protect yourself from yourself)
<matthewmpp> 1 sec let me check something.
<diffra> also, check out this tutorial.  it's fairly awesome for initial server setup: http://articles.slicehost.com/2008/11/28/ubuntu-intrepid-setup-page-1
<matthewmpp> yeah. I did that: cat id_dsa.pub >> /root/.ssh/authorized_keys
<matthewmpp> I just realized that I have not restarted the ssh serveer since I have installed the dsa keys. I will do that right now.
<matthewmpp> okay, restarting the server did not help. It still asks me for the password instead of the passphrase. I will check out the link you posted and see if that helps.
#ubuntu-server 2009-06-11
<Schlabby> what are the file permissions for .ssh and authorized_keys, matthewmpp?
<Schlabby> $ ls -ld .ssh
<Schlabby> drwx------ 2 username username 4096 2009-04-03 21:03 .ssh
<Schlabby> $ ls -l authorized_keys
<Schlabby> -rw------- 1 username username1687 2009-02-16 14:54 authorized_keys
<nick_schembri> matthewmpp: look in authorized_keys the key should start may have been added to the end of another key
<nick_schembri> matthewmpp: my auth file is 644, rw.r.r
<diffra> yeah, security on authorized_keys i don't think is terribly important, since it's just a hash.
<Schlabby> tested a chmod 777 on .ssh/ =>  Authentication refused: bad ownership or modes for directory
<nick_schembri> Schlabby: im on a slow connection the man page talks about setting the mode
<Schlabby> ah.. I'm using StrictModes yes everywhere ;-)
<diffra> *shrug* schlabby, you should have specific permissions on .ssh and it's subfiles
<diffra> the slicehost article explains it in perfect detail
<diffra> ... that *shrug* was meant for another channel.  sry.
<pschulz01> Morning all
<nick_schembri> Schlabby: so do i. you want strictmodes
<nick_schembri> bye
<Schlabby> yes i know. i do have them. i tried to point matthewmpp in the direction to check his permissions
<diffra> pschulz01: I'm curious, morning where?
<pschulz01> diffra: Adelaide, Australia
<pschulz01> .. and it looks like to moon is still in one piece.
<ajmitch> pschulz01: I'd hope so
<pschulz01> ajmitch: I was watching (beautiful clear skys) but saw nothing..
<ajmitch> pschulz01: Maybe someone stole it
<diffra> pschulz01: cool!  it's a cloudy afternoon here in kauai.
<ivoks> RoAkSoAx: ping
<RoAkSoAx> ivoks, heya
<ivoks> RoAkSoAx: what's up? :)
<RoAkSoAx> ivoks, sorry about today.. i've been pretty much in and out all day :)
<ivoks> no problem
<RoAkSoAx> ivoks, and nothing much.. getting ready to travel this weekend
<ivoks> i just wanted to give you a info...
<ivoks> i packaged latest corosync and openais
<ivoks> in next couple of days i'll package heartbeat and pacemaker
<RoAkSoAx> ivoks, ok, I also have openais from the debian maintainer built on the PPA
<ajmitch> yay for duplication! :)
<ivoks> openais in debian is old
<RoAkSoAx> ivoks, 0.96 ?
<ivoks> RoAkSoAx: how did you build it without corosync?
<RoAkSoAx> ivoks, this is the list of packages that the Debian maintainer is working with: http://people.debian.org/~madkiss/ha/dists/sid/main/source/
<ivoks> oh, there's corosync :)
<RoAkSoAx> ivoks, i ment, openais-legacy
<RoAkSoAx> ivoks, yeah but it's missing the source file.. I'm gonna ask for it tomorrow to upload it to the PPA
<ivoks> https://edge.launchpad.net/~ivoks/+archive/ppa
<ajmitch> there's corosync as a .dsc & diff.gz, but not an orig.tar.gz in there, which hopefully is the same as upstream
<ajmitch> RoAkSoAx: try & rename the upstream tarball & use it as the orig.tar.gz then
<ivoks> there's no point in duplicating the work :)
<RoAkSoAx> ivoks, i've been talking with madkiss, since he is working on those packages, and he told me that it's just a matter of time to get heartbeat on unstable.. and that pacemaker has the state as new and should be hitting experimental really soon
<ivoks> i'll check out debian packages
<RoAkSoAx> ajmitch, yep. i'll try that :)
<ivoks> RoAkSoAx: did you offer help with packaging and testing?
<ivoks> lol, it's ftbs again
<RoAkSoAx> ivoks, I already have most of the packages from debian here: https://launchpad.net/~ubuntu-ha/+archive/ppa , we njust need openais and corosync, but since the corosync .tar.gz is not there, openais would not build.
<ivoks> argh... groff
<RoAkSoAx> ivoks, what FTBS is pacemaker-mgmt-* which are alpha packages
<RoAkSoAx> ivoks, I offer help testing the packages and I already discovered a couple of bugs, one was in heartbeat and it's already fixed
<ivoks> ok
<RoAkSoAx> ivoks, and madkiss told me that he was going to work tomorrow on the pacemaker-mgmt-*
<ivoks> i'll upload openais and corosync then
<RoAkSoAx> ivoks, ok cool :)
<RoAkSoAx> ivoks, do It to the ubuntu-ha PPA
<ivoks> 3 hours... wasted... for nothing :)
<ivoks> and that's from 11PM to 2AM
<ivoks> grrr
<ewook> ivoks: I sense some, similarities in our nicks :p
<RoAkSoAx> ivoks, hahahah here's my dput entry for the ubuntu-ha PPA: http://pastebin.ubuntu.com/193085/
<ivoks> ewook: yes, you are a copycat :)
<ewook> ivoks: *_* Am Just Special!
<ewook> oops. forgot the I
<mathiaz> hi ivoks !
<ivoks> mathiaz: hi
<RoAkSoAx> ivoks, btw... we also need test cases on implementing sample clusters and after that I'll do a blog post calling for help :=)
<ewook> clusters of what?
<ivoks> RoAkSoAx: let's build all packages first :)
<ivoks> oh no...
<ivoks> debian/rules is hell
<RoAkSoAx> hahaha
<ivoks> are we sure this guy knows what he's doing?
<ajmitch> ivoks: the sort of hell you love...
<mathiaz> RoAkSoAx: the first step to write a testcase is usually to write up some documentation
<ivoks> he has two she-bangs
<ajmitch> interesting
<ivoks> this is wrong wrong wrong
<mathiaz> RoAkSoAx: the same way you've used the openvpn documentation from the help wiki to test your openvpn merge
<ajmitch> ivoks: which package?
<ivoks> ajmitch: http://people.debian.org/~madkiss/ha/dists/sid/main/source/corosync_0.97-2.diff.gz
<RoAkSoAx> ivoks, well I talked to horms and he told me that madkiss (Martin Loschwitz) was doing the work with the packages
<ivoks> ajmitch: look at debian/rules
<RoAkSoAx> mathiaz, yep.. I already have the documentation to test heartbeat, i just need to test it in a heartbeat/pacemaker config :)
<ajmitch> ivoks: I see only one in this diff viewer
<ivoks> maybe i did something wrong
<ajmitch> dunno, I just opened in archive viewer, then double click on the diff inside
<mathiaz> RoAkSoAx: awesome - be sure to put that in a wiki page on help.ubuntu.com so that other can also improve on your work
<ajmitch> jaunty makes my life easy ;)
<RoAkSoAx> mathiaz, will do :)
<ivoks> ah... i had dirty orig.tar.gz
<RoAkSoAx> ivoks, anyways.. what about the mentorship... any news/tasks ?
<ivoks> RoAkSoAx: christope didn't respond to my email yet :/
<mathiaz> ivoks: you said 2:00 AM was the time at your place?
<ivoks> mathiaz: yup
<ajmitch> and it's just gone lunchtime here
<mathiaz> ivoks: could that be related in any ways to your dirty .orig.tar.gz?
<ivoks> mathiaz: most probably :D
<RoAkSoAx> ivoks, oki then... anyways i'll be unavailable to work on anything till Wednesday
<ivoks> RoAkSoAx: ok
<ivoks> RoAkSoAx: when do you plan to request motu status?
<RoAkSoAx> ivoks, as soon as possible.. which means as soon as I can get everything understood and be good in doing it :)
<ivoks> is there something you don't understand?
<RoAkSoAx> i do have a couple of months to work on it pretty much full time
<ivoks> or would like to work on it
<ivoks> what's debian's position on libssl?
<RoAkSoAx> ivoks, well i have many doubts on how to do things... :)
<ivoks> i was under impression that they consider is non free
<ivoks> it
<RoAkSoAx> ivoks, I guess we can work those things.. I'll make a list of things that I really want to understand  :) btw...
<ivoks> great
<RoAkSoAx> how do I package and app that has both a kernel module, and a user space daemon :)
<ivoks> corosync uploaded
<RoAkSoAx> from scratch I mean
<RoAkSoAx> ivoks, oh btw.. sorry for the PPA's spam :)
<ivoks> no problem ;)
<RoAkSoAx> ivoks, ok so I more or less know what things I would like to do: package from scratch, bug fixing, and a little more of QA :)
<ivoks> openais build-depens: debhelper
<ivoks> i'm quite sure that's not enough :)
<RoAkSoAx> ivoks, well i'm off for lunch... i'll make the list on what I would like to work or if I need help if you're not around then :)
<RoAkSoAx> talk you later
<RoAkSoAx> take care
<ivoks> bye
<ivoks> mathiaz: we should finish spec drafts by the end of the week?
<mathiaz> ivoks: yes - getting them ready in a state that dendrobates can review them
<ivoks> ok
<mathiaz> ivoks: flesh out the design section and a rough guide for implementation
<ivoks> luckily, tomorrow is a holiday :)
<ivoks> well... looks like we have a cluster stack :)
<ivoks> well, good night everybody
<tomsdale> mathiaz: I know it's not a server question but you were very knowledgable yesterday regarding a dns issue and I'm really stuck. Can I have a custom domain resoltution for an internet Address in my /etc/hosts which will be used by firefox?
<ivoks> yes
<tomsdale> or any other browser for that matter. background is that I need to recover a hacked website which seems blacklisted with all dnses.
<ivoks> but you have to restart firefox once you change it
<tomsdale> I tried this - rebooted but no luck. I'm on kubuntu btw but I 8.04tried it also on ubuntu
<tomsdale> not even lynx resolves after the /etc/hosts but if I go by IP I can't access a virtual host.
<ivoks> kubuntu and ubuntu are the same thing
<ivoks> it's only visual part that's different
<ivoks> maybe you didn't enter it right
<ivoks> it should be:
<ivoks> ip fqdn alias
<ivoks> for example:
<ivoks> 161.53.50.3 www.grad.hr gradec
<ivoks> anyway... good night
<tomsdale> thanks anyway. That's what I have btw
<ivoks> then it works
<ivoks> you can check with netstat -nat
<ivoks> you'll see it's connecting to that ip
<tomsdale> I think I got it. They must have taken the domain offline and the results I get are from the search.
<mathiaz_> tomsdale: does ping site.example.com uses the correct IP address?
<tomsdale> checking ....
<tomsdale> ok - confirmed stupidity on my part. the virtual hosts are  under a different IP than the domain for the ftp. I inverted the addresses. there's nothing wrong with the /etc/hosts.
<tomsdale> thanks mathiaz once again.
<mathiaz> tomsdale: you're welcome :)
<dastagg> Hi. I need some help setting up Postfix/Dovecot.
<dastagg> I am following the instructions in the official docs but when I test
<dastagg> I am not seeing 250 STARTTLS. I have looked in the logs and I don't
<dastagg> see any errors so I not sure if this is normal or if I missed something.
<dastagg> How can I tell if TLS is running?
<ewook> dastagg: you more or less did.
<snth> Does anyone have a full-ish log of this channel?
<snth> Or is it accessible somewhere online?
<dthacker> snth: possibly, how far back do you need?
<snth> dthacker: Like a year maybe
<dthacker> nope, sorry only have a few months
<snth> 6months-ish?
<dastagg> sorry, don't understand that
<dastagg> does it mean that because I don't see TLSSTART that it isn't working?
<dastagg> ewook: oops: I mean STARTTLS
<ScottK> snth: Look on irclogs.ubuntu.com
<ewook> dastagg: ya. you are prolly missing something. do a restart on postfix and look in the logs if you get anything to start with.
<snth> ScottK: Sweet .. thanks
<ewook> dastagg: did you acctually enable it in your main.cf?
<ScottK> dastagg: If TLS is running, you're logs will have something like postfix/smtpd[18251]: setting up TLS connection from  when you try to connect.
<dastagg> ewook: I'm doing a tail on mail.log but don't see any errors.
<dastagg> and I did a line by line compare with the sample on the website.
<dastagg> Other then two lines: session_cache_database and my hostname they are the same.
<dastagg> Now I'm tail syslog, when I telnet in, I see a [5804] but not 18251
<ewook> that's the pid.
<ewook> or id.
<ewook> to tired to think :P
<ewook> what official docs where you following?
<dastagg> The Ubuntu Official Documentation
<ewook> got a link? :)
<ScottK> dastagg: can you pastebin the output of postconf -n and the log snippet from when you telnet in?
<dastagg> https://help.ubuntu.com/8.04/serverguide/C/postfix.html
<dastagg> I'm new to irc, can you point me to directions on how to do that please?
<ScottK> !pastebin
<ubottu> pastebin is a service to post multiple-lined texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/index.php?page=add | Make sure you give us the URL for your paste - see also the channel topic
<ScottK> dastagg: ^^
<ewook> prolly missing some lib.
<dastagg> http://paste.ubuntu.com/193167 is the postconf -n output
<dastagg> http://paste.ubuntu.com/193169 is telnet print
 * ScottK looks
 * ewook sleeps
<ewook> good luck
<dastagg> thanks!
<ScottK> dastagg: I don't see "smtpd_use_tls = yes
<ScottK> in your postconf -n.
<dastagg> ScottK: line 20
<dastagg> your right! thats smtp
<dastagg> missing the d
<ScottK> dastagg: I think that's likely your problem.
<ScottK> Add that, restart postfix, and try again.
<dastagg> ScottK: Nope, still not seeing the STARTTLS! :-(
<ScottK> dastagg: OK.  What does /var/log/mail.log say about it?
<dastagg> http://paste.ubuntu.com/193176 is the bottom of a cat of mail.log
<dastagg> ScottK: but I don't see any errors but I'm new to this so I might not know it when I see it.
 * ScottK looks
<ScottK> dastagg: If TLS was working, there's a a log line that says "setting up TLS connection" right after the connect one.
<ScottK> dastagg: You did create the TLS certs, right?
<dastagg> I thought I followed the instructions carefully but....
<dastagg> I am doing this in a xen virtual machine. I think I'll wipe it and start again.
<ScottK> dastagg: I wouldn't
<ScottK> What does ls -l /etc/ssl/certs/smtpd.crt produce.
<ScottK> Unless you understand what went wrong, odds are you'll just have the same problem again.
<dastagg> a listing of -rw-r--r-- 1 root root 725 2009-06-10 20:27 /etc/ssl/certs/smtpd.crt
<dastagg> Well, that's true but there were a lot of lines to copy and paste. Maybe I missed one or messed it up.
<ScottK> dastagg: I have a theory for you.
<ScottK> Let me check something first though.
<dastagg> ScottK: Okay, I'll wait.
<ScottK> dastagg: See smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) in your main.cf.
<dastagg> yes
<ScottK> dastagg: See line 3 of http://paste.ubuntu.com/193169/
<ScottK> When you are telnetting in, you aren't talking to the postfix we are modifying.
<ScottK> dastagg: ^^^^
<dastagg> what or where am I talking to then?
<ScottK> Good question.
<dastagg> ScottK: I have used both telnet mail.staggsystem.com and 192.168.10.52 and I get the same result.
<ScottK> dantalizing: telnet mail.staggsystem.com is not reachable from here.
<dastagg> could that be the 220 smtp.passthru ? and if so, where am I getting passed to ?
<ScottK> Firewall?
<dastagg> All this is still internal, on the local net
<dastagg> I am using an IPCop firewall but there is a host mail.staggsystems and it is pointing to .52
<ScottK> What happens if you telnet localhost 25 from inside the vm?
<dastagg> well holy (well, you know what) That works! I see the banner and STARTTLS!
<ScottK> OK, so you know your postfix is configured correctly.
<ScottK> Now I'd try to do the same while logged into the host.
<dastagg> See, I knew the "Official Documentation" was good! :-)
<e-jat> :)
<ScottK> What you have is either a networking proxy/firewall problem or a vm configuration problem.
<dastagg> OKAY!
<dastagg> Thank You! for the help!
<ScottK> You're welcome.
<dastagg> and I did telnet mail.staggsystems instead of localhost and that works also.
<dastagg> Thanks again!
<ScottK> You still need to figure out why it's not reachable from the outside.
<pteague> anybody know if vmware server 2 still has that crappy browser plugin interface?
<twb> pteague: AFAIK, it does
<pteague> dang, cause i can't seem to find vmware 1.x anywhere
<rags> wht is the default http server in ubuntu?
<rags> or how can I find out?
<diffra> apache
<diffra> though, it doesn't install it by default, only if you select the LAMP package when installing
<rags> diffra: oh...k..but there were lighttpd files aswell..
<rags> how do I know which is active?
<diffra> really?  lighttpd definitely isn't the default.  however, it's my personal choice.
<diffra> sudo netstat -natp | grep 80 should work
<diffra> it'll tell you what process is listening on port 80.
<rags> hmm...then somethng else might have installed it...how do I know which is running..oh..k
<rags> yup...apache2...thx
<rags> ya it dhows ddwiki as well...so i guess tht's where Lighttpd came from
<rags> I am trying to install smokeping on ubutu...I got the package...the install doc says to put the smokeping.cgi file in the cgi-bin folder...now where is this for apache? should I make a new folder under web root?
<henkjan> rags: apt-get install smokeping
<henkjan> after installation you can find smokeping in http://your.server.name/cgi-bin/smokeping.cgi
<rags> henkjan: I did the apt-get install but it puts the file under /usr/lib/cgi-bin..
<diffra> that's where apache reads /cgi-bin/ from
<rags> so http://servr/smokeping.cgi should work right?..but it dosn't
<diffra> as henkjan said, server/cgi-bin/smokeping.cgi
<rags> ..oh....kk..will try tht..thx
<ihtarlik> Does anyone know the name of the program that manages updates to configuration files so that default configs don't break custom ones?
<ScottK> ihtarlik: What are you trying to accomplish?
<ihtarlik> I remember that the program would tell upon running it if there were pending updates to config files.  I recently updated a program where I've edited the default config file in the previous version, but I want to check about defaults in the new version...
<ScottK> It's part of the packaging system.  Part of dpkg I think.
<ihtarlik> This is special and was introduced in Intrepid or Jaunty, for the server edition only
<ihtarlik> Am I going nuts?  Does this program even exist?
<diffra> you could download and unpack the new .deb and snag the config file that way..
<ihtarlik> Ooooh, good idea
<ihtarlik> Thanks!
<soren> ihtarlik: If you've made local changes to a conffile, dpkg will ask you if you want to accept the new version or keep  your local changes or do the merge manually.
<soren> ihtarlik: This has been the case for years and years.
<soren> and years.
<henkjan> ihtarlik: you mean etckeeper?
<ihtarlik> No, etckeeper is for git and bzr specifically.
<ihtarlik> This is for general conf files.
<twb> ihtarlik: and darcs
<ihtarlik> darcs?  I have not heard of this.
<soren> It's a revision control system.
<ihtarlik> Gotcha
<ihtarlik> With git and bzr
<twb> dpkg internally remembers the checksum at install time, the checksum of the file as it currently exists, and the checksum of the new conffile.  If all three differ, it will prompt you with a TWO-way merge between the current and new files.
<twb> So it's damn handy, but etckeeper has a lot more grunt.
<ihtarlik> twb: I remember setting up a program during the install of my server that changed the default behavior.  It no longer does that.
<soren> dpkg doesn't merge anything.
<twb> etckeeper allows you to answer questions like "why the hell is there a second swap entry in my fstab now?"
<twb> soren: sorry, I mean that it puts both files there and asks for help from the user
<twb> But it's not a three-way merge :-(
<soren> It's not, no :(
<soren> ihtarlik: Did this stop working after an upgrade?
<ihtarlik> This is a secondary program run from the command line that identifies if there are newer conf files, and prompts for a merge.
<ihtarlik> And no, I just forgot the command.
<soren> ihtarlik: If you find it again, let me knwo.
<twb> ihtarlik: you may be thinking of ucf, which does something similar for generated non-conffile files
<soren> know, even.
<ihtarlik> I'm tempted to setup a virtual box to reinstall the server on...
<twb> Why virtualbox and not kvm?
<ihtarlik> virtual box as in a virtualized computer, not in the specific environment
<ihtarlik> Though I usually use virtual box when I'm in Windows 7
<twb> Righto
<ihtarlik> Gonna get some sleep, will look for that program tomorrow...  Good night all
<twb> Sleep is a dangerous vice
<kj4> hello all
<sydneyguy> Hail all
<sydneyguy> Is the hostname is considered part of FQDN?
<soren> Sure.
<soren> fqdn is the fully qualified domain name, so it's the hostname and the domain name.
<sydneyguy> ok
<sydneyguy> If my hostname is server01 and my domain is test.com
<sydneyguy> mine is server01.test.com
<sydneyguy> but how I configure dns .. it is gonna be ns.server01.test.com???
<soren> I don't understand the question.
<sydneyguy> I am trying to configure my ubuntu server to act as the master dns server
<sydneyguy> Where I should put the FQDN and when I should put only the domain name .. when I add the ns.
<sydneyguy> Like :
<sydneyguy> ;
<sydneyguy> ; BIND data file for local loopback interface
<sydneyguy> ;
<sydneyguy> $TTL    604800
<sydneyguy> @       IN      SOA     ns.example.com. root.example.com. (
<sydneyguy> There r few files I have to configure.. and they are:
<sydneyguy> 1-    /etc/bind/named.conf.options
<sydneyguy> 2- /etc/bind/named.conf.local
<sydneyguy> 3-  /etc/bind/db.example.com
<sydneyguy> 3-  /etc/bind/db.10
<sydneyguy> example.com gonna be test.com .. my FQDN is server01.test.com and not test.com
<sydneyguy> so????
<ivoks> this is why we need directory service
<ivoks> lots of people want to use ubuntu, but don't have knowledge of services they want to setup
<ivoks> sydneyguy: have you ever configured bind before?
<soren> sydneyguy: Please use a pastebin for stuff like that.
<sydneyguy> no
<sydneyguy> when they said ns.example.com .. is their dns server is called ns so the FQDN for the dns sever is ns.example.com ..
<sydneyguy> so mine is called server01 .. so my FQDN is server01.example.com and not ns.server01.example.com in the file
<ivoks> do you control DNS for example.com?
<soren> I somehow doubt it.
<ivoks> cause, i really don't understand what you are trying to accomplish
<soren> These do not sound like questions from someone who works for ICANN :)
<ivoks> :)
<ivoks> i don't get it...
<ivoks> package builds on my machine, but doesn't on ppa
<ivoks> and it's not building issue
<soren> ivoks: Eh?
<ivoks> soren: http://launchpadlibrarian.net/27777337/buildlog_ubuntu-karmic-amd64.openais-legacy_0.80.5%2Bsvn20090606-1ubuntu3_FAILEDTOBUILD.txt.gz
<ivoks> install: cannot stat `lib/libais.so.2.*': No such file or directory
<soren> ivoks: It's called lib/libais.so.2
<soren> libais.so.2.* are in lib/../
<soren> Or so it seems, based on:
<soren> ln -sf libais.so.2.0.0 lib/libais.so.2
<soren> Which is about 30 lines further up.
<ivoks> hm
<ivoks> install -m 755 lib/libais.so.2.* /home/ivoks/ClusterStack/openais-legacy-0.80.5+svn20090606/debian/tmp//usr/lib/openais
<ivoks> works here :/
<ivoks> and there is libais.so.2.0.0
<ivoks> cc1: warnings being treated as errors
<ivoks> grrr
<ivoks> oh...
<sommer> ya!!!
<uvirtbot> New bug: #385926 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/385926
<Ethos> anyone know how to convert a physical ubuntu server to a virtual server?
<soren> Ethos: Yes. Carefully.
<Ethos> heh
<Ethos> the free convertor doesn't do it
<soren> Ethos: It depends, really. What's it running?
<soren> "the free converter"?
<Ethos> Vmware vcentre convertor
<Ethos> The server is running ubuntu 8.10 server
<soren> I don't know how VMWare does it.
<pmatulis> anyone here familiar with mode 4 ethernet bonding?
<soren> pmatulis: What's the problem?
<pmatulis> i have a ubuntu box with bonded devices and i want to connect them directly to an iESX server
<soren> Ok.
<drurew> can anyone point me at a how to network two local servers with no switch ?
<pmatulis> but i'm not sure about any special configuration on the ESX side
<soren> pmatulis: You do the same on the other end.
<pmatulis> soren: and that's it?
<soren> pmatulis: As far as I know, yes.
<pmatulis> soren: mode 4 doesn't support unplugging (failover) right?  they are either both on or both off?
<soren> pmatulis: I'm not sure, to be honest.
<RoAk> ivoks: heya!
<pmatulis> soren: ok
<ivoks> RoAk: hi
<ivoks> RoAk: long story short; we'll drop those packages from debian maintainer
<ivoks> they are of very low quality
<ivoks> we'll provide them with better packages :)
<RoAk> ivoks: hah really??? haha ok
<ivoks> yes
<RoAk> ivoks: every package?
<ivoks> openais and crosync have significant mistakes
<ivoks> openais-legacy also couple of errors
<soren> pmatulis: Oh, hang on. Are you connected directly to the other end, or through a switch?
<ivoks> heartbeat is ok
<RoAk> ivoks: what about pacemaker
<pmatulis> soren: directly
<ivoks> RoAk: haven't looked at it yet
<soren> pmatulis: Ok, good.
<ivoks> i hate lpia
<pmatulis> soren: i did read that a switch needs to be configured, that's why i'm asking about this direct setup
<RoAk> ivoks: hahaha well I need to go to the doctor. be back later :) let me know if there's anything I can do later on today.
<ivoks> ok
<RoAk> bye
<drurew> I am trying to network 2 servers without a switch, server #1 has an eth1 and eth2 , server #2 has an eth port as well (strangly it is listed as eth27) I would like to use server #1 as a proxy for server #2. how should I go about configuring this
<ivoks> give them ip addresses?
<drurew> ivoks: commands are helpfull :)
<ivoks> heh
<ivoks> w3m www.google.com
<ivoks> :)
<drurew> ;)
<ivoks> set up /etc/network/interfaces
<ivoks> man interfaces - man stands for manual
<drurew> awsome
<drurew> thanks
<drurew> or info
<ivoks> there are couple of examples
<drurew> thanks ivoks
<ivoks> learn to use 'man'
<ivoks> that's the best and the fastest help you can get on unix
<uvirtbot> New bug: #385943 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/385943
<uvirtbot> New bug: #384869 in samba (main) "vista 64 bit report error 0x6f7 installing printer driver from samba" [Undecided,Fix released] https://launchpad.net/bugs/384869
<kblin> hi folks
<kblin> I'm running a bunch of ubuntu server VMs in kvm for testing, and I'd like to suspend them to disk rather than shutting them down. I vaguely remember that I could echo something into /proc or /sys to trigger a suspend to disk, but I forgot whare this did go. any hints?
<jpds> sudo pm-suspend ?
<Authority> does dpkg have a similar function to 'rpm -V' (verify integrity of installed package)?
<kblin> jpds: ah, right direction.. pm-hibernate seems to be the one :)
<jpds> Authority: http://www.euglug.org/pipermail/euglug/2004-August/001230.html
<Authority> jpds: thanks
<kblin> jpds: perfect, thanks alot :)
<jpds> No problem.
<Ethos> How can I format all partitions / data in ubuntu?
<Ethos> Literally every deleted
<troglobyte> I have a postfix/courier mail server set up.  It will work fine for a period of time then fail with permissions issues in Maildir/tmp.
<troglobyte> /home/user/Maildir/tmp/1244734481.P2935.domain.net: Permission denied
<troglobyte> sometimes a reboot will clear it up.  other times not.
<troglobyte> any ideas as to what might cause this delayed failure?
<jmedina> troglobyte: who is writing to the mailbox?
<jmedina> postfix local, virtual, maildrop?
<jmedina> you need to check you logs to define what process is actuallly writing to the mailbox
<troglobyte> I'll check now
<troglobyte> postfix
<troglobyte> but I think I have more info.  it looks like imap-ss is the problem
<troglobyte> restarting courier-imap-ssl immediately fixed the problem and I'm seeing "imapd-ssl: chdir Maildir: No such file or directory"
<ivoks> RoAkSoAx: pacemaker is broken too
<RoAkSoAx> ivoks, yeah I was also trying to install it and found errors :)
<ivoks> RoAkSoAx: it builds with old heartbeat and old openais... problaby doesn't work at all
<RoAkSoAx> ivoks, I've install the pacemaker-heartbeat package and heartbeat won't start because of there's no CRM
<RoAkSoAx> so I guess it's not installing pacemaker itself
<ivoks> now i'm soooooooo sorry that i dropped my packages
<RoAkSoAx> and If i install just acemaker it shows:  trying to overwrite `/usr/sbin/attrd_updater', which is also in package pacemaker-heartbeat
<ivoks> these are broken, totally
<RoAkSoAx> ivoks, have you actually erased your packages?
<ivoks> yes
<RoAkSoAx> i see :S
<ivoks> but i'll manage something out
<ivoks> rm -rf *
<RoAkSoAx> ivoks, ok... you should also get in contact with the guy in debian who's working with them
<RoAkSoAx> Madkiss is his nickname
<ivoks> i've sent him an email
<_cpod_> quick question: why is klogd using over 50% of my CPU right now and how can i reduce that? (i'm also rsyncing between two NTFS drives ATM, if that matters)
<stanman1> is it possible to run mysql5 together with php3?
<ivoks> RoAkSoAx: for start, let's just make pacemaker+openais
<ivoks> RoAkSoAx: we'll add heartbeat support later
<RoAkSoAx> ivoks, ok cool.
<ivoks> we should remove pacemaker from ppa
<ivoks> not yet, at least...
<troglobyte> jmedina, postfix local is doing the delivery.  logs indicate normal operation until this happen: http://pastebin.com/d7c83e62f
<jmedina> troglobyte: is directory exists?
<troglobyte> yes.  it's there and handling mail
<troglobyte> until it just stops
<jmedina> troglobyte: that happens most of time when you try to connecto to IMAP and mailbox (Maildir) doesnt exists
<RoAkSoAx> ivoks, should we just upgrade pacemaker and openais? or are you packaging them from scratch?
<troglobyte> that part I understand.  how it just stops working out of the blue is what's got my head on backwards
<ivoks> RoAkSoAx: openais in our ppa is latest
<ivoks> RoAkSoAx: corosync is latest
<ivoks> pacemaker was build with old openais
<jmedina> troglobyte: I would try to ingrease debut in courier
<ivoks> so, corosync and openais are ok, but i'll probably create new packages from scratch
<ivoks> rhcs is in good shape
<RoAkSoAx> ivoks, ok so openais-legacy is old openais?
<ivoks> yes
<ivoks> that's 0.8 version
<ivoks> which had corosync in it
<RoAkSoAx> ivoks, so we should just change the dependencies in debian/control?
<ivoks> in 0.9x corosync is extracted from openais
<ivoks> RoAkSoAx: it's not that easy
<RoAkSoAx> ivoks, ok, so what can I do, should do?
<RoAkSoAx> ivoks, we can consider this as part of my mentorship :)
<ivoks> wait for better packages :)
<RoAkSoAx> ivoks, hah yeah but I would like to contribute on the packaging and will also help learn more stuff
<ivoks> RoAkSoAx: i have to figure out how to build pacemaker
<RoAkSoAx> ivoks, ok
<RoAkSoAx> ivoks, what about taking a look to : http://download.opensuse.org/repositories/server:/ha-clustering/xUbuntu_8.04/
<RoAkSoAx> ivoks, the pacemaker project points out that repo to install pacemaker...
<ivoks> hm... so that's with old openais
<ivoks> RoAkSoAx: i'll wait for an answer on linux-ha
<RoAkSoAx> ivoks, ping beekhof_ since he's the upstream pacemaker dev
<ivoks> ok, finally, i'm figuring out how it's supposed to be
<jared555> is it suggested that experienced users use ufw or iptables directly?
<RoAkSoAx> ivoks, are you changing the dependencies from openais-legacy to openais?
<ivoks> no
<ivoks> pacemaker depends on openais-legacy
<ivoks> rhcs depens on new openais
<ivoks> and then there is heartbeat
<ivoks> in old version is a standalone
<ivoks> and in a new version is subset of pacemaker
<RoAkSoAx> ivoks, what about pacemaker-heartbeat. Shouldn't it install both pacemaker and heartbeat?? rather than just heartbeat?
<ivoks> man, i'm at the source still
<RoAkSoAx> ivoks, haha ok :) well i'm eager to help I just don't know where to start
<ivoks> heh
<ivoks> praise the lord
<ivoks> it builded
<ivoks> suse's package is also... in bad state
<ivoks> if configure fails, it's impossible to clean the source
<ivoks> and you have to rm everything and then untar again
<RoAkSoAx> i see
<ivoks> and build-depends are wrong
<RoAkSoAx> ivoks, i wouldn't be able to work on packages that way... that's why I need to work more on them and get al that knowledge
<ivoks> they were ok for 8.05
<ivoks> 4
<Kaushal> hi
<Kaushal> http://ubuntuforums.org/showthread.php?t=380550
<Kaushal> I have On-board chip, NVIDIA NVRAID SATA controller
<Kaushal> is there a support for it on Ubuntu 8.04.2 Server ?
<ivoks> support for what?
<ivoks> 'raid'?
<jdstrand> jared555: depends on if ufw fits your needs
<jdstrand> jared555: if you are only doing host-based stuff, ufw is recommended
<Kaushal> support for raid level 1 on Ubuntu 8.04.2 server
<jdstrand> jared555: if you need to do a lot of routing, iptables may be a better fit
<ivoks> Kaushal: that controller isn't a raid controller
<ivoks> Kaushal: that's a marketing trick
<jdstrand> (but ufw can be used in the capacity too)
<Kaushal> http://docs.sun.com/source/820-6350-11/chapter1.html#Z40000eb1319766
<Kaushal> My server is X2200 M2
<ivoks> Kaushal: i'm sorry, but that's a fakeraid
<Kaushal> ivoks, if you look at the third column in that table they say it has support for Hardware 0,1
<Kaushal> ah ok
<ivoks> Kaushal: it exports all drivers to the operating system
<ivoks> that's something that raid controllers don't do
<ivoks> Kaushal: http://en.gentoo-wiki.com/wiki/RAID/NVRAID_with_dmraid#About_the_Install
<pmatulis> anyone have any experience running 10 GB network cards on ubuntu?  does this make sense practically speaking?
<ivoks> Kaushal: you'll get better performance if you disable that (leave it to work as simple sata controller) and set up linux software raid
<Kaushal> ah ok
<Kaushal> ivoks, is it https://help.ubuntu.com/community/Installation/SoftwareRAID ?
<ivoks> Kaushal: yes
<Kaushal> great
<Hillaballoo> hey all- does anyone know when mysql-server-5.1 will be updated to fix this month-old bug? https://lists.ubuntu.com/archives/ubuntu-server-bugs/2009-May/013168.html
<Hillaballoo> the inability to use the innodb plugin is a major issue
<Hillaballoo> anyone?  Bueller?  Bueller?
<billybigrigger> anyone here familiar with exporting databases?
<Hillaballoo> don't bother, nobody answers anything in this channel
<holoway> billybigrigger: exporting databases from what?
<billybigrigger> well its my webmail database (roundcube)
<billybigrigger> but it's version 0.22 and i see there is a 0.3 beta which i will just use for the new server
<holoway> billybigrigger: but what is the database server itself? mysql? postgres? sqlite?  you can go look at the respective documentation forthat information
<holoway> and you should look at roundcube's docs for specifics for your upgrade
<billybigrigger> mysql
<holoway> cool - the mysql docs are pretty clear about database export/backup/restore
<billybigrigger> well i see the export tab in phpmyadmin
<billybigrigger> wondering how safe that is to use
<FFForever> any idea how i can fix this?, pam_env(sshd:setcred): Unable to open env file: /etc/default/locale: No such file or directory
<FFForever> thats on an ssh login
<billybigrigger> no locale setup
<FFForever> billybigrigger, i am getting a problem with a user who cannot login =\
<FFForever> billybigrigger, he is getting the error /bin/bash does not exist
<FFForever> but i can login just fine
<kirkland> sommer: ping
<kirkland> sommer: hiya, i can't seem to find any official, or unofficial documentation on kvm virtio disks
<kirkland> sommer: this blog post has a sample: http://ubuntuforums.org/showthread.php?t=859982
<kirkland> sommer: any chance I could talk you into throwing a bit about this into one of the kvm community wiki pages and/or the server guide?
<kirkland> sommer: i'll gladly review it for accuracy
<chmac> Anyone know if there's a way to diff for only missing files. A simpler equivalent of `diff -qr path1/ path2/ | grep -v -e "^Files "`
#ubuntu-server 2009-06-12
<SuperSenior> Why do many programs have a "/chrome" sub-directory where they are installed?
<SuperSenior> I notice this more in open source applications..
<uvirtbot> New bug: #386172 in postfix (main) "package postfix None [modified: /var/lib/dpkg/info/postfix.list] failed to install/upgrade: subprocess pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/386172
<JDStone> i'm getting these errors in dmesg.  All was working well, I shut down my server and brought it home from being at school.  I couple weeks later, I plug my server in, boot it up and now I'm getting these errors.
<JDStone> http://pastebin.ubuntu.com/193919/
<jmarsden> JDStone: At first look, your 1TB drive /dev/sdc may be going bad?? Or the data cable connecting it isn't firmly connected at both ends?  Did you open up the hardware and unplug/replug both ends of the SATA data cable?  Might be worth a try.  Also, could the drive have sustained a nasty physical shock during its move from school to home??
<twb> What does smartd say about it?
<twb> Obviously also check the cabling, and if possible simply replace the data and power cables.
<soccerGuy> hey guys
<soccerGuy> i had a question for 32 bits packages on 64 bits machine
<jmarsden> Go ahead and ask it :)
<soccerGuy> woow, so i am not alone
<soccerGuy> thanks jmarsden:-)
<soccerGuy> i thought nobody is here
<soccerGuy> anyway my question is
<pschulz01> soccerGuy: here as well.
<soccerGuy> cool
<soccerGuy> :-)
<pschulz01> soccerGuy: There are 32bit library compatability layer for 64 bit machines.
<soccerGuy> I need to install 32 bit on my amd64, i know chroot can do this or ia32-libs
<soccerGuy> however for ia32libs,  i need to figure otu each package and their dependency
<pschulz01> I remember that the 'World of Goo' game, which was 32bit only, had some excellent instructions.
<soccerGuy> i see ia32-apt-get automatically download necessary libs and dependencies
<pschulz01> Ooo.. I didn't know that.
<soccerGuy> however there is not enough documentation how to use that superb package:-(
 * jmarsden will install it and see :)
<soccerGuy> I know that my question a little spesific:-) but I was suprised that this magical package is infamous in our Linux community
<pschulz01> http://2dboy.com/forum/index.php/topic,1432.0.html
<soccerGuy> jmarsden, let me know how it goes!
<soccerGuy> and good luck!
<pschulz01> sudo apt-get install ia32-libs
<soccerGuy> you will need that
<soccerGuy> pschulz01, yeah i used ia32-libs
<soccerGuy> but the problem is I need to locate each package and use dpkg and figure out their dependencies, thanks for suggestion though:-)
<jmarsden> soccerGuy: Did you read /usr/share/doc/ia32-apt-get/README.Debian ? Seems to explain what is going on reasonably well...
<twb> It would be MUCH better to fix the broken package that asks for ia32 libraries.
<jmarsden> twb: True ... I'd guessed the software package concerned could be commercial closed binary-only stuff...
<soccerGuy> yes I did jmarsden, but the thing i dont understand how apt-get understand which package(32 or 64) I want him to install
<twb> jmarsden: then all you can do is file a bug.
<twb> jmarsden: but it's important that the user (soccerGuy) at least knows that he should try that approach if it's open to him.
<soccerGuy> sorry what you mean twb?
<jmarsden> soccerGuy: line 11 of the README.Debian says:   + Library package names are prefixed with ia32-
<jmarsden> So surely you can do    sudo apt-get install ia32-libsomeliborother   # to force installing the 32bit version.
<jmarsden> But what makes you think you need to figure out all the dependencies by hand... that is what apt does for you... right?
<soccerGuy> yes
<soccerGuy> it creates 2 sources list
<soccerGuy>  etc/apt/foreign/sourcelist
<jmarsden> Yes.  Make sure they include the repository containing the 32bit package you "need" (please do tell is what it is!)
<soccerGuy> and etc/apt/native/sourcelist
<jmarsden> and then use apt-get as normal.
<jmarsden> I know, I read the documentation :)
<soccerGuy> haha
<soccerGuy> sorry jmarsden
<jmarsden> So ... what exactly is your question or problem?
<soccerGuy> so if i run apt-get install ia32-apache2, will it install 32bits apache?
<soccerGuy> i didnt know how to use the package
<twb> Getting biarch in dpkg would be nice...
<jmarsden> Well, apache2 is not a library, so that's not quite what the docs say...
<soccerGuy> i thought it can download binary packages
<jmarsden> soccerGuy: sudo apt-get install whatever-weird-package-you-need.deb   # should pull in whaetver other 32 big dependencies it needs...
<jmarsden> soccerGuy: So did you actually try it?  Just apt-get the package you really need??
<soccerGuy> i didnt try what you said, i will give a try
<soccerGuy> so i still need to locate the package
<jmarsden> soccerGuy: No, you just need to know its name -- but if you don't know that, how do you know that you "need" a 32 bit version of it??!
<soccerGuy> i mean if i type apt-get install apache2, i can get apache2 for 64 bits and i dont need to figure out dependencies
<jmarsden> What is the package you are really trying to use that is 32bit only?
<soccerGuy> I need to install apache2 webserver
<jmarsden> That is not 32bit only!
<soccerGuy> no, it is not 32 bit only
<jmarsden> Trust me the 64 bit version works fine.
<soccerGuy> i need to use 32 bit version for memory concern
<jmarsden> So... what is the real issue here?
<soccerGuy> real issue is ram
<jmarsden> Are you 100% sure the 32bit version will use significantly less RAM than the 64bit version?  Where did you get that information from?
<soccerGuy> I got from various articles
<soccerGuy> I have only 256MB VPS
<jmarsden> Have you tried using the 64bit version and just removed all the modules you do not need, configuring apache carefully, etc?
<soccerGuy> yes
<soccerGuy> I optimize the server
<soccerGuy> according to their tuning documentation
<jmarsden> By the time you load all the relevant 32bit libs etc you might find you are not really saving much RAM... can you point me to an article suggesting the use of 32bit apache on a 64bit server to save RAM?
<soccerGuy> so now i am rereading that line 11
<soccerGuy> sure
<soccerGuy> one sec
<infinity> soccerGuy: Whoever's telling you to use 32-bit versions of apache to save RAM is silly.
<jmarsden> infinity: That is my sense too, but let's read his sources to be sure :)
<infinity> soccerGuy: While it's technically true that the data structures are smaller, and it will save a bit of memory usage, you'll also lost all the 64-bit registers and lose a whack of performance in the process.
<soccerGuy> http://stackoverflow.com/questions/935443/64bit-vs-32bit-ubuntu-on-low-memory-systems-why-does-ubuntu-64bit-eat-my-ram and http://www.scribd.com/doc/363677/Benchmarks-AMD64-in-32bit-mode-vs-64bit-mode-Ubuntu
<soccerGuy> phew
<soccerGuy> you can find lots of benchmark on internet
<soccerGuy> anywayI still dont get how to use this packe, so you are sayin apt-get install package name will be enough
<jmarsden> The first one is about using a 32bit system as a whole, vs using a 64bit system as a whole.  It specifically includes someone saying using a 32bit app on a 64bit system consumes extar RAM because of all the 32bit libs you load just for it...
<infinity> soccerGuy: The benchmarks you just showed us showed amd64 LAMP systems outperforming i386...
<soccerGuy> hey guys, I will show my results after i figure out how to use this package
<jmarsden> soccerGuy: I see nothing in those articles recommending running 32bit apache on 64bit Linux.
<jmarsden> OK, have fun :)
<infinity> soccerGuy: Anyhow.  If you want to test 32-bit and 64-bit, I'd recommend testing a pure i386 install and a pure amd64 install.  Doing anything bi-arch just to run a 32-bit apache will definitely never be a win.
<jmarsden> infinity: Agreed, but soccerGuy apparently doesn't have the RAM for doing both at once on his VPS :)
<soccerGuy> :-)
<soccerGuy> jmarsden, did you install any 32bits application by using that package, if you do please just give me an example, thats all i need
<soccerGuy> apache is big package, so i want to install dnsutils
<soccerGuy> in 32 bits
<jmarsden> soccerGuy: No -- you never provided me with the name of a 32bit-only application I could try out for you :)
<soccerGuy> can u give me command which i should run
<soccerGuy> dnsutils?
<jmarsden> dnsutils is available as a 64bit package.
<soccerGuy> apt-get install dnsutils  install 64 bits
<soccerGuy> they have 32 bits too
<jmarsden> RIght.
<jmarsden> Yes.
<soccerGuy> how can i install 32 bits one
<jmarsden> If you are realy desperate, tweak your apt sources files to exclude the 64 bit one, I suppose.  But this is a 100% pointless thing to be doing.
<infinity> You can't.
<infinity> We don't support multi-arch package installs.
<infinity> If you want random things compiled for i386 on an amd64 system, you get to build them yourself at this point.
<soccerGuy> according to ia32-apt-get, it can do this job, isnt it jmarsden?
<jmarsden> For packages which are in the 32bit world but NOT in the 64bit one, yes.
<jmarsden> You have not gfiven us the name of such a package yet.
<infinity> (You can dpkg --force-architecture, but it will drive apt insane later)
<soccerGuy> dnsutils isnt a package?
<jmarsden> It has a 64bit version.
<billybigrigger> ok i think i almost have my mailserver setup correctly using dovecot/postfix/ssl
<jmarsden> soccerGuy: You need to supply the name of something that is 32bit *only* for this to work.
<billybigrigger> i'm tailing my /var/log/mail.log and can see when i start thunderbird imap-login and it logs in my user...but i can't recieve mail
<soccerGuy> umm, jmarsden, I thought this ia32-apt-get can install 32 bits package eventough that package has 64 bits versoion, maybe i am wrong
<twb> soccerGuy: given the ridiculous number of filthy dependencies you seem to have, would it be easier for you to just run your proprietary ia32 app within a virtual environment?
<billybigrigger> i used to recieve regular mail on port 143, but now i'm trying to setup ssl so i forwarded 993 to my mailserver instead of 143, do i  need to forward both ports? or just the ssl 993 port?
<jmarsden> twb: In 256MB total RAM in a VPS? Are you serious :)
<soccerGuy> I am already in virtual enviroment:-)
<twb> jmarsden: sorry, I didn't see those stats.
<twb> soccerGuy: then ask for a second VPS ;-P
<soccerGuy> haha twb
<twb> biarch is still a massive pain on apt/dpkg.
<twb> My usual policy is that if a stupid proprietary app wants, say, RHEL 4.2, then just give it that and leave it the hell alone.
<soccerGuy> yes twb, I am agree with you, but this package claim that it can figure out dependencies, thats why i am interested
<jmarsden> soccerGuy: ia32-apt-get is intended for (I think) cases where there is ONLY a 32bit version of something (say a flash plugin) ... if figures out the deps for that and grabs them for you.
<twb> soccerGuy: ia32-apt-get will be a hack; it certainly won't be perfect.  This MUST be the case, because the underlying dpkg infrastructure doesn't support biarch properly.
<twb> soccerGuy: out of interest, what is this proprietary thing you're trying to install?
<jmarsden> twb: Scroll back... he wants to install 32bit apache because he thinks it will use less RAM...
<soccerGuy> jmarsden: you are making fun with me
<soccerGuy> :-)
<jmarsden> No, I'm serious.... you are asking us to help you do something that makes no sense at all.
<soccerGuy> I will prove you guys that is true once i install apache 32 bits on my server:-)
<jmarsden> As I said earlier, have fun :)
<soccerGuy> thanks guys
<soccerGuy> I will be digging
<twb> jmarsden: really?  ahaha
<twb> jmarsden: I thought he wanted 32-bit apache because he was installing something else, like vmware-server, that wanted to run (say) a 32-bit mod_idiotic.
<jmarsden> Me too, at first... took a while for me to understand the reason behind the request.
<infinity> soccerGuy: If you're really that concerned about RAM usage, why aren't you just reinstalling the whole systrem as 32-bit?
<infinity> soccerGuy: (Still, the performance loss from dropping the amd64 extensions will cripple you far more than the extra RAM will help you, and I stand by that)
<soccerGuy> infinity: they only provide 64 bits
<infinity> soccerGuy: Yes, so?
<soccerGuy> I think I need to use chroot
<soccerGuy> so how can i install application 32 bits?
<infinity> soccerGuy: My colo host only provides CentOS.  This doesn't stop me from debootstrapping Ubuntu, and doing a pivot_root install before I whack CentOS completely. :P
<soccerGuy> thanks for suggestion infinity
<soccerGuy> :-)
<infinity> *shrug*
<infinity> My contention is that if you don't understand bi-arch on Linux enough that you're asking the questions you are, what you're trying to do will only end in tears.
<infinity> But, I wash my hands of it, and intend to enjoy a long nap. :P
<soccerGuy> we will see infinity
<soccerGuy> we will see
<billybigrigger> im trying to setup SSL in Dovecot, now does the ssl_cert_file have to be a .pem file? while creating my keys it spit out a .crt and .key not a .pem
<jmarsden> billybigrigger: https://help.ubuntu.com/9.04/serverguide/C/dovecot-server.html
<billybigrigger> when i try to telnet localhost imaps i don't get * OK DOVECOT
<billybigrigger> jmarsden::: thanks bro, i'm reading the server guide
<jmarsden> telnet does not decrypt the SSL for you :)
<twb> Boo, telnet.  Yay for netcat/socat
<billybigrigger> i can see in my logs, im logging in ok
<billybigrigger> Jun 11 22:54:01 alixandra dovecot: imap-login: Login: user=<billybigrigger>, method=PLAIN, rip=192.168.1.101, lip=192.168.1.103, TLS
<twb> jmarsden: he might be using it without SSL
<twb> Apparently not...
<billybigrigger> i created a self signed cert, pointed dovecot.conf to them in my /etc/ssl dir, enabled ssl, and enabled plaintext_auth
<billybigrigger> just like the guide says
<billybigrigger> forward my router from port 143 to 993
<jmarsden> billybigrigger: Try   openssl s_client -connect localhost:993  # instead of telnet
<billybigrigger> but i can't recieve mail, i can send mail, but im using my isp's smtp server for that, so never a problem there
<billybigrigger> booya
<billybigrigger> jmarsden::: that works good
<jmarsden> That's why I suggested it :)
<billybigrigger> hehe
<jmarsden> Now you can type IMAP commands at it to your hearts content to debug your IMAP server setup.
 * billybigrigger googles imap command
<jmarsden> BTW if that works then you have working SSL certs already (they may be self signed, and not for your domain, etc etc but they are working for SSL at some very basic level of "Working".
<SuperSenior> Can I use python scripting to read and write files on Ubuntu Server 9.04?
<SuperSenior> well
<SuperSenior> working with apache of course
<SuperSenior> like using python in the cgi bin?
<billybigrigger> hmm
<billybigrigger> i can't seem to pass any imap commands
<billybigrigger> select BAD Error in IMAP command received by server.
<billybigrigger> list BAD Error in IMAP command received by server.
<jmarsden> If you don't understand the basics of IMAP why are you telnetting to an IMAP port in the first place?
<jmarsden> Just exit out and use whatever way of debugging your setup you are most comfortable with.
<jmarsden> You could use mutt or some other IMAP-capable email client if you prefer.
<billybigrigger> your losing me
<billybigrigger> im not an imap-guru :P
<jmarsden> Then don't try to telnet to the imap port and type IMAP commands in the first place... I didn't suggest that, you did it...
<jmarsden> Since the issue is not what you said it was (SSL cert files)... what *is* the actual problem?
<billybigrigger> i can't recieve mail
<jmarsden> What happens when someone sends you email -- how far does it get?  Does it end up in your mailbox on the server?
<billybigrigger> no
<billybigrigger> im assuming its being bounced back
<jmarsden> assuming is bad.  Where can I send a test email to that you think should reach you?
<billybigrigger> billybigrigger@thefrozencanuck.ca
<billybigrigger> i can send email from this pc to my hotmail account fine
<billybigrigger> but sending from hotmail, the mail hasn't shown up yet, it's been a good hour atleast
<billybigrigger> i shouldn't have to screw with my mx record should i?
<jmarsden> You are not troubleshooting all that well, it would seem.  I just sent you a test and my server logs show: Jun 11 22:20:44 eclipse5 postfix/smtp[16633]: 0B1895685EA: to=<billybigrigger@thefrozencanuck.ca>, relay=thefrozencanuck.ca[68.146.139.247]:25, delay=4.5, delays=0.01/0.04/2.9/1.6, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as DD185916E9)
<jmarsden> So you received it fine, it is somewhere on the server at IP address 68.146.139.247 .
<billybigrigger> well then it must be somewhere else, i have been in the process of switching the mailserver from one pc to another
<billybigrigger> yeah
<billybigrigger> i have 2 mailservers behind that router
<billybigrigger> i've pointed the ports from cabo:143 to alixandra:993
<billybigrigger> since the new server is using ssl
<billybigrigger> and the old one had no auth, just plaintext
<billybigrigger> which worked fine...
<jmarsden> WHich server is listening on port 25 on 68.146.139.247
<billybigrigger> bah, my bad
<billybigrigger> i forward the wrong port, i forwarded apache to alixandra not smtp
<billybigrigger> smtp was forwarded to the old server
<jmarsden> When you fix that tell me and I'll send you another test email.
<billybigrigger> k
<billybigrigger> done a few minutes ago....
<billybigrigger> now when i send from hotmail i get a Relay access denied
<billybigrigger> same with your test email
<billybigrigger> may i paste your email address here?
<jmarsden> Right, now my logs show: Jun 11 22:26:45 eclipse5 postfix/smtp[15577]: 106E15692DD: to=<billybigrigger@thefrozencanuck.ca>, relay=thefrozencanuck.ca[68.146.139.247]:25, delay=1.7, delays=0.01/0/1.3/0.45, dsn=5.7.1, status=bounced (host thefrozencanuck.ca[68.146.139.247] said: 554 5.7.1 <billybigrigger@thefrozencanuck.ca>: Relay access denied (in reply to RCPT TO command))
<billybigrigger> hmmm
<billybigrigger> well i have smtp relay setup to my isp
<jmarsden> So your postfix config is in need of adjustment regarding smtpd_recipient_restrictions, I would think.
<billybigrigger> but i thought i had that configured for outgoing email....
<jmarsden> smtp relay is when *you* send...
<billybigrigger> ya thats what i thought
<jmarsden> Your MX points to your server IP at 68.146.139.247
<jmarsden> So fix postfix on that server to allow me to send you email :)
<billybigrigger> well i see smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain,
<billybigrigger> and some more
<billybigrigger> why would a default config reject unknown sender domain?
<jmarsden> That's unlikely to be the problem... read the docs to understand what each restriction really does.
<jmarsden> You may want to check your myorigin and mydestination lines in /etc/postfix/main.cf ?
<billybigrigger> myorigin = /etc/mailname
<billybigrigger> mydestination = alixandra, localhost.localdomain, localhost, $mydomain
<billybigrigger> seems ok
<ScottK> billybigrigger: To answer your reject unknown sender domain question: http://www.postfix.org/postconf.5.html#reject_unknown_sender_domain
<ScottK> billybigrigger: Is $mydomain your actual domain or is that literally what is.
<billybigrigger> this doesn't make sense, i've copied the postfix/dovecot configs over from a working server, and changed the forwarded ports to the correct pc...
<billybigrigger> no $mydomain was in there already
<jmarsden> billybigrigger: What does    hostname -d    say ?
<billybigrigger> i just added alixandra
<jmarsden> So far we are missing your actual domain name :)
<billybigrigger> cg.shawcable.net
<billybigrigger> ahh
<jmarsden> That's not the same thing as thefrozencanuck.ca ... so fix your poxyfix config so I can send email to you ...
<jmarsden> s/poxyfix/postfix/
<billybigrigger> try now
<jmarsden> Nope., still relay denied.  What did you change and did you reload afterwards?
<billybigrigger> added alixandra.cg.shawcable.net to mydomains and restarted postfix
<jmarsden> You asked me to send to billybigrigger@thefrozencanuck.ca.  So thefrozencanuck.ca needs to be one of the domains you accept email for... and it still isn't.
<billybigrigger> try now
<jmarsden> OK, you got it.  Can you see it?
<billybigrigger> sent you a reply
<billybigrigger> that's really odd....
<billybigrigger> im going to check the config for the old mailserver
<billybigrigger> myorigin = /etc/mailname
<billybigrigger> mydestination = alixandra, localhost.localdomain, localhost, $mydomain
<billybigrigger> thats from my oldserver
<billybigrigger> and incoming mail worked perfectly fine
<jmarsden> On the old server,  hostname -d    # says what?
<billybigrigger> nothing
<billybigrigger> haha
<jmarsden> Strange.  Somewhere on that server, either in /etc/mailname or in the hostname you must have thefrozencanuck.ca for it to have worked.
<billybigrigger> hmmm
<billybigrigger> i don't recall setting that
<billybigrigger> but yes your right
<jmarsden> But you received email over SMTP into that server for user@thefrozencanuck.ca  on it?  Well, anwyay... now you have a working email server.
<ScottK> What about hostname -f?
<billybigrigger> cabo
<SuperSenior> is there any ghosting software preinstalled on ubuntu server?
<jmarsden> The dd command could be considered ghosting software, I suppose?
<jmarsden> dd if=/dev/sda of=/dev/sdc   # will do an image copy of disk sda to disk sdc,  for example
<uvirtbot> New bug: #375149 in tomcat6 "tomcat6 needs debug start mode with jpda (dup-of: 375493)" [Undecided,New] https://launchpad.net/bugs/375149
<snori74> postfix logs - what rotates them? doesn't seem to be logrotate -(8.04)
<snori74> hmm, found the info - in Debian/Ubuntu its syslog, not logrotate that does it for mail.log (see: http://www.ducea.com/2006/06/06/rotating-linux-log-files-part-1-syslog/)
<peter_> Hi, iam having 300sec delay on *some* session_start() calls in php5 using ubuntu server (virtual esx setup). Any clues? :/ I am lost on this one
<peter_> never had this problem on our non-virtual debian box
<drurew> could someone take a look at this and hit me with ideas of how this could happen ? thanks http://paste.ubuntu.com/194251/
<drurew> anyone
<drurew> ?
<Appiah_> I've got a problem with pam_mkhomedir , it does not seam to create a homedir with pam_mount using NFS
<Appiah_> I have no idea on how to debug either , i entered debug in pam-session but cant see anything about pam_mkhomedir
<ssm> Appiah_: pam_mkhomedir and NFS sounds tricky.  I'd use autofs to mount, but I'd also use something other than pam_mkhomedir to make the actual directories
<Appiah_> well in pam_mount.conf.xml it does say <mkmountpoint enable="1" remove="true">
<Appiah_> I think it's using pam_mkhomedir? either way none of them seams to work
<cankoy> drurew: apparently hwaddress line in interfaces is not working. And udev seems confused. Do you see any anomalies in kernel log?
<drurew> cankoy:http://paste.ubuntu.com/194285/
<drurew> cankoy:Please complain to your hardware vendor. Switching to a random MAC.
<drurew> Please complain to your hardware vendor. Switching to a random MAC.
<soren> peter_: Oh, hi :)
<soren> peter_: Anders just mentioned your name a minute ago and here you are :)
<soren> peter_: 300s timeout sounds suspiciously like a DNS thing.
<peter_> soren: hi, thanks. and happy birthday :)
<cankoy> drurew: I guess a new eth interface is created everytime MAC is changed (check with 'ifconfig -a'). You need to find a way to stop that, specifically forcedeth driver seems to be the problem.
<soren> peter_: HAhah :) Thanks :)
<drurew> http://xfliu.blogspot.com/2007/08/linux.html found that
<drurew> im gonna source a driver
<drurew> wish me luck
<drurew> :)
<cankoy> drurew: that looks quite old, I suggest you search ubuntuforums, launchpad bug reports, etc before patching a kernel module.
<drurew> you right
<drurew> cankoy: undoing a mac spoofing .... this is gonna be hard
<sommer> kirkland: sure, I'll add something to the virt section
<al_paun> Hi. Does anyone know how to split a internet connection let's say ip's from 192.168.1.2-192.168.1.20 to have 30% from bandwidth and rest 70%
<al_paun> ?
<magnetic> al_paun: using traffic shaping?
<Ng> would we expect kvm to work on 8.04?
<Ng> I'm starting a guest directly and kvm just seems to chomp 100% CPU and not really do anything
<Ng> huh, having said that, it appears to do very much the same thing on karmic
<ar> Hi
<Kirill_> I need to have a PHP file exectuted every 10 seconds. Is the best way to do that to write a script that runs 5 times and sleeps 10 seconds at every iteration and then have a cron job run that script every minute? The script downloads a bunch of xml files and stores them locally
<ivoks> i'd do it with cron
<mathiaz> ivoks: does cron support 10 seconds run?
<mathiaz> ivoks: hi btw
<Kirill_> mathiaz: nope, 1 minute
<Kirill_> ivoks: 1 minute is the lowest denominator :(
<mathiaz> ivoks: IIRC cron only support the minute granularity
<ivoks> hi
<ivoks> oh, 10 seconds... right.. sorry :)
<Kirill_> is it worth looking into writing a daemon?
<ivoks> well, technicaly, it's doable with cron :)
<ivoks> but that would be a wicked hack, not a solution
<Hecate> man cron: cron then wakes up every minute, examining all stored crontabs, checking each command to see if it should be run in  the  current  minute.
<ivoks> right
<ivoks> so:
<ivoks> * * * * * sleep 1; do_somethinw
<ivoks> * * * * * sleep 2; do_something
<ivoks> * * * * * sleep 3; do_something
<ivoks> ...
<ivoks> would be a wicked hack :)
<Kirill_> ivoks: are you using "wicked" as a positive is? :P
<Hecate> i think forking a script into background that uses an infinite loop and a sleep(10) which thus executes your command every ten seconds, would kill much less performance.
<Kirill_> Hecate: thanks I'll look into it! :)
<Kirill_> ivoks: if I can't get that script working I'll use that, thank you :)
<ivoks> :)
<Hecate> you're welcome
<troglobyte> i did the "encrypt home directory" on install of Server 9.04.  Is there a way to back out of that with out re-installing?
<troglobyte> I found this: http://ubuntuforums.org/showthread.php?t=1135796
<troglobyte> but want to confirm before I really break something
<mathiaz> jdstrand: hey - who sponsored ufw to debian?
<jdstrand> mathiaz: kees
<jdstrand> kees is my man ;)
 * jdstrand waves to kees
<mathiaz> jdstrand: when was the first release of ufw available in Ubuntu? hardy?
<jdstrand> mathiaz: yes. See https://wiki.ubuntu.com/UbuntuFirewall for versions in Ubuntu
<jdstrand> (and other stuff)
<mathiaz> jdstrand: great - thank ya
<jdstrand> np
<maxb> troglobyte: *FIRST* you need to copy all your data out of the encrypted area, then ensure the user is not logged in, so that the encrypted layer is unmounted, and "mv .ecryptfs .ecryptfs_disabled" (as root, obviously) - "Le Rob" misspelt the name of the thing. Take note that some of the files required to mount private area are in fact stored in /var/lib/ecryptfs/USERNAME (to which ~/.ecryptfs is a symlink)
<troglobyte> maxb, appreciate it!
<diffra> stupid question about encrypted home dirs -- does root have access to them?
<ivoks> not if user isn't loged in
<maxb> but yes, when they are
<dinger1986> has anyone ever heard of an opensource timesheet program
<Sam-I-Am> jmedina: you around?
<jmedina> Sam-I-Am: yeap
<Sam-I-Am> so i've figured out that using launchpad PPAs is near impossible
<Sam-I-Am> they dont allow binary uploads
<ivoks> lol
<ivoks> point of ppa is to build source
<Sam-I-Am> it makes my dependencies a huge mess which means each thing i'm building almost needs its own PPA
<Sam-I-Am> ivoks: i viewed it as a place to host source and binary packages
<Sam-I-Am> not compiled somewhere else where i can't monitor exactly how they're getting built
<Sam-I-Am> for example, i had to manually install some libraries (.deb) from jaunty on hardy... i didnt build them, they just installed fine.
<Sam-I-Am> however, launchpad wont know what to do
<Sam-I-Am> so it looks like i also need to build all those libraries
<Sam-I-Am> i build in chroots so my packages don't wind up having interdependencies... which means i'll need to upload all the same source dependencies for everything i'm building (or something like that)
<Sam-I-Am> jmedina: so if you want these packages either it'll have to wait until i can wrangle launchpad into working... or i'll put up a web server and you can just grab them there.
<infinity> Sam-I-Am: Having hardy packages depend on binaries from jaunty kinda defeats the whole purpose of a PPA.  If you need to backport jaunty versions to make it work, then do that in the PPA as well.
<Sam-I-Am> infinity: thats what its looking like
<infinity> (Nevermind defeating the purpose of a PPA, having an older suite depend on a newer one defeats the purpose of suites...)
<Sam-I-Am> well, for example, theres no libcap2 in hardy
<Sam-I-Am> but the jaunty one installs fine
<infinity> And what's wrong with building against libcap1?
<infinity> I suspect it's just a matter of s/libcap2-dev/libcap-dev/ in your Build-Depends, and boom, it builds on hardy.
<Sam-I-Am> well, some things work like that
<Sam-I-Am> an example of one that doesnt is samba and openldap
<Sam-I-Am> they hork with older libraries
<infinity> Things that don't work like that require backporting either the code to work with older libraries, or the newer libraries to the older suites, yes.
<infinity> Again, that's kinda the point.
<infinity> Telling me that I can only use my 2003 car with gas released in 2006 isn't helpful. :)
<Sam-I-Am> i try to minimize backporting dependencies
<Sam-I-Am> thats why i'm using chroots... so something that builds find against oldlibversion doesnt magically find newlibversion and compile against it.
<Sam-I-Am> just talked with some folks in #launchpad ... think i figured out how i need to work this... might just be more complex than initially determined.
<maxb> Installing binaries built for jaunty into a hardy system is somewhat dodgy. Sometimes it'll work, yes, but each case needs careful individual verification
<Sam-I-Am> i usually test those first
<Sam-I-Am> its few and far between
<maxb> Generally people prefer to rebuild the jaunty source in a hardy environment (with a suitably ~suffixed version number)
<Sam-I-Am> yeah thats the majority of what i'm doing
<Sam-I-Am> except for 2 libs i just slurped from jaunty
<Sam-I-Am> i'll just build them from src
<Sam-I-Am> its just more chroots for me
<maxb> Do ensure you ~suffix the version even if you make no other changes
<maxb> Why is it more chroots?
<Sam-I-Am> i build every package in its own chroot
<maxb> why?
<Sam-I-Am> so it wont accidentally start depending on something it shouldnt
<maxb> You are aware of pbuilder, right?
<Sam-I-Am> like openldap for example... even if you tell it to build against gnutls, it'll toss openssl in its dependencies if the openssl dev libs happen to be there
<Sam-I-Am> i've heard of it... but i usually use dpkg-buildpackage
<maxb> You *really* want to invest the time to learn pbuilder
<Sam-I-Am> i build openssl against gnutls and also openssl... so those live in two different chroots
<Sam-I-Am> mmkay... i'll have a look at it
<Sam-I-Am> thanks for the tip
<Sam-I-Am> might simplify life :)
<Sam-I-Am> time for a meeting
<maxb> With pbuilder, you have *one* chroot per distroseries, and it installs the appropriate packages as specified by the packages Build-Depends for each build
<ivoks> i hate when someone doesn't even answer when you offer him help
<billybigrigger> can anyone here suggest a good looking, but lightweight wembail client, my server is an old pos :P
<billybigrigger> like 166mhz 98mb ram :P
<Sam-I-Am> webmail... client?
<Sam-I-Am> isnt that a web browser?
<billybigrigger> well yeah, but you need a webmail client for postfix, to be able to view it with your browser
<jmedina> that is really old machine
<billybigrigger> lol yes it is
<jmedina> that machine wastes a log of energy, you better drop it
<billybigrigger> my dad donated it to me, i had no idea how long it was sitting in his basement :P he said it hadn't been turned on in 2 or 3 years
<jmedina> *lot
<billybigrigger> i have a decent energy efficient 380w psu, amd x2 5000 cpu, 2gb ddr2 800 ram, and 2 raid disks for a new server...
<billybigrigger> just no case or am2 motherboard :(
<billybigrigger> and broke as a joke right now...
<billybigrigger> i was using my desktop to multi-task as a desktop/server running apache, mysql, postfix/dovecot and doubling as a desktop though just doesn't work
<billybigrigger> so this pold pentium will have to do for now :P serves my mail fine :P
<billybigrigger> but you are right about the energy consumption
<drurew> need an http web admin interface for a debian vps, any sujestions?
<jmedina> drurew: what kind of VPS?
<drurew> jmedina: virtual debian (from hosteurope.de)
<drurew> im a server noob
<drurew> :)
<jmedina> I dont know that "virtual debian" means, there is a log of virtualization products and...
<jmedina> drurew: so what do you want to admin from that web ui?
<drurew> jmedina: yeah, id like to be able to create accounts, admin mail etc
<jmedina> mmm
<jmedina> so you already have a mail system?
<drurew> jmedina: yeah, mail is setup, however id like to be able to admin a few different mail accounts for some friends to be able to host pages and junk
<drurew> :)
<drurew> jmedina: also things like setting up my domain etc as well as general apache2 configuration is blowing my mind
<jmedina> I dont know anything that does that
<jmedina> most web uis works for a specific configuracion
<jmedina> probably you can install ebox
<jmedina> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<drurew> mainly , just needing an http interface so people can login with their accounts and set things up, yeah ebox, isnt that a dist tho ?
<jmedina> nop, you can install packages
<drurew> how would sftp hold up against ebox?
<jmedina> dont know
<jmedina> I dont use ebox
<drurew> is it compareable?
<jmedina> to what
<drurew> ebox
<drurew> why dont i just install both :)
<billybigrigger> jmedina::: is it possible to install a virtual server os somewhere, and then make an image of it? so i can run the virtual server on this desktop, and in the future when im ready with my new server, to burn an image of the virtual server and have it up and running on the new server already configured?
<drurew> hey im trying to install ebox on my server, apt-get /aptitude wont let me install it because there is no verification key for the launchpad site, how do i manually add a verification key (via terminal of course) ? :)
<diffra> hint: apt-key add should be your friend there, but i don't know the exact instructions
<MaxMax> Hey guys got a question on deploying ubuntu client in a server envoirment can anyone help or am i in the wrong place
<tomsdale> it's a little less traffic in here - just ask your question for the naming convention and if someone knows they will reply
<MaxMax> ok thanks man appreciate it
<MaxMax> I was wondering on the following
<MaxMax> does Ubuntu support "UPN" for user ID"s that is a log in name of something like j.smith@123.come   etc
<drurew> hashing it out again maxmax
<drurew> ?
<MaxMax> well yea, Tomsdale suggested i try here
<MaxMax> :)
<MaxMax> I had not got a real answer as of yet so trying again
<drurew> http://adsearch-winzero.blogspot.com/2007/10/userprincipalname-user-principal-name.html
<drurew> !upn
<ubottu> Sorry, I don't know anything about upn
<infinity> MaxMax: What problem are you trying to solve here?  Mass virtual hosting?
<drurew> login via upn
<MaxMax> hi
<MaxMax> I want to use UPN names for users to log into a ubuntu workstation
<drurew> MaxMax: http://blog.scottlowe.org/tag/unix/
<MaxMax> checking
<infinity> Oh, probably would have been helpful if you'd mentioned something about Active Directory in your original question. :)
<MaxMax> Well its not really AD related
<infinity> UPN is an AD attribute.
<MaxMax> Yes it is, but
<MaxMax> on say an XP box I can create a user account using UPN type name and not have that box as part of a AD domain.
<MaxMax> just have it as a stand alone Workstation
<MaxMax> thats wht I was trying to get ubuntu to do
<MaxMax> there are two parts.
<MaxMax> The client OS has to support UPN's if that client is ever to talk to a AD server
<jamesrfla> would this be a good place to ask a question regarding apache and mailman?
<infinity> MaxMax: Well, yes and no.  When you start enabling all the AD-required bits, they somewhat take over the classic authentication and authorization methods that a UNIX/Linux system would use.
<infinity> MaxMax: By default, with passwd-style shadow auth, UPN usernames would be illegal.
<MaxMax> aH i SEE
<MaxMax> I think you have found the problem infinity
<MaxMax> So it looks like the OS does not support this
<MaxMax> I bet that goes back to the 70's when bell labs created unix,
<MaxMax> So its more a unix problem than a ubuntu problem, really on in the same but beyond your control at the moment
<MaxMax> one ^
<infinity> MaxMax: Well, like I said, if you install and configure all the samba-related bits required to make your machine behave as an AD client, you can certainly get UPN passthrough auth to an AD master.
<infinity> MaxMax: But, other than "being like Windows", there's no particularly valid reason why the underlying system needs to support usernames like that.
<MaxMax> Yes you can, but the problem is you have to use two seperate user id's
<MaxMax> you will use a user id of say 123 for logging into the os and then another to auth on the smb enabled share
<MaxMax> no reason you got to be kidding ?
<MaxMax> I beg to differ,
<MaxMax> let me explain.
<MaxMax> For a home user UPN names dont ammount to a hill of beans for logging into your workstation be it windows or unix its a non issue. now....
<MaxMax> if you work for a company or corporation typically they have IT standards for certain things. One of our standards is how user names are specified. in our case the users use their e-mail address to log in , like m.hello@123,com etc
<MaxMax> this means that users can simply log in with one user id and have access to all resources they are allowed to access
<MaxMax> In the corporate world this is a huge deal
<MaxMax> again home user its a non issue
<mathiaz> MaxMax: why don't you just use the login part (ie the user principal)?
<mathiaz> MaxMax: if you setup kerberos correctly on an Ubuntu system, kerberos will autoamtically appends the realm to your login
<MaxMax> Yes that will work but its not the same as the standard so hence its not do-able
<MaxMax> well let me put that another way. The up part would be SAY J.SMITH but ubuntu dont like the . period in the name
<MaxMax> it cant be used
<MaxMax> so the up prat does not work either
<MaxMax> so j.smith does not work or j.smith@123.com dont work
<MaxMax> jsmith would work ok but thats not standard
<MaxMax> I appreciate you guys taking the time to analyze this with me
<MaxMax> My buddy works for motorola here in the USA.. they had the same problem as I do in trying to deploy ubuntu into a corporate envoirement
<infinity> MaxMax: Mapping logins to unix user IDs can be done transparently with the samba PAM modules, AFAIK.
<infinity> MaxMax: There's no reason the GDM screen can't accept a "UPN", shove that to PAM, then have it translated to a different local username.
<infinity> MaxMax: If your users care deeply about what username shows up under "ps axu", then they really don't want to see how Windows represents it all internally.
<MaxMax> It does not have anything to do with samba Infinity Samba emulates MS SMB Protocol. Samba does not do auth in a AD envoirment
<MaxMax> Samba is similar to NT Lanman server thats legacy stuff dating back to nt4 win 3.1 etc
<infinity> MaxMax: No, but samba ships with some PAM modules to ease this sort of pain.
<infinity> In the end, what you're really looking for here is PAM glue.
<infinity> Because, you'll never have local user accounts that look the way you want.
<MaxMax> pam glue ? humm whats that I had not heared of it
<infinity> But local accounts don't matter, it's what the user types to login that matters to you.
<MaxMax> no local accounts do matter. they have to be able to use upn or j.smith for local login excluding any networking
<infinity> Local login != local accounts.
<infinity> "Local account" is just what you see in "ps" or when typing "whoami".  And has very little to do with what you typed to authenticate to PAM.
<MaxMax> ok
<MaxMax> well what i need then is for the os to accept local accounts that use upn and for pam to accept this also
<infinity> I'm stuck on a tiny terminal right now, upgrading my laptop, so web browsing's a bit of a non-starter, but I'd recommend searching for things like "PAM Active Directory UPN" and seeing what you can come up with from people who've been here before.
<MaxMax> I have done a fair number of searches, it looks like all flavors of linux has the same problems
<MaxMax> Perhaps the issue really come down to the actual nix core in that this was never given a high priority from a update standpoint
<MaxMax> hence the pain in deployment
<jmedina> what is "upn"?
<MaxMax> UPN = Universal Principal Name
<jmedina> MaxMax: o_O, what are they used for?
<MaxMax> I would really love to be able to deply a few WS's but gosh so many road-blocks, it makes things a bit tough
<jmedina> kerberos?
<MaxMax> the term comes from AD active directory
<mathiaz> MaxMax: have you looked at likewise-open?
<MaxMax> a upn name looks like your e-mail address
<MaxMax> Likewise is total Junk :)
<MaxMax> been there it does not work as documented
<mathiaz> MaxMax: why? - it seems to solve the issue of integrating linux systems in AD for authentication
<MaxMax> well not really, if you use likewise to auth to AD your still going to have to use a different user id to log into you nix workstation
<MaxMax> I dont believe Likewise is even using upn names to pass to the AD controller its just using the first part of the name which would be supporetd via AD
<MaxMax> like accessing a network resource with like \\123 as opposed to \\123.net etc
<MaxMax> but likewise is not my issue
<MaxMax> the issue is that I cannot create a user accont with a UPN name
<MaxMax> If i can get past this point I will be good to go in getting some WS's deployed
<Sam-I-Am> maybe you're thinking about realms
<Sam-I-Am> user@realm
<Sam-I-Am> smells like kerberos
<MaxMax> no nothing to do with it
<daxroc> evening all
<MaxMax> hi
<MaxMax> let me explain
<MaxMax> Suppose you have a XP pc. On that xp pc you can create a user called j.monk@123.local
<daxroc> Are there any tools to monitor LSI hardware raid ( megaraid_mbox, megaraid_mm)
<MaxMax> I am trying to create a user on ubuntu that is the same as what I do on xp
<MaxMax> this would be a local user account
<Sam-I-Am> i have users here authenticating to ad with first.last format usernames... but not local users.
<Sam-I-Am> dont see why it wouldnt let you...
<MaxMax> if you could try create an account like j.smith@123.local on your ubuntu box and let me know if it works that would be real helpfull
<Sam-I-Am> matt.test:x:1001:1001::/home/matt.test:/bin/sh
<Sam-I-Am> there
<Sam-I-Am> worked here
<Sam-I-Am> adduser gets pissy unless you change the regex for valid usernames
<Sam-I-Am> but useradd works fine
<MaxMax> from the gui ?
<Sam-I-Am> no, from a terminal
<Sam-I-Am> probably runs the same script though
<MaxMax> try it from the gui
<MaxMax> like try m.test@123.net as a user id
<Sam-I-Am> i dont have a gui on my machines
<uvirtbot> New bug: #377627 in openssh (main) "package openssh-client 1:5.1p1-5ubuntu1 failed to install/upgrade: subprocess post-installation script killed with signal (segmentation fault)" [Undecided,New] https://launchpad.net/bugs/377627
<maw> y0
<Sam-I-Am> but theres probably a config file somewhere that tells it a list of valid formats
<jmedina> ubuntu server esont have GUI
<jmedina> doesnt
<MaxMax> well I was talking about the ubuntu client
<Sam-I-Am> look at /etc/adduser.conf
<maw> are there docs to show how to merge packages in the repositories? For example, if I want to test/contribute to the repositories?
<maw> not sure how to do that
<MaxMax> it dont work here
<Sam-I-Am> the regex is in there
<MaxMax> the . and @ are not supported
<Sam-I-Am> maw: google for contributing to ubuntu.  if its an existing package you'd probably need to join the maintainers.
<Sam-I-Am> if its a new package then you have to go through a bit to get it in the distro first
<maw> ah
<Sam-I-Am> in the meantime you can use PPAs on launchpad.net
<maw> well it is Snort
<maw> it is already there
<Sam-I-Am> what are you changing?
<maw> but the version in the repo is not supported
<maw> I just want the new version updated
<maw> not sure who owns that task
<MaxMax> sam If you are able to create a user like that on the server will it allow you to login to that account ?
<maw> I emailed the maintainer list
<maw> and updated the launchpad bug
<Sam-I-Am> is there a newer version in a more recent release?
<maw> https://bugs.launchpad.net/ubuntu/+source/snort/+bug/281014
<uvirtbot> Launchpad bug 281014 in snort "Please merge snort 2.8.4.1-1 (universe) from Debian experimental (main)" [Wishlist,Confirmed]
<Sam-I-Am> you can do a non-maintainer upload for the package usually
<Sam-I-Am> the maintainers will look at it
 * maw is Chris (in that posting)
<Sam-I-Am> alternatively just build your own :)
<maw> ya...
<maw> if there is no action
<maw> I will remove the repo version
<maw> and compile from source
<Sam-I-Am> or you can just install the debian package
<Sam-I-Am> if its updated
<maw> debian is usually a lot slower to update things :P
<Sam-I-Am> so you want it to go from debian to ubuntu...
<mathiaz> maw: look at https://wiki.ubuntu.com/UbuntuDevelopment/Merging
<maw> no.. someone else suggested that
<maw> thanks amt
<maw> mathiaz
<Sam-I-Am> if you can install and test it on ubuntu karmic then tell the maintainers it'll be a little quicker in moving there.
<maw> I am using 8.04 LTS... so that would be the platform I would test on
<Sam-I-Am> you wont get a new package added to LTS
<Sam-I-Am> *maybe* in backportsd
<mathiaz> maw: merges are only relevant to the developement release (karmic these days)
<maw> is this considered a new package?
<Sam-I-Am> its not a security fix
<maw> ah I see
<Sam-I-Am> so it wont hit an old release
<Sam-I-Am> it'd go in karmic.. but nothing stops you from installing it in hardy
<mathiaz> maw: new versions are not available for stable releases
<Sam-I-Am> i backport crap all the time
<Sam-I-Am> from whatever to hardy LTS
<maw> ok
<maw> I was mostly interested in the process, mathiaz provided the link for me
<mathiaz> maw: you could work on getting a backport accepted and published: https://help.ubuntu.com/community/UbuntuBackports
<maw> ok, noted
<mathiaz> maw: but first the version has to be in the developement release
<maw> I see
<maw> well that's unfortunate as Snort2.7 is useless now
<maw> so anyone installing from repo has depracated software
<Sam-I-Am> thats how LTS works unfortunately
<maw> *deprecated
<Sam-I-Am> or any older release
<Sam-I-Am> but nothing stops you from taking a newer version
<Sam-I-Am> sometimes they Just Work other times you get to rebuild them
<maw> if it is known that a package is deprecated it should be dropped from the repo
<Sam-I-Am> if you want to see deprecated, go run rhel or centos
<Sam-I-Am> most of the stuff in there is EOL by upstream
<Sam-I-Am> openldap, dhcp, bind9, etc
<mathiaz> maw: the next step for merging snort is to get a debdiff prepared for the new package, attach it to bug 281014 and ask for sponsorship
<uvirtbot> Launchpad bug 281014 in snort "Please merge snort 2.8.4.1-1 (universe) from Debian experimental (main)" [Wishlist,Confirmed] https://launchpad.net/bugs/281014
<mathiaz> maw: https://wiki.ubuntu.com/SponsorshipProcess
<maw> ok, thanks for pointing me in the correct direction
<nick125> Good afternoon. I'm having an issue installing Ubuntu Server in VBox (9.04). It keeps locking up at the hardware discovery step. Any ideas on what to try?
<glen1> nice
<glen1> hmmm
<diffra> do any of the terminals have any error output?
<glen1> not sure I only worked on ubuntu via dedicated
<diffra> alt+f2/3/4/5 (i'm not sure which one shows logs at the moment.)
<nick125> alt+f4 shows the logs, but nothing interesting.
<diffra> what's the last thing it does that it's getting hung up on?
<nick125> Starting PCMCIA Services..but I'm trying to verify the ISO integrity through the installer menu (yeah, I could md5sum it..but)
<nick125> When I try to install, it hangs up at 2% on detecting hardware
<nick125> Let me check the logs on an install attempt and see where its hanging there
<nick125> ... How did I know that'd be my luck. Now I try it once I ask for help, and it appears to no longer hang
<diffra> it's afraid of us :)
 * nick125 continues on this install, in the hope he can get the hang of this enough to move his server over :)
<glen1> is it hard to set up my own email server?
<glen1> or is that a bad thing if hackers wanted to ddos it lol
<nick125> glen1: It's not _too_ terribly difficult to do, but it's a bit of work to maintain.
<glen1> what do I have to maintain
<nick125> I eventually got tired of maintaining my mail server and moved my mail over to Google Apps for Domains.
<diffra> glen1: ditto what he said.  also, if you're wanting to do virtual domains, there's a higher level of complexity.
<glen1> ahh cause Im settin up a little hosting thing to do for fun
<glen1> and Im wondering about email. I know cpanel allows the user to create them but I was thinking of my dedicated server to them :D
<glen1> fun stuff!
<diffra> things like spam filters need to be updated.  keeping the smtp daemon up to date in case of bugs that could allow outside access.  You should run a proactive daemon like fail2ban that blocks users from brute forcing passwords
<nick125> Ugh...you won't believe how much I hate cPanel.
<glen1> diffra, can I create a cron job to update everything
<nick125> I had to install it a couple times for customers when I was in the hosting business. It..............sucks.
<diffra> i hate administering cpanel.  From an enduser prospective, it's great (I use a cpanel account for my family photo gallery for instance.)
<glen1> nick125, what other panels are better
<diffra> i think running apt via cron is discouraged.
<diffra> NOT LXadmin!
<nick125> glen1: I found directadmin to be *marginally* better, but I'm not even sure they still develop it.
<glen1> lol is that from the guy who hung himself
<diffra> yep.
<glen1> xD
<glen1> poor guy
<glen1> direct admin looks cool
<diffra> well, the circumstances are bad, but the guy that found the exploit gave him at least 2 weeks to respond before releasing it.
<glen1> jeez
<nick125> I mean, DirectAdmin might be crappy...but it's cheap. cPanel is crappy _AND_ expensive.
<glen1> he probably meant it as a big fuck u b4 he went
<glen1> Any open sources ones?
<nick125> As far as control panels go, there are a few...but when I tried them, they were a nightmare to use.
<nick125> Then again, I was trying to use them on Gentoo, so that could contribute just _slightly_ to the nightmare.
<glen1>  hehe
<glen1> how much is directadmin
<glen1> sry theres a link lol
<glen1> my bad
<glen1> monthly license for 1 server?
<nick125> ouch, it looks like they really raised the prices.
<glen1> :O
<glen1> what was it b4
<nick125> I remember getting VPS licenses for $5/month.
<glen1> :O
<glen1> its basically the same price as cpanel
<glen1> cpanel price is not so bad when you have alot of users on 1 server I guess
<diffra> there's webmin/usermin
<FFForever> how can i keep people from being idiots?
<glen1> shotgun to face
<glen1> :P
<nick125> FFForever: I have an idea, but it's illegal....so
<glen1> I bookmarked webmin page
<FFForever> nick125, i am open to all ideas :)
<nick125> Dammit glen1, you gave away my idea :P
<glen1> ha
<nick125> Or you could lock them in a bomb shelter, just as long as the lock to the door is on the outside. Of course, make sure it's shielded so they can't call the police.
<glen1> diffra from an ease of use perspective whats the winner in the webhosting panel game haha
<glen1> who are these ppl btw
<FFForever> this user keeps deleting his public_html folder and he wonders why his website won't load after he is done
<diffra> glen1: IMHO?  plesk.
<glen1> ill look it up
<glen1> FFForever, LOL
<FFForever> ive had 8 tickets from him about it
<FFForever> i am about to not renew his monthly service contract if he keeps doing it
<diffra> he's not asking you to restore backups, is he?
<glen1> its quite expensive
<nick125> FFForever: How much is that customer paying?
<diffra> glen1: you didn't say cheap :)
<FFForever> nick125, not enough
<glen1> lol
<glen1> charge him
<diffra> cheap, easy to administer, easy for end users.  Pick any 2.
<nick125> FFForever: Drop him, then. Or threaten to charge him for each support instance.
<FFForever> i like ehcp
<FFForever> its free ^_^
<diffra> yeah.  customers like that get moved to per incident support.
<diffra> also, can you set the directory permissions so he can't delete it?
 * nick125 had a client who bought an unmanaged VPS for $6/month and expected us to manage it..
<glen1> diffra, what two? cpanel and plesk?
<diffra> any 2 of the three features i listed.
<glen1> oh
<FFForever> nick125, you sell vps's?
<nick125> "I'm sorry, but this is an UNMANAGED VPS." "I'm leaving for Dreamhost!" What I wanted to say: "Don't let the door hit you in the a** on the way out."
<nick125> FFForever: Used to
<diffra> nick125: most people don't understand unmanaged.  I used to work for dotster support -- it's insane trying to reason with people.
<glen1> easy to administer, easy for end users mmmm, maybe take off the later and replace with cheap haha
<FFForever> dotster?
<diffra> yeah.  good guys for the most part.
<FFForever> How far would you be willing to go for unmanaged vps's?, nothing past i cant login?
<glen1> slicehost any good? Ill be making vps's soon
<diffra> <3 slicehost, glen1
<FFForever> glen1, i heard they are good but really pricey
<glen1> whats good about it
<FFForever> <3 prgmr
<diffra> FFForever: exactly.
<nick125> For a VPS, Slicehost doesn't seem that pricey.
<diffra> people coming from shared hosting got quite a shock.  "how do i add an email account?"  "well, that'll be $75..."
<glen1> lol!
<FFForever> diffra, i would be like uhhh FU! lol
<glen1> If I set up my own mail server
<FFForever> mail is a pita
<glen1> Should I give each mailbox big storage and charge a lot
<diffra> slicehost: awesome support (#slicehost), awesome servers.  very reliable.  one of my boxes is over 400 days uptime.
<nick125> diffra: That's part of the problem. Unmanaged VPSes aren't for people who don't know what they're doing.
<FFForever> i find community support to replace managed support is shit and slicehost should burn in hell for it
<nick125> And as far as pricing goes, if I could do the entire VPS thing over again, I wouldn't have a single plan below $25/month
<glen1> lol
<glen1> I sometimes prefer irc support
<glen1> over customer support
<diffra> community support and managed support are not the same thing
<nick125> Why? Because script kiddies can't slip $25 on their daddy's credit card without him noticing.
<diffra> also, the slicehost admins are in IRC, so you can talk to them directly.
<FFForever> glen1, i like irc support but when ur in a room with idiots that ask HELP i cant login 40x/hour i would get pissed
<glen1> nick125, Maybe soon u can have one of my vps soon lol
<FFForever> anyone who wants to give out free vps's im game :D
<nick125> glen1: The company no longer exists...well, it does, but I assume that my partner has ran it into the ground :p
<glen1> lol I would give them out to spread the word Im sure xD
<glen1> http://www.gigstrate.com
<glen1> Im near done
<glen1> just need to get pricing and write up a few things
<FFForever> glen1, cool hit me up when ur giving out promo (free) lifetime accounts :D
<FFForever> XD
<nick125> Supposely, in the first 2 months that I left the company, they were DDoSed about...10 times.
<glen1> lifetime lol
<glen1> lol nick125 what company?
<glen1> FFForever, If I did youll have to be a whore lol "HOSTING OVER HERE!!"
<nick125> glen1: atarack.com....the site doesn't even load anymore.
<glen1> what did they do
<glen1> does anyone else hate business people who dont have a clue
<FFForever> glen1, ill be a whore but i will never claim to give u sales :P
<glen1> they get a degree and think they know their shit
<nick125> Well...considering that I was the only person (out of two, including myself) that was somewhat people-friendly....
<glen1> haha
<nick125> Let's just say that my partner pissed a lot of people off.
<FFForever> nick125, i am not people-friendly but i do know my stuff :D
<glen1> lol irc peoples should start the next google
<diffra> There's a certain fun to pissing people off from the other end of the support line.
<glen1> lets ddos google!!!
<FFForever> glen1, i am sure google gets ddosed a few times a minuet lol
<glen1> jk btw theyll rape your bandwidth
<nick125> diffra: But not when they toss 1gbit at your routers.
<diffra> I was support, not IT.  What did I care?  ;)
#ubuntu-server 2009-06-13
 * diffra is glad to be out of phone support now.
<nick125> Then try to call up the colo place for a blackhole...."40,000 boxes?"
<nick125> "BOTS, YOU IDIOT! BOTS! NOT BOXES" "We're entitled to how much?"
<glen1> lol
<nick125> I wish I had that conversation somewhere...it was recorded.
<FFForever> LMAO!
<nick125> Then there were the bomb threats from customers....those were always fun.
<nick125> or rather, ex-customers
<FFForever> i love doing support
<FFForever> at the end of the day i tell them sorry but FU you stupid cunt
<FFForever> learn to configure shit correctly
<nick125> Of course, those were responded to by a rogue employee by "I'll level your whole neighborhood"
<FFForever> yeah =\
<nick125> I'm not sure answering a bomb threat with a bomb threat was the best possible response...but..
<FFForever> nick125, what is a good mail system with a small footprint?, also what would you use for smtp?, i am looking into dovecote and sendmail
<FFForever> maybe qmail if i get bored
<nick125> I used postfix/dovecot/mysql with pretty good success
<FFForever> will postfix run with mysql?
<nick125> yep
<nick125> Well, it'll store user information in MySQL easily.
<FFForever> will postfix allow for mail to be store in usrdir and a different dir for each mail account?
<FFForever> also will it chown the mail as the local user
<nick125> I'm sure it will, but I never did that to be honest. I mainly used virtual users in MySQL
<FFForever> well i like users running from mysql but i need them in the users dir for quota
<nick125> In MySQL, you can specify where it stores mail...as far as chowning it to the user, I _think_ you can do that as well, just setup the uid/gid map in MySQL.
<nick125> Of course, you'll probably want to setup a script for adding/removing users.
<FFForever> well yeah
<FFForever> i am working on a django management system
<nick125> Awesome.
<nick125> At the VPS provider, I worked on a Django Management System....it was nice, but my partner didn't like it, so he broke out Python, CGI and ElementTree and uh....went to work.
<nick125> Let's just say I about vomited when I read the code.
<nick125> He was generating HTML with ElementTree.....
<nick125> As in...html = Element("html"); body = Element("body"); html.append(body); body.bgcolor = "#ffffff";
<nick125> you get the idea
<nick125> Anyways, I have to go for a bit. See you all later!
<nick125> Hey everyone
<pteague> ok, this is weird... my vmware server won't let me arrow up/down & right ctrl is apparently either the end key or the page down key
<foxbuntu> pteague, sounds like yo selected a bad keyboard option, or maybe you need to just disconnect and reconnect to the virtual console
<pteague> google to the rescue - http://communities.vmware.com/thread/177321
<pteague> which *chroot package do i need in order to use chroot?
<charly> Hello, I want to setup a mirror repository of http://mark.tester.be on my local server, Can anybody tell me how to do that?
<LMJ> Hi
<LMJ> I've got since a couple of days this error in a bash script running rsync over ssh : "Corrupted MAC on input" and the transfert stops, have you seen this before ?
<jmarsden> LMJ: That error is usually caused by underlying hardware or network issues corrupting the data stream.  Bad switch? bad network cabling?  Bad RAM in one or other of the machines involved?  etc...
<Mal3ko> how do you instal xfce under ubuntu server?
<Mal3ko> apparently wine refuses to launch win32 console app im trying to launch under the os
<jmarsden> Mal3ko: You could probably do:    sudo apt-get install xubuntu-desktop  # BUT then you'll have a machine that is not really ubuntu-server any more... you'll have a sort of hybrid between ubuntu server and xubuntu -- and support for that, on IRC or elsewhere, will be hard to find.  If you need a GUI, install and use Ubuntu (or Kubuntu or Xubuntu) Desktop, not Ubuntu Server.
<Mal3ko> jmarsden
<Mal3ko> ive just read something at winefaq..
<Mal3ko> 3.12. Will Wine run under any X window manager? Does it require a window manager at all?
<Mal3ko> "Wine is window manager independent, so the X window manager you choose to run has (almost) no bearing on your ability to run MS Windows programs under Wine. Wine uses standard X libraries, so no additional ones are needed. Wine has its own window management, which acts like MS Windows. It can be turned off to use the native window manager by modifying Managed or Desktop settings in winecfg. "
<Mal3ko> does that mean, i dont need the xfce to run the win32 app in wine..?
<Mal3ko> i only need xorg right?
<simplexio> Mal3ko: maybe..
<simplexio> Mal3ko: but you dont need gonme, kde or xfce to start X and x-terminal for an example
<drurew> typically , where would mail sent to "root" be located ?
<PhotoJim> drurew: not positive, but either /root/.Maildir or /var/spool/root/...?  I think the latter is more likely in a default installation.
<PhotoJim> drurew: I usually just install the shell mail app mutt, and you can read email directly that way.  or forward in your /etc/aliases so that root goes to your account
<drurew> thanks PhotoJim
<PhotoJim> np
<PhotoJim> if you do /etc/aliases, don't forget to run newaliases in a shell, to make it take effect.
<Predominant> I've been following this guide: https://help.ubuntu.com/9.04/serverguide/C/postfix.html but I can't find the package "dovecot-postfix" in apt
<drurew> PhotoJim: Im setting up my new vps and im getting a crazed feeling :)
<Predominant> Has this package changed, or been removed?
<drurew> Predominant: i just installed it a few min ago
<drurew> lemme get you the name
<Predominant> drurew: Wouldn't happen to be going down the email virtaulhosting path, would you?
<drurew> yup i am
<drurew> its a bitch
<drurew> :)
<pteague> how do i set the locale (or compile the locale?)...  i've used debootstrap to create an intrepid image, but i'm getting all sorts of errors trying to install anything else because locale hasn't been set yet
<Predominant> Thats exactly what I need to be doiung
<Predominant> drurew: Where are you up to?
<drurew> Predominant: MTA postfix
<Predominant> ?
<drurew> Predominant:im following http://flurdy.com/docs/postfix/#intro
<Predominant> I followed that, and ended up with a mess
<drurew> Predominant: i think when you say dovecot-postfix your actually talking about two packages
<Predominant> I thought the serverguide would be accurate: https://help.ubuntu.com/9.04/serverguide/C/postfix.html
<drurew> Predominant: what are you folloing now
<drurew> http://packages.ubuntu.com/sv/jaunty/dovecot-postfix
<drurew> Predominant:im configuring :/etc/postfix/main.cf
<drurew> im going to try via webmin (shoudl be easyer
<drurew> )
<Predominant> Argh
<Predominant> I am on hardy
<Predominant> Stupid VPS provider
<drurew> Predominant: yeah but just the same, just switch out "jaunty" for "hardy" and it should work
<drurew> (dont tell anyone i told you )
<drurew> :D
<Predominant> I should probably upgrade the system
<Predominant> maybe
<drurew> the spools (mirror) is built the same ... it worked for my local systems
<drurew> i have the problem that my host (hosteurope) has their own repos and yeah i can change them but it will give me more traffic (dont want that right now)
<drurew> Predominant: you could also wget the packages for jaunty and dpkg them
<Predominant> eww
<drurew> for your hardy box
<drurew> its not hard
<drurew> i had to do that for a closed box that had no internet connection and was to host repos for this closed network, needed to install apache and managed, the system didnt crap out on me
<Predominant> https://help.ubuntu.com/8.04/serverguide/C/postfix.html
<Predominant> I will follow that
<simplexio> pteague: export lc_all='en_EN.UTF-8'
<pteague> nope, even with that i still get a perl warning... please check your locale settings: LANGUAGE = (unset), \ LC_ALL = "en_EN.UTF-8", \ LANG = "en_US.UTF-8" \ are supported and installed on your system
<pteague> & i can't figure out what i'm supposed to install or run to configure it...  i found something that said to run `dpkg-reconfigure localeconf`, but there's no localeconf package in intrepid
<ivoks>  /usr/share/locales/install-language-pack en_US.UTF-8
<pteague> en_US.UTF-8... localedef: unrecognized option '--magic=20051014'
<drurew> Predominant: IT WORKS!!!
<Predominant> What did you do
<drurew> i installed webmin
<drurew> :D
<drurew> (im such a noob)
<Predominant> Dont argue with results.
<Predominant> :)
<drurew> Predominant: try and spam me
<drurew> no dont
<Predominant> nho
<drurew> heh
<drurew> now for gpg encryption
<drurew> !gog
<ubottu> Sorry, I don't know anything about gog
<drurew> !gpg
<ubottu> gpg is the GNU Privacy Guard.  See https://help.ubuntu.com/community/GnuPrivacyGuardHowto and class #8 on https://wiki.ubuntu.com/ClassroomTranscripts
<drurew> point me at a "howto" use gpg keys with webmin mail please
<pteague> ok, apparently i'm missing data files somewhere or something because running `/usr/share/locales/install-language-pack en_US.UTF-8` gives me an error about unrecognized option '--magic=20051014' & even `/usr/share/locales/install-language-pack en_US.UTF-8 UTF-8` seems to work (no errors), but subsequently still leaves me with no locale installed... :(
<pteague> http://pastebin.com/m60571584
<simplexio> pteague: do you have /usr/share/i18n/SUPPORTED stuff there
<simplexio> pteague: its only files tha man locale mention using
<pteague>  /usr/share/i18n/SUPPORTED exists
<pteague> & has 3 en_US entries...
<pteague> UTF-8, ISO-8859-1, & ISO-8859-15
<cvw> quick question, does the ubuntu server boot to the command line or gui?  (prefer command line)
<cvw> sorry,I should specify the live cd
<pteague> ubuntu-server cd boots to a command line gui
<cvw> awesome, ty
<cvw> err, command line gui?
<Nafallo> (and doesn't have a live cd AFAIK)
<cvw> it's eitehr all text or all gui, which is it?
<pteague> uses ascii characters to make menus
<simplexio> cvw: to cli, if you dont add gdm or similiat to start at boot
<cvw> pteague: ascii is not gui :)
<simplexio> yes it is
<simplexio> gui = grafical user interface, even ascii characters are grafics
<cvw> well, it's my opinion then, we'll leave it at that
<simplexio> try use mc and say that its grafical user interface, or iptraf
<simplexio> or mplayer with aalib :)
<cvw> simplexio: I do, however, text-only is not images, icons, etc. which constitute GUI.  Anyhow, this is a silly discussion.
<cvw> cheers
<drurew> !dns
<ubottu> DNS is an acronym for Domain Name System, and is an internet system used to translate names into IP Address.
<FFForever> !django
<ubottu> django is a high level python web framework that encourages rapid development and clean, pragmatic design. - see http://www.djangoproject.com
<FFForever> !apache_django
<ubottu> Sorry, I don't know anything about apache_django
<FFForever> =(
<FFForever> !apache+django
<ubottu> Sorry, I don't know anything about apache+django
<drurew> !rails
<ubottu> Sorry, I don't know anything about rails
<FFForever> !ror
<ubottu> Sorry, I don't know anything about ror
<FFForever> !rubyonrails
<ubottu> Sorry, I don't know anything about rubyonrails
<FFForever> !HAHA!
<ubottu> Sorry, I don't know anything about HAHA!
<drurew> :D
<Nafallo> !bot-abuse | FFForever
<ubottu> Sorry, I don't know anything about bot-abuse
<FFForever> :P
<drurew> thought rails was pretty cool
<Nafallo> !botabuse | FFForever
<ubottu> FFForever: Please investigate with me only with "/msg ubottu Bot" or in #ubuntu-bots.  Search for factoids with "/msg ubottu !search factoid".
<FFForever> but i know django is supreme ruler :D
<drurew> django is aslo cool esp if you already know some stuff bout building your page
<drurew> true true
<drurew> dev by cnn, i think
<FFForever> ive been using cgi for the last year and now i am moving to django
<FFForever> well python via cgi i should say...
<rock3> I am having an issue with php-mail on my ubuntu server.  Has anyone got time to help?
<jmarsden> rock3: Don't ask to ask, just ask.
<billybigrigger> whats the problem?
<rock3> I have to use phpmail feature for my joomla install.  I have installed the php-mail on the server but can't get any email out.
<rock3> Sorry I was on another channel and not paying attention to this one.
<rock3> I can't find much in the way of a manual or reference on how to insure it is setup right or test.
<dthacker> rock3: can you send mail from the command line?
<rock3> I am new to linux and ubuntu.  How do I do that?
<billybigrigger> rock3::: tail -f /var/log/mail.log while your trying to send mail
<dthacker> ^^^^what billybigrigger says
<uvirtbot> dthacker: Error: "^^^what" is not a valid command.
<billybigrigger> rock3::: oh...your new eh, do you know how to use the command line?
<drurew> dru laughs
<rock3> Somewhat.  I am remoted into the system with putty right now.
<drurew> points the finger
<dthacker> billybigrigger has a good suggestion
<giovani> rock3: use the "mail" command
<rock3> what "mail" command?
<drurew> terminal: mail
<billybigrigger> so your trying to send mail through joomla right?
<drurew> !konsole
<ubottu> The linux terminal or command-line interface is very powerful. Open a terminal via Applications -> Accessories -> Terminal (Gnome) or K-menu -> System -> Konsole (KDE).  Guide: https://help.ubuntu.com/community/UsingTheTerminal
<ivoks> mail
<rock3> Yes.  I am trying to send mail through my joomla.
<drurew> !mail
<ubottu> mail is another medium to communicate. Ubuntu mailinglists can be found at http://lists.ubuntu.com
<drurew> heh
<billybigrigger> do what i said in your terminal....tail -f /var/log/mail.log    this will watch your mail logs, then try and send the email
<billybigrigger> any errors will show up in your terminal
<billybigrigger> but i might have to ask a dumb question....do you have a working mail system at the moment?
<jmarsden> rock3: Basically, first check that email is working on your machine; then get email in PHP working on your machine.
<drurew> :D
<rock3> Tons of errors on terminal window.
<rock3> I am trying to use my isp's mail server.
<rock3> They allow relay so no issue there.
<billybigrigger> rock3::: well first check this link...
<billybigrigger> uuh well you still need dovecot or courier setup to relay mail from your server to your isp
<billybigrigger> https://help.ubuntu.com/9.04/serverguide/C/index.html
<uvirtbot> New bug: #386768 in dovecot (main) "auth-worker(default): malloc: 197212: Cannot allocate memory" [Undecided,New] https://launchpad.net/bugs/386768
<rock3> I am checking the link now.  brb.  Thanks.
<billybigrigger> read the mail section
<jmarsden> rock3: As for lacking docs... http://us3.php.net/manual/en/mail.requirements.php says you need a sendmail binary for the PHP mail stuff to work... did you fulfill that requirement with postfix (or sendmail or exim or whatever MTA you want to use) ?
<rock3> I have the sendmail configured but doesn't seem to work.
<rock3> I am thinking I have something wrong in my configuration.  But I am not sure what.
<ivoks> that's normal for sendmail
<ivoks> try with postfix
<rock3> I am going to the server to install postfix.  Brb.
<ivoks> ssh man
<jmarsden> rock3: Going to it?  Just sudo apt-get install postfix  # no need to go anywhere
<rock3> I can't be remoted in and install.  I have an issue with internal nic and external nic.  I can have one or the other enabled.  If both are enabled I can't get into server or can't install or do updates.
<rock3> I am trying to resolve that issue as well.
<ivoks> i guess you have misconfigured routes
<ivoks> lets solve that issue first
<rock3> What do you want me to do?
<ivoks> enable only local interface
<ivoks> and ssh to the server
<rock3> It fails.
<rock3> Or ssh to the local ip?
<ivoks> ssh to local ip, yes
<rock3> On sec.
<rock3> okay, I am in.
<ivoks> now paste content of /etc/network/interfaces on paste.ubuntu.com
<rock3> Done.
<ivoks> and the link is...?
<rock3> http://paste.ubuntu.com/195146/
<rock3> Sorry about that.  Too many windows open at same time.
<ivoks> so, you have only one interface defined
<ivoks> you said you have two
<rock3> The other is set for dhcp inside gnome.
<ivoks> don't do that
<rock3> This is how ubuntu installed.  I'm sure there is another way you are about to tell me.
<rock3> What do I do?
<ivoks> another nic is eth1, right?
<rock3> Correct.
<ivoks> s/another/other/
<rock3> What does that mean?
<ivoks> so, not eth0 is down?
<ivoks> now
<ivoks> ifconfig will tell you what's up
<rock3> If I enable etho1 then etho goes down
<ivoks> add this to /etc/network/interfaces:
<drurew> eth1 eth0
<ivoks> auto eth1
<ivoks> iface eth1 inet dhcp
<ivoks> how, the problem is that your dhcp server will provide your server with ip for default gateway
<ivoks> and you'll have two default gateways
<ivoks> which could be a problem in your setup
<rock3> I only want the interanl interface for internal comm. No need for gateway there.
<ivoks> ok
<ivoks> then you have to tell you dhclient to ignore gateways it recievs
<ivoks> in /etc/dhcp3 directory
<rock3> how?
<ivoks> there's dhclient.conf file
<rock3> one sec.
<ivoks> request ... routers,
<ivoks> remove that ' routers,'
<rock3> Done.
<ivoks> now bring eth1 up
<ivoks> ifup eth1
<rock3> it says interface eth1 already configured.
<ivoks> ok
<ivoks> then /etc/init.d/networking restart
<ivoks> so, eth0 is up
<rock3> yep.  Seems to be working now.  Thanks!!!!
<ivoks> great
<rock3> Now I have to do that for my other server.  brb.
<ivoks> :)
<rock3> okay other server is fixed.
<rock3> Now back to my postfix issue.
<rock3> What do I do once postfix is installed?
<ivoks> send emails
<rock3> I don't have to configure it?
<ivoks> it asked you couple of questions during install
<ivoks> if you answered correctly, there isn't much else to configure
<rock3> nothing. it auto ran on it's own.
<rock3> Should I reinstall?
<ivoks> sudo apt-get install postfix
<ivoks> didn't ask you a single question?
<ivoks> it had to.
<rock3> Nothing.  It does say it is already installed.
<rock3> Should I uninstall and reinstall?
<ivoks> no blue screen with selection?
<rock3> nothing.
<ivoks> you aren't using ubuntu, right?
<rock3> I am using ubuntu 9 server
<rock3> Latest build
<ivoks> there is only 9.04
<ivoks> there is no such thing as latest build
<rock3> That's what is installed.
<rock3> Downloaded it last week from ubuntu.
<ivoks> ok, reinstall postfix
<ivoks> and look at the screen
<rock3> How do I uninstall?
<ivoks> apt-get purge postfix
<jmarsden> ivoks: There is Karmic Alpha2 ... is that "latest build??"
<ivoks> jmarsden: :p
<rock3> installing now.  Now I get a blue screen.  Didn't before.
<ivoks> you had to
<ivoks> maybe you forgot :)
<rock3> No, I really didn't get this screen.
<rock3> Which do I use?  Internet site, internet with smarthost, etc???
<ivoks> depends on what kind of mail server you are setting up
<rock3> I want to use my mail server at 1and1.
<ivoks> will it be a real mail server
<ivoks> 1and1?
<rock3> No just for sending out email from my joomla site.  1and1 is a hosting service. I have the domain reg there and basic email.
<diffra> rock3: then you want smarthost
<rock3> Do I use my FQDN or the hosting company
<ivoks> for what?
<rock3> I am on  the "mail name" page.
<ivoks> put fqdn of your machine
<ivoks> of that server
<rock3> relay host is smtp.1and1.com right?
<ivoks> well, you should know that
<ivoks> interesting
<ivoks> dig -t mx 1and1.com
<ivoks> MX records are in germany :)
<rock3> I know what their smtp is.  Do I use that as the relay?
<ivoks> yes
<rock3> I give up.  That doesn't work.
<diffra> anything can work :)  anything in /var/log/mail.log?
<ivoks> what doesn'y?
<ivoks> did you install php5-mail?
<rock3> it says dns lookup failed for sender domain (in reply to mail from command)
<ivoks> oh... php-mail
<diffra> so, 1and1 is rejecting the mail.
<rock3> Correct.
<ivoks> so, what's the fqdn you put?
<rock3> Joomla uses php mail
<diffra> the domain that you're sending from exists?
<rock3> projectforefront.net
<diffra> and that's what you put in the 'mail name' field earlier?
<rock3> I see diffra.com connecting
<ivoks> haha
<diffra> :) I was hoping to see your mail name in the banner
<rock3> Anything?
<ivoks> 220 ubuntuserver2.projectforefront.net ESMTP Postfix (Ubuntu)
<diffra> http://dpaste.com/55037/
<rock3> That is correct.
<ivoks> ubuntuserver2.projectforefront.net doesn't exist
<diffra> bingo
<rock3> I need to create at the hosting company and forward to the server?
<diffra> php mail() sends as www-data@<postfix mail-name>
<diffra> so, it's sending as www-data@ubuntuserver2.projectforefront.net
<diffra> edit the relevant line in /etc/postfix/main.cf
<pteague> hehe, need to fix that
<ivoks> create cname ubuntuserver2.projectforefront.net for projectforefront.net
<diffra> or, add your server's hostname to DNS
<ivoks> or change fqdn in postfix
<ivoks> redundacy is good :D
<diffra> good is redundancy
<rock3> dump the ubuntuserver2 from main.cf?
<\sh> whatever you do adjust your spf record ;)
<ivoks> rock3: yes, and /etc/mailname
<rock3> One sec
<ivoks> if exists
<pteague> anybody have any ideas on using chroot?  i'm having issues after using debootstrap ...  i can't get the locale setup :(
<rock3> command for restarting postfix?
<diffra> /etc/init.d/postfix reload
<diffra> that string is embedded into muscle memory for me...
<rock3> I am learning.  Thanks for all the help and not treating me like an idiot.
<\sh>  /etc/init.d/postfix restart , for really restarting... or /etc/init.d/postfix reload when you adjusted your configuration
<diffra> that and apti<backbackbackback>sudo
<ivoks> postconf reload
<pteague> restart also works for most things in /etc/init.d/ but sometimes it doesn't seem clean... i tend to stop & start
<rock3> postfix restarted.  Can you check now?
<diffra> pteague: i thought restart just called stop and start for most things?
<diffra> 220 ubuntuserver2.projectforefront.net ESMTP Postfix (Ubuntu)
<diffra> :(
<pteague> if you're having issues you can call stop & then do a `ps aux | grep servicename` to make sure it's not still running
<rock3> try now
<diffra> for the record, postfix' init script restart just calls stop and start
<diffra> same, rock3
<rock3> I did a restart the first time and reload the second.
<diffra> although the banner might be use /etc/hostname -- try sending a message now
<ivoks> did you fix /etc/mailname?
<rock3> Yeah, I will double check.  Hold one.
<ivoks> ok, let's try again:
<ivoks> postconf myorigin
<ivoks> postconf myhostname
<diffra> (myorigin is really the one we care about for getting your mail accepted)
<ivoks> rock3: ?
<rock3> Sorry.  Was logged in at hosting company.  Set smtp record to smtp.projectforefront.net.  Pointed record to ip address.
<rock3> Check now.
<rock3> still showing wrong host name.
<ivoks> what's the output of:
<ivoks> postconf myorigin
<ivoks> your problem is sending, not receiving emails
<rock3> myorigin in going to /etc/mailname
<ivoks> what's in /etc/mailname?
<rock3> I have edited the mailname to smtp.projectforefront.net
<pteague> http://pastebin.com/m3ab62578 :(
<ivoks> ok
<ivoks> pteague: /usr/share/locales/install-language-pack en_US.UTF-8
<pteague> yeah, already did that
<ivoks> rock3: how about 'postconf myhostname'?
<rock3> still showing ubuntuserver2
<ivoks> yes, but that's not relevant
<ivoks> try sending your mail now
<pteague> ivoks: http://pastebin.com/m43fecfd7
<ivoks> pteague: dpkg-reconfigure locales
<pteague> i get about the same thing - http://pastebin.com/m5da3769f
<pteague> keeps complaining about that --magic= switch
<rock3> I need to change smtp setting for postfix.  Still trying to use smtp.1and1.com
<rock3> Where do I change?
<ivoks> rock3: do you understand the term 'relayhost' or 'smarthost'?
<rock3> Yes.  Won't work in this case without smtpauth.  1and1 rules not mine
<ivoks> ok
<rock3> Can that be done?
<ivoks> of course
<rock3> Tell me how?
<pteague> already looked through the list of local* packages via `aptitude search local | egrep -v 'thunderbird|sunbird|lightning|enigmail|exim4'` & either i'm missing something or it's not a locale or localization package that i need :(
<ivoks> pteague: iso-codes is installed?
<ivoks> rock3: create file /etc/postfix/sasl_passwd
<ivoks> in it:
<ivoks> smtp.1and1.com username:password
<ivoks> chmod 600 /etc/posftix/sasl_password
<pteague> yes, iso-codes is installed...  gettext is not, but gettext-base is
<ivoks> postmap /etc/postfix/sasl_password
<ivoks> err..
<ivoks> postmap hash:/etc/postfix/sasl_password
<ivoks> rock3: are you following?
<rock3> I have created the file and uploaded to server.
<ivoks> you can't edit files on server? :)
<rock3> Yes but can't create one.  Have to create on local machine then upload then edit.
<ivoks> sure you can create it
<pteague> hmm... not sure if this is a problem or not, but i tried reinstalling iso-codes & got a could not write to log error about /dev/pts not mounted - http://pastebin.com/d44bccab7
<ivoks> pteague: mount | grep devpts
<rock3> Using tunnelier.  Can create folder not files on remote.
<ivoks> you can't ssh to your server?
<rock3> I am ssh to server.
<ivoks> then
<ivoks> nano /etc/postfix/sasl_passwd
<pteague> mount only shows 2 things... /proc & sysfs on /sys
<rock3> I ran the postmap command now have sasl_password and .db
<ivoks> instead of setting up a server, you should probably be better going trough basics
<ivoks> ok
<ivoks> at the end of /etc/postfix/main.cf add:
<ivoks> smtp_sasl_auth_enable = yes
<ivoks> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
<ivoks> smtp_sasl_security_options =
<ivoks> save and reload postfix
<ivoks> oh, and add:
<ivoks> smtp_use_tls = yes
<ivoks> just in case...
<ivoks> pteague: which ubuntu version is that?
<pteague> created via `sudo debootstrap intrepid /mnt/ubuntu.fs/` ... i'm following http://developer.amazonwebservices.com/connect/message.jspa?messageID=42535
<pteague> ah, i think i might have found a solution to the /dev problem - http://cutecomputer.wordpress.com/2007/01/07/howto-dev-file-system-in-chroot-ed-environment/ ... but not sure if that will solve the locale issue... i can hope
<ivoks> it won't
<rock3> I am getting error that sasl_passwd.db: no such file or directory
<ivoks> pteague: locale-gen en_US.UTF-8
<ivoks> rock3: did you run postmap?
<ivoks> pteague: you have to restart postfix
<ivoks> bah
<ivoks> rock3: restart postfix
<ivoks> postfix is jailed, so it needs to copy that file to it's jail
<ivoks> pteague: sudo apt-get --reinstall install locales ; sudo locale-gen en_US.UTF-8
<ivoks> pteague: that should work
<rock3> I found the issue.  misspelled password.  You have as passwd.
<rock3> email just went out.  Works!!!!!!!
<ivoks> 10PM
<ivoks> good night
<pteague> ty ivoks, nn
<rock3> Thanks ivoks!!!! I owe several for the help.
<pteague> yay! that worked!
<Jeeves_> !fqdn sitesupport
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<FFForever> how can i see how much traffic has been passed through my server?
<daxroc> Is it possible to have kvm create vm on an lv partition
<PhotoJim> drurew: is the crazed feeling disappearing? :)
<ghostlines> testing
<PhotoJim> aye.
<billybigrigger> FFForever::: what kind of traffic?
<FFForever> All traffic
<dthacker> FFForever: email traffic?  network traffic?
<FFForever> network traffic
<uvirtbot> New bug: #386830 in php5 (main) "Reserved words are case-insensitive." [Undecided,New] https://launchpad.net/bugs/386830
<drurew>  PhotoJim: well now with web min the only thing (still on the quick list) is setting up domain (id like to make my own so as to be able to "give" myself domain names) still researching it. My vps host thinks they can charge an arm and a leg for the whole net setup, i wont give them a penny more then they asked for  :D
<drurew> maybe ill just start the dns and see how it runs
<drurew> !binddns
<ubottu> Sorry, I don't know anything about binddns
<drurew> !"bind
<ubottu> Sorry, I don't know anything about bind
<drurew> !bind
<drurew> !bind9
<ubottu> Sorry, I don't know anything about bind9
<drurew> !dns
<ubottu> DNS is an acronym for Domain Name System, and is an internet system used to translate names into IP Address.
<drurew> !Domain Name Server
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<drurew> !domain+name+server
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<drurew> !domain
<ubottu> Sorry, I don't know anything about domain
<foxbuntu> drurew, what are you looking for?
<drurew> UUUUUUUUUUBOOOOOOOOOTUUUUUUUUUU!!!!!!
<drurew> i need to set up a dns server, been finding crap. my current setup (followed the buntu geeks site) sent dns packing. starting bind returns with "unknown error"
<dthacker> drurew: https://help.ubuntu.com/community/BIND9ServerHowto
<drurew> thanks guys
#ubuntu-server 2009-06-14
<AnRkey> how can i check if a partition is a primary partition?
<AnRkey> the partition is ext3 it's my /dev/sdb3
<foxbuntu> AnRkey, what do you mean primary partition? your boot partition?
<AnRkey> no it's a second partition here
<AnRkey> i am trying to expand an ext3 partition
<AnRkey> i'm about to commit the changes and I see they say in the howto that I should delete and then recreate the partition all without a journal
<AnRkey> http://www.howtoforge.com/linux_resizing_ext3_partitions_p2
<AnRkey> check that out and let me know if I'm being a tard for trying this
<drurew> no comment
<AnRkey> drurew, wtf :) u cant say that.... common man, help me out, am i doing something wrong?
<AnRkey> or stupid?
<AnRkey> u make me worry
<drurew> AnRkey: srry bro, didnt mean it that way.
<AnRkey> :P
<drurew> well lets say if you can afford to loose your system (you will have to fix your grub) then you should give it a shot
<AnRkey> this is just a data partition
<AnRkey> i have a full backup
<foxbuntu> AnRkey, resizing the / is usually not reccommended
<AnRkey> it's just going to suck like a black hole through a straw if I have to restore 2night
<AnRkey> it's not / it's /media/Data
<AnRkey> /dev/sdb3
<drurew> -b
<foxbuntu> AnRkey, you __should__ be able to resize it with gparted from an ubuntu desktop live disk
<AnRkey> it fails to create a queued task in gparted
<drurew> that is probably a better idea
<AnRkey> gparted seems to fek out when i try to go 2 large
<foxbuntu> AnRkey, how large?
<AnRkey> anything larger than 1.01 tb
<drurew> :D
<drurew> yeah pata?
<AnRkey> sata
<AnRkey> 4 x 500gb in raid 5
<AnRkey> 3ware 9500card with bbu
<foxbuntu> hrm
<AnRkey> so is that howto a bad way to try this?
<foxbuntu> AnRkey, well...
<AnRkey> i tried gparted from an 8.04.2 desktop disc
<AnRkey> i was going to maybe try 9.04
<drurew> try the gparted live cd
<foxbuntu> AnRkey, have you tried it on 8.10, 9.04, or 9.10 A2
<drurew> its always good to have
<foxbuntu> ?
<foxbuntu> or that
<AnRkey> drurew, 9.04 version this time?
<drurew> real minimalistic so you dont get distracted
<drurew> is buntu (904) , gparted has their own live cd
 * foxbuntu sighs....seems ff just died
<AnRkey> fek it, going to try the hardcore way
<drurew> tell us how it ends
<foxbuntu> indeed
<drurew> ;)
<foxbuntu> AnRkey, I suggest going offline with the system
<AnRkey> i have unmounted the partition, that enough?
<foxbuntu> that should be ok
<drurew> im telling you man gparted live is super smal and it wont spit out at you man
 * AnRkey is going to need a big blunt after this
<AnRkey> They say this in the howto, "Next we create a new /dev/sda1 partition. It was a primary partition before, so we choose p again, and again it is our partition no. 1:"
<drurew> think before you fdisk before you fdisk your system into the grave
<AnRkey> http://pastebin.ubuntu.com/195314/
<foxbuntu> AnRkey, ah thats normal
 * AnRkey thinks some more and then some more
<AnRkey> i know
<foxbuntu> AnRkey, primary is just the part type
<AnRkey> i am asking if sdb3 is primary like they suggest in the howto
<foxbuntu> AnRkey, unless its part of a whole then yes
<AnRkey> common if this borks things i'm blaming u guys :)
<AnRkey> foxbuntu, more...
<foxbuntu> AnRkey, as in part of a volume group or similar "extended" partitions
<drurew> #ubuntu-server will not account for any liabilities using fdisk could cause to your system
<foxbuntu> +1
<foxbuntu> heh
<AnRkey> ok you guys have a method using parted?
<drurew> not parted
<drurew> gparted
<AnRkey> oosh, ok ok , i get it
<AnRkey> going to try 9.04
<drurew> gparted will still be the same
<drurew> if you have the space, creat a new partition suing your live cd and migrate your information to it , after checking it with a md5sum you should then proceed to remove the old partition , merge or expand the other partitions
<drurew> *using
<drurew> by the way , i dont see a "data" partition in your pastebin
<AnRkey> /dev/sdb3            4256      121573   942356835   83  Linux
<drurew> paste : df /media/sda3
<AnRkey> what about ext2 resize
<AnRkey> gparted still feks out on my when I go past 1.01tb
<AnRkey> *me
<drurew> you can resize any partition using gparted , as gparted has a non destructive "way of doing things"
<drurew> *filesystem
<AnRkey> hmmm
<AnRkey> 8.10 disc is not helping 9.04 is booting now
<drurew> your 8.10 disk maybe shot
<AnRkey> oh it never ends!!!! my ubuntu 9.04 disc is stfd, writing another quick
<AnRkey> 8.04 and 8.10 are both booting ok
<AnRkey> *8.04.2
<drurew> make a usb boot disk
<drurew> its cheaper
<AnRkey> dont have any usb flash sticks here
<AnRkey> i have a verbatim rw in
<AnRkey> i must admit, ubuntu has been soooo easy to migrate to my new hardware
<AnRkey> just plugged the drives in and it simply worked, ok ok i had to set my nic up again
<drurew> yup
<AnRkey> ok 9.04 is booting again
<AnRkey> hold thumbs
<AnRkey> wow 9.04 is a big jump forward, it's sooo much faster off cd
<AnRkey> compared to 8.04 or 8.10
<AnRkey> and it seems it's working
<AnRkey> thanks guys
<drurew> have fun man
<drurew> and tell us how it went
<Alex_21> HI, all,
<Alex_21> I have a damaged server. It has an OS on it and that is all fine and dandy. However I made a mistake when installing Ubuntu and ended up putting /boot in an LVM Volume Group in RAID1 and now it won't boot. I think I need to set a rootdelay, but for that I'd need to install Grub on a Memory Stick. Is there any Idea how to to do this?
<drurew> you should be able to just reinstall grub, at the correct location, point it to your boot kernel and let it boot up (later removing the old useless grub from RAID 1)
<Alex_21> How can I resinstall Grub when the system won't boot
<Alex_21> Please
<drurew> no live systems? make a live "alternate" usb stick use it to rescue your system and install grub at its correct location
<Alex_21> I can't unfortunately.
<drurew> !usb-creator
<ubottu> Sorry, I don't know anything about usb-creator
<Alex_21> Can I manually install Grub using another sstem
<Alex_21> System, ... Sorry
<Alex_21> Being nearly completely blind, I can't use a live system
<drurew> bios?
<Alex_21> What about BIOS?
<AnRkey> back, my dhcp lease expired without the server there to renew it
<Alex_21> I can't physically use Live CDs or anything
<drurew> no usb boot options ?
<drurew> hmm
<Alex_21> I have USB boot options
<Alex_21> That isn't the problem
<Alex_21> Number one. I need /boot on a memory stick and not on my HDs
<Alex_21> Number 2. I only can make a boot key with another system, not with the downed machine
<Alex_21> Can this be done?
<Alex_21> Or not
<drurew> yeah
<drurew> can you pop a live cd into your lappy ?
<Alex_21> No.
<Alex_21> I can't read what is on-screen. I can pop my memory key into my development server though
<Alex_21> It is accessible with CLI via OpenSSH
<Alex_21> Does that help?
<AnRkey> Alex_21, then make a boot usb that way
<Alex_21> How?
<Alex_21> That is the problem
<AnRkey> 1sec, looking for my script
<drurew> usb-cerator should be the command
<Alex_21> and what will this command do?
<Alex_21> I'm confused
<drurew> man usb-creator maybe a start
<AnRkey> i cant find my script soz
<AnRkey> dont think i have it here
<Alex_21> Ok. I really need help here
<AnRkey> Alex_21, okok, 1sec
<Alex_21> I want to be able to have my machine boot
<Alex_21> The files are on raid array md0
<drurew> start with installing usb-creator
<Alex_21> Which in turn is Inside of LVM volume group lvm1
<Alex_21> Does that help
<Alex_21> ?
<AnRkey> found this with google, https://help.ubuntu.com/community/Installation/FromUSBStick
<AnRkey> it also suggests usb-creator
<drurew> usb-creator needs X
<Alex_21> I can't do that, remember
<drurew> that flattens out the chance
<drurew> yeah
<drurew> let me see
<drurew> can you boot a live cd on you dev box
<Alex_21> Ok. How about this. If I reinstall my OS and set the USB drive to contain /Boot. Will that be better
<drurew> no
<Alex_21> Why not?
<Alex_21> Can't /boot be on a USB stick?
<drurew> i seem to rember that not working for me
<AnRkey> Alex_21, what is the problem again... i rejoined a bit late
<AnRkey> Alex_21, it can be anywhere, as long as grub can get to it and it's in working order
<drurew> he installed grub on the wrong raid
<Alex_21> The files are on Which in turn is Inside of LVM volume group lvm1 hich in turn raid array md0
<Alex_21> The files are on LVM volume group lvm1 which in turn is inside of raid1 array md0
<Alex_21> Now it won't boot
<Alex_21> Besides It is currently using Lilo
<Alex_21> Sorry for having rewritten it
<Alex_21> I did it for clarification
<drurew> http://osdir.com/ml/os.solaris.opensolaris.general/2005-11/msg00026.html seems to be a solution
<drurew> yeah now i remember, grub preferably should be in the / partition as it will look for its boot kernel there, if you install grub to an external partition you will have to mount the root partition before actually beingable to point grub to the boot image
<AnRkey> ok going to go play games
<AnRkey> ciao all
<AnRkey> drurew, thanks for all the wisdom :)
<drurew> heh
<drurew> no such thing here
<Alex_21> How does that help?
<texasjack> Anyone have a successfully UTF-8 100% compliant shell?
<Alex_21> Lilo comes up but it can't run at all
<AnRkey> good luck Alex_21
<drurew> well then edit lilo to contain your boot image
<Alex_21> I havethe following setup /boot, /, and swap
<Alex_21> It can't ind the init file
<Alex_21> Find, ... sorry
<Alex_21> The partitions are on LVM volume group lvm1 which in turn is inside of raid1 array md0
<Alex_21> How can I fix this?
<drurew> can you edit /etc/lilo.conf
<Alex_21> Yes
<Alex_21> I think
<Alex_21> I cn boot into the consol in the installer
<Alex_21> Undr recovery mode
<drurew> http://www.control-escape.com/linux/lilo-cfg.html
<drurew> in recovery mode you can install grub
<drurew> *installer recovery mode
<Alex_21> Nope
<Alex_21> Because of the way my partitions are inside LVM
<drurew> hmmm
<drurew> are they encrypted?
<drurew> your lmvs
<Alex_21> Nope
<Alex_21> They are not
<drurew> yeah then it should be fixable
<Alex_21> In addition, the LVM Volume Group is sitting on RAID1 device MD0
<Alex_21> So how do I access them?
<Alex_21> Moun them, I mean
<drurew> ls /dev woudl show you the actual device , youll then need to mkdir  /mount/point then , mount /dev/device /mount/point
<Alex_21> What is the device then?
<Alex_21> Where? /HDa or /HDB or /MD0
<cabrey> this room seems to have people in it
<drurew> thats something only you can know, but it should be something like hda1, sda1, md0
<drurew> hda is your first drive
<drurew> hdb is your second
<Alex_21> I knew that. The problem is that I don't understand LVM and RAID1
<darthanubis> ubuntu dropped all that hdx stuff and went with sdx
<Sarthor> on my ubuntu server, how can i see real time speed graph of ethernet?? possible?
<darthanubis> Alex_21, then do your homework and read up
<Alex_21> MD0 is my Raid1 aray. But then how do I get access to the LVM?
<darthanubis> Sarthor, anything is possible
<darthanubis> many a program in google that will help you with that
<cabrey> darthanubis, hd{x} is IDE hdds, sd{x} is SATA i believe
<darthanubis> I know that
<darthanubis> but what I said still stands
<cabrey> they changed it?
<darthanubis> ...
<Alex_21> I know how I'll fix it
<Alex_21> Du Du Du Du
<darthanubis> http://books.google.com/books?id=zGgZ850Aw5gC&pg=PA74&lpg=PA74&dq=ubuntu+hdx+sdx&source=bl&ots=6I0miyxR-3&sig=p_x9Qaa9gD5tB1gNl9YeY5CZHYQ&hl=en&ei=b1I0St-xMIONtgeJhaH5Dg&sa=X&oi=book_result&ct=result&resnum=6
<Alex_21> Or not
<Sarthor> can we run conky in real mode on 9.04 server?
<darthanubis> what is the fascination with conky I'll never understand.
<darthanubis> I don't think conky is a server based app
<darthanubis> unlike gkrellmd?
<drurew> night guys
<Alex_21> Thanks for our help
<Alex_21> Good night
<robin87> hello, i am using jaunty and i am having trouble getting a port to "open" when i run a game server...the port is forwarded correctly through my router and the port is visible as "closed" from the internet, i need it open so ppl can connect...can someone help?
<jmarsden> robin87: Does   sudo netstat -ntlp   # show you the listening game server on your Ubuntu server machine?  What port number are we talking about?
<robin87> jmarsden, no, the server doesn't appear to be listening, the port is 27960
<jmarsden> Then that is why the port appears closed... run the game server and it will (if you really configured the router correctly) appear open.
<jmarsden> Noone can connect to a game server that is not running.
<robin87> jmarsden, the server is running, i can connect to it through LAN but it is not visible to the internet...also, i know the port is forwarded correctly because when the machine is off the port appears stealthed from the internet, when the PC is on it shows as "closed"
<jmarsden> I confirm port 27960 on your public IP appears closed.
<jmarsden> If the server is supposed to listen on port 27960, netstat -ntlp would show it as doing so.
<jmarsden> What port(s) *is* your game server listening on?
<robin87> this is really strange, why can i connect from another PC on LAN then?
<jmarsden> What port are you connecting to on the LAN?
<robin87> the same port... 27960
<jmarsden> Is this TCP or UDP ?  Maybe 6you redirected TCP port 27960 and the game uses UDP 27960 ?
<robin87> i forwarded both protocols on the same port, the lan server appears to connect via UDP though
<jmarsden> Does   sudo netstat -nulp    # show you the listener on your server?
<robin87> yes, listening on UDP
<jmarsden> OK.  You have a working server... nmap -PN -sU -p 27960 YOUR.IP.ADDR.HERE   # show an open port.
<jmarsden> Why did you say it was showing as closed?
<robin87> it has been, for the past two days
<robin87> let me check myself
<robin87> it is still showing closed from grc shields up
<jmarsden> Command I posted above returns:   27960/udp open  quake3
<jmarsden> Why would you trust GRC to be scanning UDP rather than TCP?
<jmarsden> Do you own scans with nmap from a remote host.
<robin87> both protocols should be reachable though, surely
<jmarsden> No, nothing is listening on TCP port 27960 on your host!
<jmarsden> So TCP port 27960 is closed.
<robin87> others have complained that they cannot connect to my server via the internet
<robin87> i'm going to see if that has changed
<jmarsden> OK.  Have them run the nmap command I posted earlier and tell you what it outpus.
<jmarsden> *outputs
<robin87> ok is nmap a windows command also?
<jmarsden> It is if you install the Windows version of it :)
<jmarsden> See http://nmap.org/
<robin87> jmarsden, ok, the server now appears visible and ppl can connect...i think it must have been firestarter/iptables not configured properly...thanks for your help :0
<jmarsden> No problem :)
<qman__> Hi, I was wondering if anyone could help me with NTP. I have NTP installed on my gateway, to provide time for my LAN, however, it's stuck at stratum 16, despite getting time from several stratum 2 and 3 sources. Here's my ntp.conf and output from ntpq: http://pastebin.com/m25447da4
<jmarsden> qman__: What makes you think your server is "stuck at stratum 16"?  And why are you broadcasting time to 3 LAN subnets?
<uvirtbot> New bug: #386867 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/386867
<qman__> jmarsden,  none of the clients will accept time from it
<jmarsden> What NTP client(s) are involved and what error messages are you seeing from them?
<qman__> jmarsden, I have ubuntu clients using the default ntp client, and the error is "no server suitable for synchronization found"
<jmarsden> Any firewall or packet filtering between NTP server and NTP client machines?  And why are you broadcasting the time instead of having the clients query for it?
<qman__> the server has a firewall up, but it's allowing all UDP port 123 traffic on the interfaces
<qman__> as for the broadcast, I was under the impression that that was how it's done
<qman__> I can pastebin the firewall
<jmarsden> Is it logging blocked traffic?  Can you check?  That message has nothing to do with stratum 16, and everything do do witgh "I can't see the server".  and no, you don't want or need to use NTP broadcasts at all.
<qman__> ok, it's not logging traffic now, but I can set it
<jmarsden> Might be worth it just to make sure.
<qman__> strange
<qman__> oh, I screwed up the rule
<qman__> it is a firewall problem, now to just trace it down
<qman__> thanks
<jmarsden> Ah, OK.  If that doesn't get it, pastebin the output of    ntpdate -dsv  ip.of.your.server  run on a client machine.
<jmarsden> No problem.
<uvirtbot> New bug: #346515 in samba4 (universe) "smbstatus crashed with ImportError in <module>()" [Undecided,Confirmed] https://launchpad.net/bugs/346515
<dieMasjien> Nafallo: morning all, we're busy finalising our ubuntu server installation but before we continue, does ubuntu also have a group restriction application like Windows Server edition where you can edit group user rights ect?
<dieMasjien> wait
<dieMasjien> that was addressed to everyone
<dieMasjien> morning all, we're busy finalising our ubuntu server installation but before we continue, does ubuntu also have a group restriction application like Windows Server edition where you can edit group user rights ect?
<nzerox> hey guys
<nzerox> i need some help with getting mailman to run as a virtual host
<AnRkey> is there any reason why my ubuntu 8.04.2 server would see a partition as it's old size before I resized it via ubuntu 9.04's gparted?
<drurew> :D
<drurew> how did it work out amn
<nzerox> hey, what causes this:
<nzerox> amavis[3940]: (03940-01) (!!)ask_av (ClamAV-clamd) FAILED - unexpected result: /var/lib/amavis/tmp/amavis-20090614T113213-03940/parts: lstat() failed. ERROR\n
<drurew> by the way , google uses linux just as much as we do, the yahoo servers run apache2, msn ....well we know ms
<drurew> http://www.linuxmail.org/scripts/common/index.main?signin=1&lang=us
<drurew> crap
<drurew> wrong room
<AnRkey> drurew, u there?
<drurew> mhm
<AnRkey> that expansion of the ext3 filesystem worked fine
<AnRkey> on 9.04 live cd i can browse it with 500gb free, on the 8.04.2 server it still see's the partition as a 960gb
<AnRkey> wtf?
 * AnRkey walks over to drurew and taps him on the shoulder, Ughem
<drurew> on the phone
<drurew> on sec
<drurew> sorry, vps went down
<drurew> whats up Anrkey
<drurew> can you look at the partition using gparted
<drurew> does someone have their own dns server ? if so would it be possible to send me your configuation files to drurew@mailinator.com
<drurew> AnRkey: whats gparted telling you ?
<drurew> AnRkey: if 500 gb of 960 are free that sounds right
<aurigus> drurew: what dns server software?
<drurew> bind9
<aurigus> oh i use powerdns, so can't help :)
<drurew> thats also an option
<drurew> that would be helpfull
<drurew> !info powerdns
<ubottu> Package powerdns does not exist in jaunty
<drurew> !powerdns
<ubottu> Sorry, I don't know anything about powerdns
<daxroc> Afternoon all
<drurew> hi
<daxroc> With kvm setup on jaunty should the bridge interface be created by libvirt  or should it be disabled there and created manually via /etc/network/interfaces ?
<pmatulis> daxroc: how are you creating your vm?
<daxroc> pmatulis: vmbuilder
<daxroc> The docs say use the interfaces but libvirt creates its own nated bridge so ?
<pmatulis> does you host have a bridge set up?
<pmatulis> *your
<daxroc> pmatulis: yes it has two one br0 from networking/interfaces ( bridged to eth0 ) and one which libvirt creates virbr0
<pmatulis> forget about virbr0, that's for an internal private network
<pmatulis> you want to access your vm as if it was a real host on your network right?
<daxroc> pmatulis: yeah
<pmatulis> so forget about virbr0
<pmatulis> you should be good to go
<daxroc> pmatulis: I can't start the vm if virbr0 is not started
<pmatulis> pastebin your invokation of vmbuilder i guess
<daxroc> http://pastebin.ca/1459961
<daxroc> pmatulis: that's the default.cfg , sudo vmbuilder kvm ubuntu -c .vmconf/default.cfg --hostname=mine
<pmatulis> interesting, never used a config file for vmbuilder
<pmatulis> i just use one long-ass command
<daxroc> yeah , nicer to have diffrent configs for mail , web , files  servers
<pmatulis> sure
<daxroc> do you need to tell virsh to use br0 or should it know from the guests networking xml config ?
<daxroc> because I can't start a vm unless the default network is up ( virbr0 )
<pmatulis> the xml defines the guest, so i don't know why you have a problem
<pmatulis> maybe pastebin that file
<pmatulis> btw, what do you achieve with firstboot.sh?  what do you have in there?
<daxroc> pmatulis: it's just installs ssh so it creates a unique key
<daxroc> http://pastebin.ca/1459969
<drurew> i need a dns servers configuration file, could someone paste bin or send yours to drurew@mailinator.com please?
<drurew> dns application is irrelevant at the moment
<drurew> all confs are welcome
<pmatulis> daxroc: why not just addpkg openssh-server?
<drurew> im gonna go with powerdns
<daxroc> pmatulis: I think if you were to clone a number of vms off one with addpkg that it would be easier to compromise them they would all have the same key
<daxroc> where as the fist boot will install the openssh-server on first boot creating a unique key
<pmatulis> daxroc: hmm
<daxroc> you can also set it to reconfigure mysql so you don't forget to set root password
<pmatulis> as for your bridge problem
<pmatulis> daxroc: change '<source network='br0'/>' to '<source bridge='br0'/>'
<daxroc> ah
<pmatulis> but with jaunty this should have been done
<pmatulis> so i'm not sure what happened there
<daxroc> I manually edited it
<pmatulis> should not have to my knowledge
<pmatulis> did you have bridging set up on your host when you created the vm?
<daxroc> pmatulis:  for some not all
<pmatulis> there you go
<daxroc> pmatulis: so it should be assigned an ip from the lan dhcp now ?
<daxroc> or the one I specified during creation
<pmatulis> daxroc: yes, if that's how you configured your vm interfaces file
<pmatulis> i believe dhcp is the default
<pmatulis> ah, ok, you specified an ip
<pmatulis> so that should work then
<daxroc> pmatulis: do I need to update virsh with the new guest config ?
<pmatulis> daxroc: yes
<daxroc> pmatulis: What's the best approach for using an lv partition for the guests
<beawesomeinstead> is there any reason for running console on ttyS0 not tty1 ?
<daxroc> ttyS0 is serial
<pmatulis> daxroc: is your vm all good now?
<daxroc> pmatulis: that was the prob thanks really appreciate the help
<pmatulis> good stuff
<pmatulis> re lvm, why do you think it should be different for a vm?
<daxroc> well your writing an image to an lvm on the host then using lvm on the guest and growing accordingly no ?
<pmatulis> ah, lvm over lvm
<daxroc> yeah
<beawesomeinstead> daxroc: so, if ttyS0 is serial, won't it conflict with existing serial port? what is the purpose of this? is this change required for KVM(over-IP)?
<pmatulis> not sure then
<daxroc> beawesomeinstead: no idea sorry , /dev/ttyS0 is an actual physical serial port and /dev/tty1 is a console I think
<beawesomeinstead> thanks anyways! i'll try then, hope won't screw things up
<daxroc> pmatulis: not sure if it would effect performance even ? unnecessary complication tho
<Jomyoot> Would Debian or Ubuntu-server be more stable for production?
<drurew> ubuntu
<drurew> debian seems to be a bit furthur back
<drurew> i installed it for a vps i was setting up , but then found that actually manageing with apt was less sucsessful then under ubuntu, altho both debian and ubuntu are essentially deb systems, ubuntu has alot more to offer in its repositories then debian
<drurew> is away
<JanC> this might be a good thing for the server-team to address: http://it.toolbox.com/blogs/database-soup/postgresql-development-priorities-31886#2783966
<FFForever> when will servers get 2.6.30?
<billybigrigger> can anyone here suggest the best way about running a virtual headless server?
<billybigrigger> i have this old p1 166mhz box with 98mb ram, and using it for www/mysql/mail just isn't cutting it, the box needs to be recycled, and was wondering if i could just run a headless virtual server on my desktop, which has plenty of cpu cycles/ram
<billybigrigger> any suggestions?
<drurew> !administration
<ubottu> Sorry, I don't know anything about administration
<drurew> !cupsys
<ubottu> Printing in Ubuntu is done with cups. See https://help.ubuntu.com/community/Printers - https://wiki.ubuntu.com/HardwareSupportComponentsPrinters - http://linuxprinting.org - Printer sharing: https://wiki.ubuntu.com/NetworkPrintingFromWindows
<FFForever> !dtrace
<ubottu> Sorry, I don't know anything about dtrace
<billybigrigger> anyone around?
<billybigrigger> how come i have 4 different mail ports open? pop3, pop3s, imap, and imaps? 110, 143, 993, and 995
<billybigrigger> in my dovecot.conf i only enabled the imaps protocol
<billybigrigger> protocols = imaps
<billybigrigger> jebus
<billybigrigger> who deals with the Ubuntu Server Guide documentation?
<billybigrigger> someone in there should make a note that editing dovecot.conf does nothing, but the user should edit dovecot-postfix.conf
<billybigrigger> someone needs to update the server docs
<billybigrigger> there's some missing steps to get some services working
<billybigrigger> like the dovecot-postfix.conf problem i talked about earlier
<billybigrigger> also having to add AddHandler application/x-httpd-php php
<billybigrigger>  to apache2.conf
<billybigrigger> to get apache/php5 working properly together
<daxroc> Evening
<daxroc> pmatulis: ping
<daxroc> billybigrigger: that's a trivial problem with configuring apache and it's well documented outside ubuntu , if not read the apache manual?
<billybigrigger> oh come on thats a crap answer :P how hard is it to add that into the server guide?
<billybigrigger> if its documented outside of ubuntu, how come its not document inside? and on the server guide?
<daxroc> billybigrigger: if you feel you can do better join the doc team and submit an update , don't tell others to do it !
<daxroc> billybigrigger: apache has more configuration options than you might think far more that can be documented in a single guide nor would you want them to be
<daxroc> any one know what would cause a kvm vm and libvirtd to use 100%cpu , after starting a vm
<daxroc> * I used the --raw  with an lv partition
<stickystyle> billybigrigger: Acutally, you should not have had to add the handler to apache2.conf, there is very little you need to do that file.  IIRC, there is a conf file in apache2/mods-available and you do $sudo a2enmod php5
<stickystyle> There should be a php5.conf and php5.load file in that dir, those have the handler in them.
<stickystyle> and using the a2enmod command symlinks them to the apache2/mods-enabled dir.
<stickystyle> and it does say to do that in the server guide https://help.ubuntu.com/8.04/serverguide/C/php5.html
<stickystyle> (under Configuration)
<billybigrigger> good eyes, i missed that one :P
<stickystyle> as a general rule, editing the conf file of apache (and many other packages) is the non-debian/ubuntu way of doing things.  They normaly use a conf.d/ style dir that has many small snippets of configuration.
<stickystyle> that way you can very easily pull things out, and put things in without going through many hundred lines of conf files.
<pmatulis> daxroc: yes daxroc
<billybigrigger> im having some sort of problems with my /etc/aliases
<billybigrigger> im trying to setup postmaster, webmaster, and admin aliases so any incoming mail is directed to root, and then have root direct to my user, is this the correct way about doing things? or is it better to just alias webmaster, postermaster, and admin to my username?
<stickystyle> billybigrigger: as you described it, that should work.  Did you run $sudo postaliais /etc/aliases after you made the changes?
<billybigrigger> negative
<billybigrigger> tail -f /var/log/mail.log shows its trying to redirect
<billybigrigger> The following message to <webmaster@thefrozencanuck.ca> was undeliverable.
<billybigrigger> The reason for the problem:
<billybigrigger> 5.1.0 - Unknown address error 550-'5.1.1 <webmaster@thefrozencanuck.ca>: Recipient address rejected: User unknown in local recipient table'
<billybigrigger> thats from my isps webmail, trying to send a message to webmaster
<billybigrigger> i ran postalias
<billybigrigger> http://pastebin.com/f5ca68439
<billybigrigger> theres my aliases
<PhotoJim> billybigrigger: run "newaliases"
<billybigrigger> ahh thanks :P
<billybigrigger> working great now
<PhotoJim> np :)
<daxroc> pmatulis: running into similar problems with all vm s now they are not using the static ip or dhcp when none is specified
<pmatulis> daxroc: inspect their xml files like before
<daxroc> I thought it might be an issue like that but they seem fine , I even tried removing the mac addresses as there is some issues with muticast ( need to start with 00: ??)
<daxroc> pmatulis: http://pastebin.ca/1460420
<uvirtbot> New bug: #387091 in openssh (main) "openssh-server should broadcast availability via avahi" [Undecided,New] https://launchpad.net/bugs/387091
<pmatulis> daxroc: and you redefined the domains?
<daxroc> pmatulis: I edited via virsh so it should redefine automatically no ?
<pmatulis> daxroc: not familiar with editing "within virsh".  what did you do exactly?
<daxroc> edit vmname ( enters vi ) changed the nw definitions and wrote changes and saved
<daxroc> *and exited back to virsh
<daxroc> ( need sleep )
<pmatulis> is that a new feature?  i never heard of the edit command
<daxroc> pmatulis: Not sure if it is
<pmatulis> anyway, if the xml file looks good there is no harm in redefining
<pmatulis> $ virsh define file.xml
<daxroc> pmatulis: I think it even checks the syntax before it redefines
<daxroc> no joy
<daxroc> can you get access to the vm from the local host , I just need to define a ttyconsole ?
#ubuntu-server 2010-06-14
<chewbranca> if I hadn't added the ssh key from my client box into authorized_keys of the server before I 'installed' an image in the UEC store, will I need to reinstall that image?
<chewbranca> I can't ssh into a newly spawned instance, getting a permission denied (publickey) ssh error
<chewbranca> how can I delete an image from the UEC store?
<cybrocop_> chewbranca:   euca-delete-bundle --clear -b <BUCKET> -p <PREFIX>
<cybrocop_> chewbranca: you have to deregister it first.
<cybrocop_> euca-deregister  emi-XXXXXX
<chewbranca> yeah I deregistered it and then tried to delete the folder in eucalyptus/bukkits/
<cybrocop_> Not good. You should never have to manually touch the folders.
<chewbranca> yeah I figured it wasn't the best approach, just trying to delete the damn thing
<cybrocop_> chewbranca: It will remember the folder name in the DB, so it may not let you create another bundle with the same bucket name, but otherwise, UEC should still be usable.
<chewbranca> well I'm just trying to get an ubuntu 9.10 image running, couldn't ssh in because I hadn't added my key properly before I installed the image
<chewbranca> ok I'm sorry, I don't even know what a bucket is, would it be something like image-store-1273975937
<cybrocop_> chewbranca: Yes
<chewbranca> and prefix is?
<chewbranca> if I do: sudo euca-delete-bundle -b image-store-1273975937 it says unable to get bucket ... which quite possibly is because I deleted it manually
<chewbranca> well... trying to install a different image now because I have no clue how to delete the image now
<cybrocop_> chewbranca: I agree it is annoying to see this error, even if it has been manually deleted (against their instructions)... So the only side-effect will be (AFAIK) that you will never be able to use the same bucket name (image-store-XXXXXXXX) which shouldn't be a big problem.
<chewbranca> cybrocop, well its a bit of a problem because that bucket was the ubuntu 9.10 image and now I can't use that
<chewbranca> luckily 10.04 was recently added, but if it wasn't, the only way I would know to fix it is completely reinstall the entire thing
<cybrocop_> chewbranka: I think the number in the bucket-name is randomly generated. So you should be able to get a different bucket name next time.
<cybrocop_> chewbranca: i'm just going off of my memory and may be wrong about this.
<chewbranca> I just tried to delete the 10.04 image I installed by doing the euca-delete-bundle, and it deleted, except the web interface still recognizes it as installed
<chewbranca> despite it not showing up in euca-describe-images
<chewbranca> I'm just trying to get the ssh keys setup, was able to start up new vms, but I can't ssh into them, the original images were created without my client public key in the /var/lib/eucalyptus/.ssh/authorized_keys
<chewbranca> ok this is just annoying, still can't actually login to a vm, just getting ssh permission denied
<cybrocop_> Which user are you trying to log in to? I remember those "store" images had a built-in user called "ubuntu"
<cybrocop_> chewbranca: How are you launching your instance?
<chewbranca> with hyrbid fox
<cybrocop_> chewbranca: Do you specify the key at launch time?
<chewbranca> yeah I did, I tried adding another key and using that as well, but no go
<Futureproof> hi
<unewbie> morning
<Futureproof> I'm running a server at home with some virtual machines
<Futureproof> trying to set up a large network simulation
<Futureproof> but I was thinking, what kind of linux administration scenarios are actually of use
<chewbranca> cybrocop, well, I started over from the beginning and made sure to follow every direction exactly, and now it works :D
<chrismsnz> hey guys, is there a lucid PPA that offers the latest version of MySQL?
<panfist> is it possible to use synaptic as a gui front end from a host with a graphic environment to an ubuntu server
<sh1ny> panfist, you can use aptitude on the server
<panfist> ok
<panfist> synaptic has a feature, file > generate download scripts
<panfist> is there a corresponding function in aptitude?
<sh1ny> nope, i don't think so
<scar> panfist, if you turn on X11 forwarding when you ssh to your server, you can run 'sudo synaptic' and it'll show up on your desktop
<sh1ny> scar, that assumes he has a desktop env installed on the server
<sh1ny> :)
<sh1ny> in which case he can simply vnc to it
<panfist> i was wondering if it was possible to skip that part
<sh1ny> kirkland, are you around ?
<panfist> when does it make sense to do this: tar -cC /foo . | tar -vxC /newfoo
<MTecknology> what's wrong with aptitude?
<MTecknology> panfist: run aptitude w/o parameters and you get a pretty ui
<sh1ny> yea, even a minesweeper !
<scar> MTecknology, he needs the 'generate download script' functionality
<MTecknology> oh
<panfist> MTechnology: 00:53 < panfist> synaptic has a feature, file > generate download scripts
<MTecknology> panfist: that much wasn't needed ;)
<panfist> Mtecknology rather
<MTecknology> I thought aptitude could do that too
<panfist> sorry i'm slow. i'm ssh'd into this irssi session with some lag
<panfist> if it can i would like to know
<panfist> currently i have a couple of scripts which help me push the /var/cache/apt/archives/*.deb from one host to another and create a local repository
<MTecknology> I guess not..
<panfist> that's the best solution i have found to solve my problem
<MTecknology> I just ssh into each system and run a command across all of them at once
<panfist> getting a synaptic front end to the staging server would be nice because then i could possibly delegate testing new packages to more people
<panfist> what do you do for hosts that are not on the internet
<MTecknology> why would you have a server not connected to your network?
<panfist> a physically isolated subnet
<panfist> with no internet connection
<MTecknology> then they won't be grabbing your script anyway
<panfist> ...
<panfist> the generate download scripts function allows you to make selections in synaptic, and push those to a remote system with one command
<panfist> actually, push those to external media, which you can bring to another host and install with one command
<panfist> without that, i have to execute a few more commands. its not that big of a deal
<unewbie> MTecknology: my guest os is running but not accessible after host restart
<MTecknology> unewbie: start the guest after the restart?
<MTecknology> unewbie: did the ip change?
<unewbie> don't remember
<unewbie> looks like the host lost power this morning
<MTecknology> unewbie: virsh start $HOST
<MTecknology> so s/host/guest/ - w/e you named it
<unewbie> if i do virsh list --all, i can i it's running
<unewbie> i can see it's running
<unewbie> MTecknology: what if i did changed the ip?
<MTecknology> unewbie: that's probably the case.. you need to figure out what the ip is
<MTecknology> unewbie: try ifconfig
<unewbie> you mean, we can't change the host ip?
<MTecknology> unewbie: no, the host should be able to indicate what ip the guest is using
<MTecknology> unewbie: or check dmesg
<MTecknology> unewbie: iirc - your issue was not knowing the guest ip
<unewbie> MTecknology: it's up now after restart. thanks
<MTecknology> unewbie: yay
<unewbie> MTecknology: the guests aren't starting itself. i have to start them manually. can i start the guests as the host restart?
<MTecknology> unewbie: you can... but don't ask me how
<unewbie> :D
<MTecknology> I only start up certain machines
<MTecknology> I could script it easily enough - but that would be hacky
<MTecknology> for vm in $(virsh list --all | awk '{print $1}'); do virsh start $vm; done
<MTecknology> something like that..
<MTecknology> but ya- don't do that - I know there's a 'correct' way to do it
<ziesemer_> Can anyone point me to any documentation around a user-mode ram disk?
<ziesemer_> I.E., I'm using an app that is making excessive use of /tmp, and it is too slow...
<ruben23> hi does ubuntu-server uses hwdetect coomand..
<MTecknology> ruben23: like lspci and lsusb ?
<ruben23> yes
<MTecknology> so is that the answer you were looking for?
<ruben23> im just wondering how hwdetect functions..
<MTecknology> oh- no idea
<trapmax> need advice. my syslog is filling up with "snmpd[2867]: error on subcontainer 'ia_addr' insert (-1)" -errors.
<_ruben> trapmax: known bug i think
<jo-erlend> I have four disks. On sda and sdb, I make the first raid partition of 300MB, set a bootable flag, add ext4 to it, and set mount point to /boot. I make a raid5 partition on all four disks of 1GB for swap, and one partition on each disk for raid5 as /. When I boot, I get dropped to a busybox. The error is that the disk with a certain UUID doesn't exist.
<jo-erlend> what am I doing wrong?
<jo-erlend> I did the exact same thing in a vm, and I get an error there as well, about a missing disk, but it boots. On the physical server, it does not.
<uvirtbot> New bug: #593552 in mysql-dfsg-5.1 (main) "mysql-server-5.1 deletes tables on start" [Undecided,New] https://launchpad.net/bugs/593552
<_ruben> jo-erlend: never had any issues with similar setups, might be problem specific to newer versions though, havent installed any software raid servers in a while
<soren> jo-erlend: I'm still puzzled why you wouldn't have /dev/disk/by-uuid.
<huats> morning
<soren> o/
<soren> jo-erlend: You do have mdadm in the initramfs, right?
<jo-erlend> soren, I think I've found the problem. When you delete raid devices in the installer, it's not being updated until a reboot. The first time I run the installer, I setup a raid5 because I didn't know grub2 could only boot from raid1. Later, when I run the installer again, I deleted the raid devices and setup new ones. However, the installer created partitions on a raid5 instead of new md devices.
<jo-erlend> it never occurred to me that I had to reboot after deleting the md devices in the installer. I think that's a bug.
<jo-erlend> I'll see if I can reproduce it in a vm. It may be that I did something wrong.
<soren> ok
<binBASH> O_o
<Daviey> jdstrand: When you do the libvirt merge, what version will you be doing?
<jo-erlend> soren, I configured the raids manually before I run the installer. I had no problems at all. I think that the installers partitioner is really buggy.
<incidence> Hi, Any usage experiences of replicating filesystems on external hard-drives?
<jo-erlend> I'm running ubuntu server 10.04. I've installed kvm and libvirt-bin. I'm using virt-manager and I'm connecting from a remote host. On the server, I've setup br0 as a bridge with eth0. How do I make new VMs automatically use that bridge? I can't see it at all in virt-manager.
<soren> Please don't double-post.
<Snadder> Anyone know how to configure custom rules for apparmor?
<pmatulis> jo-erlend: the user should be part of the libvirtd group and the guest should be run with a system-level libvirtd instance
<Daviey> kirkland: Are you around?
<ttx> nxvl: ping
<sommer> morning
<kirkland> Daviey: howdy!
<STF> hi guys i restricted the ssh connection to my server to 1 stupid-user without any rights. I can work now without probs on the server. But now it looks like 've got the problem that i cannot use the sftp-server anymore with my standard user?
<cloakable> yes
<STF> have someone of you an idea?
<cloakable> sftp uses ssh
<STF> jo
<cloakable> so you've restricted sftp to that user too
<STF> shit
<STF> is there a way to build a work around?
<STF> especially with another sftp-server like vsftpd?
<STF> or do i have there the same problem?
<cloakable> vsftpd isn't an sftp server
<cloakable> it's an ftp(s) server
<STF> okay
<STF> is there exist any standalone sftp-server?
<cloakable> The most secure option would be to upload your ssh key, and turn off password authentication over ssh.
<cloakable> Then enable ssh for everyone
<STF> the access would be restricted on the machine with the ssh key, right?
<cloakable> to the machine, yes
<STF> hm
<cloakable> It's a little more work, but once it's working, it works great :)
<cloakable> cloakable@transtor:~$ ssh -C root@server
<cloakable> Permission denied (publickey).
<STF> I can imagine :)
<cloakable> What happens if you don't have access to that account
<cloakable> If you do, passwordless access :)
<STF> what do you try to ask me?
<Daviey> kirkland: hey, great to see you.. Do you have a moment to have a look at this euca branch?
<STF> cloakable, i need to set up 3 machines with the key.
<STF> but wait, when i connect to the server the first time i get this key right?
<cloakable> STF: No, the key is stored on the machine, then exported to the server
<STF> okay
<cloakable> STF: Or, you can generate the key once, share between your machines, and do it that way :)
<STF> hm
<cloakable> STF: ssh-keygen as your local account
<cloakable> STF: then enable ssh login on your server, and run 'ssh-copy-id [user@]machine
<cloakable> The user@ is optional if you use the same username on all machines
<cloakable> Once that's done, you'll be able to login without a password
<STF> i using putty on two systems
<cloakable> Ack, putty sucks with keybased auth
<STF> you need to know that i use my server on one point as a RDP-Relay
<cloakable> Don't use putty to generate the keys... use ssh-keygen, and share the private key with your putty machines
<STF> okay
<kirkland> Daviey: sure, let's do it
<STF> let's go to work
<Daviey> kirkland: awesome, pushing to LP - will create a merge proposal with you assigned
<kirkland> Daviey: sweet; is this the merge, or what?
<STF> cloakable, should i use the passphrase?
<Daviey> kirkland: I have two branches.. this brings maverick up to 1.6.2 final with quilt.. so a merge, and quilt
<kirkland> Daviey: sweet
<Daviey> kirkland: the other bumps to -devel
<Daviey> kirkland: but i would like 1.6.2 to bake for a while
<Daviey> kirkland: As it is.. euca doesn't work in current maverick
<Daviey> kirkland: my branch, or what is currently there
<Daviey> *both* work in Lucid :(
<kirkland> Daviey: interesting
<cloakable> STF: If you wish
<kirkland> Daviey: okay, great job
<Daviey> kirkland: That is one word for the current situation, i have some others :)
<kirkland> Daviey: do we have an idea of the source of the problem?  upstart?  kernel?
<Daviey> kirkland: all of the above. :/
<rgreening> Hey, on Lucid, seems the motd has incorrect pointer to doc page: http://www.ubuntu.com/server/doc
<Daviey> kirkland: e1000 NIC doesn't work in current kernel, so that is one box out.  Another seems to have SATA controller issues, so that box is out and the dell laptop.. installs, seems to work - but CLC doesn't report success and http daemon isn't responding.
<kirkland> rgreening: hrm, you're right
<kirkland> rgreening: please file a bug against basefiles, assign to me
<lullideath> really need help regarding NFSv4 with Kerberos...I am following https://help.ubuntu.com/community/NFSv4Howto#NFSv4%20Server%20with%20Kerberos, but i don't quite understand this step when creating the nfs/ principals: kadmin -q "addprinc -randkey nfs/nfs-client.domain" (client could be any ubuntu machines on the network)...appreciate for any help!!
<rgreening> kirkland: will do
<Daviey> kirkland: I think the old ubuntu.com used to work with that.. perhaps get the web devs to fix the redirect?
<cybrocop> Has anyone experienced Bug 579276. I want to know if what I'm seeing now inside Eucalyptus is the same thing.
<uvirtbot> Launchpad bug 579276 in linux "Lost network in KVM VM / virtio_net page allocation failure" [Medium,Triaged] https://launchpad.net/bugs/579276
<kirkland> Daviey: yeah, i think a redirect will be better
<kirkland> rgreening: this will probably be solved with a redirect, but file the bug anyway ;-)
<rgreening> kirkland: true enuf...
<trapmax> just updated to 10.04. now "aptitude install" gives me "dpkg: error processing logcheck (--configure): subprocess installed post-installation script returned error exit status 2" what is the correct action?
<kirkland> Daviey: link to the branches?
<kirkland> Daviey: i don't see anything
<Daviey> lp:~davewalker/eucalyptus/maverick_to_quilt
<Daviey> kirkland: hmm, yes - i should have put it under the ubuntu namespace
<STF> cloakable, which option i need to set  to yes in the sshd_config to use the privatekey? Is it the 'RhostsRSAuthetication'?
<Daviey> kirkland: got it?
<kirkland> Daviey:  a merge proposal?
<kirkland> Daviey: if so, no
<Daviey> kirkland: no.. best i don't do that.. as it's in the euca namespace
<rgreening> kirkland: lp hates me. it seems its broken atm. Will try again in a few.
<Daviey> kirkland: I could re-push it under ubuntu, but if you can have a look there - give comments to me here.. we'll get it uploaded and i'll remove the branch
<_chris__> heja, when im pingin some particular device it  tells me 'min/avg/max/mdev' like usual, but with this device he also adds a ', pipe 2' at the end, what does that mean ?
<reisi> good evening everyone! how to trace aptitude package installation -- logcheck1.3.7 configure fails with message "No such file or directory"; dpkg says error processing logcheck (--configure), subprocess post-inst script returned error exit status 2
<reisi> this is after upgrading from latest 8.04.x server lts to 10.04 server
<reisi> all other packages went well
<jdstrand> Daviey: re libvirt> 0.8.1-2
<STF> okay this thing with private-key drives me crazy
<STF> i have create a private key on my server, transfered it to my windows client, convert it with puttygen to putty-useable file, but now i get at connection the problem: "Server refused our key"
<STF> what should i do????
<amstan> hey guys, for some reason i installed ispconfig a week ago
<amstan> i changed my mind just after
<amstan> but i still have problems with the cleanup
<amstan> i get lots of these lines in /var/log/syslog: Jun 14 09:45:01 lserver2 CRON[13062]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
<amstan> i'm trying to figure out where that is called from, a grep -R in /etc does not give me anything for ispconfig
<pmatulis> STF: you got it backwards.  create a keypair on the client and transfer the public key to the server
<STF> okay
<bc> amstan: it's in /usr/local, so it looks like you manually installed this vs using something like apt.
<amstan> bc: no.. it's actually a php script that installs all this
<bc> amstan: same thing :)
<amstan> the uninstaller script doesn't do a good job
<amstan> it forgets to delete the users, mysql db, cron jobs
<amstan> and so on
<bc> amstan: configuration may be in /usr/local/etc, or /usr/local/ispconfig, but look in the directories called by /etc/crontab and /var/spool/cron/crontabs/
<amstan> bc: those should not be edited by hand
<amstan> anyway.. i figured it out
<amstan> did a grep in both /etc and /var
<amstan> there should be no ispconfig left
<amstan> did anyone else have experience with ispconfig?
<e-DIO-t> hi there anyone: apt-installed vlan, modprobed 8021q, configured iface eth0.10 on /etc/network/interface buuuuut...why eth0.10 still continues beeing recognised as VLAN1 on the switch? [Ubuntu 10.04 Server over vmWare esxi4]
<bc> amstan: I didn't say anything about editing. Either way, glad you got it fixed.
<joschi> hi!
<joschi> can anyone verify that the partner repository for lucid x86_64 (deb http://archive.canonical.com/ubuntu lucid partner) is currently not working, please?
<joschi> I always get a checksum mismatch for Packages.bz2 and Sources.bz2
<pmatulis> joschi: works from here
<joschi> pmatulis: thanks for checking. seems I can only get corrupted files from that server
<joschi> W: Failed to fetch http://archive.canonical.com/ubuntu/dists/lucid/partner/binary-amd64/Packages.bz2  Hash Sum mismatch
<pmatulis> joschi: proxy trouble?
<joschi> pmatulis: could be. I'll have to investigate that *sigh*
<kirkland> smoser: ping
<smoser> here
<kirkland> smoser: can you pop back onto mumble for a minute and bring me up to speed on the 64k console bug?
<uvirtbot> New bug: #594159 in bacula (main) "Bacula failes to backup to tape: I/O error" [Undecided,New] https://launchpad.net/bugs/594159
<hggdh> jiboumans, ttx: my sound -- as usual -- still misbehaves
<jiboumans> hggdh: it's somewhat crucial we can hear you speak
<jiboumans> if that's a problem, we can use skype instead for example
<ttx> or the confcall line
<jiboumans> or that, but i'm not a huge fan of it's call quality either
<hggdh> I can try to hijack my wife's laptop on skype
<jiboumans> hggdh: conf line it is then, faster bootstrap
<ttx> will be there in a few
<ogex> hello
<ogex> what application video screen capture on ubuntu server
<ogex> run without xwindows
<uvirtbot> New bug: #594201 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.41-3ubuntu12 failed to install/upgrade: BalÃ­k je ve velmi Å¡patnÃ©m, nekonzistentnÃ­m stavu - pÅed  pokusem o odstranÄnÃ­ ho radÄji pÅeinstalujte." [Undecided,New] https://launchpad.net/bugs/594201
<amstan> what shell can i setup for a user so they can't have bash access but they can still do sftp/scp?
<diana1480> need help figuring out why my system won't mount cd's plz.
<UnixDawg_> hey guys what pkgs is repo part of ?
<UnixDawg_> I installed build -essential and git butthe repo command is missiing
<amstan> UnixDawg_:  i don't think there's a command named repo
<amstan> UnixDawg_: usually, bash will suggest packages to install that contain similar named executables, but none of them are repo
<UnixDawg_> qits a command needed for git repos
<UnixDawg_> grr
<UnixDawg_> this is the 1 thing I hate about linux they cut everything up into finite parts
<_ruben> better than infinite parts...
<UnixDawg_> I need the repo command
<UnixDawg_> I cant find it
<pmatulis> UnixDawg_: can you paste the exact error message.  i can't locate the 'repo' command
<UnixDawg_> in a min installing devscripts
<UnixDawg_> it just sauys no command repo
<UnixDawg_> the command repo is needed for setting up git repo's
<UnixDawg_> and cant cut and paste from a vm into themain window
<UnixDawg_> setting up a virtual system to build android-x86
<UnixDawg_> on a sun virtualbox
<UnixDawg_> I cant believe they would break something this bad
<diana1480> my cdrom drive just never mounts properly and if I run mount /media/cdrom0 the light never comes on and after about 20 seconds I get mount: no medium found on /dev/sr0
<amstan> UnixDawg_: i've used git before, i setup multiple repos with it, never used a repo command
<amstan> UnixDawg_: perhaps if you try to explain what your ultimate goal is/what guide you're using i could be of more help
<amstan> diana1480: cd is scratched maybe?
<diana1480> amstan, tried with several cds and dvds
<UnixDawg_> i need repo command to do the followin
<amstan> diana1480: did this drive always do this or did it start recently?
<UnixDawg_> http://www.android-x86.org/getsourcecode#TOC-Building-the-image
<nihilistza> Greetings.
<UnixDawg_> I am setting up the dev enviroment
<nihilistza> Is anyone here running Vmware server 2 on Ubuntu Server Lucid x64 ?
<UnixDawg_> and it seems the repo command that should be in git is missing
<nihilistza> I have some issues and apparently they're fixed in lucid - but I'm worried about upgrading from 9.10 to 10.04 and breaking vmware server
<diana1480> amstan, just started recently. was
<amstan> UnixDawg_: that is weird... try substituting "repo" with "git"
<pmatulis> UnixDawg_: maybe you're looking for the python script called repo.  i found one called 'repo.py'
<amstan> there's also this: "First, follow this page to configure your build environment. Then", but the link is broken
<amstan> diana1480: idk.. i would try another drive
<pmatulis> UnixDawg_: and it's contained in the package 'python-git'
<amstan> yay.. pmatulis saves the day
<UnixDawg_> thanks
<pmatulis> UnixDawg_: is it what you needed?
<UnixDawg_> not repo is still not beiing found
<UnixDawg_> and yes that page has gone missing
<UnixDawg_> sorry this sucks . I install git on bsd and the repo command is there
<UnixDawg_> btu it seems tobe missing here
<UnixDawg_> http://source.android.com/source/git-repo.html
<kirkland> Daviey: ping?
<UnixDawg_> ok found a link to get the repo
<pmatulis> UnixDawg_: right, it's something outside of Ubuntu.  so not to blame
<tyska> hello guys
<tyska> i cant detach a EBS volume after i rebooted the instance which the volume was attached, i cant use that volume on the instance too, i cant do anything with the volume =/
<tyska> someone can help me?
<kees> soren: was it you I was talking to at UDS about super-cheap website hosting?  I need to take notes on my out-of-session discussions now.  :P
<UnixDawg_> ok got it and the repo is setup
<UnixDawg_> thnaks
<MTecknology> Any ideas what's breaking this?  29% [Waiting for headers] [Connecting to security.ubuntu.com (91.189.92.167)] [Waiting for headerFATAL -> Failed to fork.
<jpds> MTecknology: sudo apt-get -o Debug::Acquire::http=true update
<smoser> kees, maybe me. dreamhost ?
<MTecknology> jpds: aptitude update breaks but apt-get update seems to be fine
<MTecknology> gimme a minute to scroll up to the top of that
<jpds> MTecknology: Good.
<smoser> you were going to write a filesystem or git backend on top of dreamhost files forever (https://files.dreamhost.com/)
<MTecknology> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<MTecknology> jpds: here we go - http://paste.ubuntu.com/449767/
<MTecknology> err...
<zul> smoser: it looks good..except for the changelog which i fixed
<smoser> oh. ok. i just pushed that to the bzr too
<MTecknology> jpds: sorry- got a mess of crap going on - http://paste.ubuntu.com/449768/
<Hypnoz> 8.04 LTS only offers me apache 2.2.8 from the repo. Am I able to run the patch in this dir http://www.apache.org/dist/httpd/patches/apply_to_2.2.14/ to bring it up to that version?
<kees> smoser: yes! dreamhost, thanks.
<SpamapS> Hypnoz: no
<Hypnoz> why wouldn't they just put 2.2.14 in the repo since its the newest version...
<SpamapS> Hypnoz: but you should already have fixes for those in the version of apache that is in security updates for 8.04
<SpamapS> Hypnoz: because sometimes new versions bring changes that break stuff
<Hypnoz> SpamapS: how do I check and/or apply the patches from security updates?
<Hypnoz> are they auto installed when i did apt-get install apache2?
<SpamapS> Hypnoz: check the change log
<smoser> kees, so did you finish that git backend for me?
<SpamapS> Hypnoz: should be auto-installed with an 'apt-get update && apt-get upgrade'
<SpamapS> Hypnoz: /usr/share/doc/apache2.2-common/changelog.Debian.gz  will have details on what patches have been applied
<SpamapS> Hypnoz: (note, since its .gz, you can view i with 'zless')
<Hypnoz> nice tip I was doing gunzip
<kees> smoser: hah, no :)
<Hypnoz> SpamapS: so if i see my version as "apache2 2.2.8-1ubuntu0.14" does that mean I'm running 2.2.8 with security patches up to .14?
<kees> Hypnoz: it means you're running 2.2.8 and have several updates, possibly related to upstream fixes.  see /usr/share/doc/apache2/changelog.Debian.gz for details.
<SpamapS> Hypnoz: theres a list of actual changes applied in there.
<Hypnoz> yeah reading that file
<Hypnoz> but it doesn't seem like they applied all the patches, or they would have been able to claim a higher base version right
<SpamapS> Hypnoz: its possible also that the vulnerability was introduced after 2.2.8
<kees> Hypnoz: Ubuntu only applies important updates for stable releases.  https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions
<kees> Hypnoz: if you need 2.2.14, I'd recommend upgrading to Lucid.
<soren> kees: I don't think so. :-/
<soren> kees: Rackspace has some pretty cheap cloud servers, though :)
<Hypnoz> kees: so 8.04 LTS will stay at apache 2.2.8 and only apply security updates from then on?
<Hypnoz> kees: seems they should be able to use apache 2.2.xx
<Hypnoz> kees: or maybe 8.04.5 would be when they upgraded to a new base version of apache and started applying security patches again from there
<SpamapS> mathiaz: ping
<CppIsWeird> after installing ubuntu server the computer boots and just hangs. it wont go to the next boot device and it doesnt display anything from booting linux. it just stops.
<kees> Hypnoz: it's just not how Ubuntu does things.  :)
<webPragmatist> is it safe to replicate         /etc/default/ accross servers
<SpamapS> I just love it when you buy a brand new USB disk and mount it and you get this:
<SpamapS> The disk contains an unclean file system (0, 1).
<SpamapS> The file system wasn't safely closed on Windows. Fixing.
<SpamapS> webPragmatist: probably not without checking for any sort of hostname parameters
<webPragmatist> oh is hostname stored in there
<SpamapS> webPragmatist: well I'd just look through the files and make sure they've not been customized in a way that you wouldn't want to duplicate
<SpamapS> webPragmatist: if you are going to do mass-configuration tho, you may want to look at Puppet.
<webPragmatist> i am using csync2
<webPragmatist> which works fine
<uvirtbot> New bug: #594290 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.41-3ubuntu12.1 failed to install/upgrade: Package is in a very bad inconsistent state - you should  reinstall it before attempting a removal." [Undecided,New] https://launchpad.net/bugs/594290
<webPragmatist> looks like everything is the same except on mac address
<webPragmatist> GRUB_CMDLINE_LINUX="BOOTIF=01-00-30-48-9d-7f-92"
<webPragmatist> whatever that does?
<SpamapS> webPragmatist: you probably don't want to sync grub between machines. ;)
<SpamapS> webPragmatist: unless they're 100% identical hardware.
<Hypnoz> webPragmatist: on my nis server i have /etc/default/nis with NISSERVER=master. Seems you wouldn't want to sync /etc/default across every server you have for little things like that
<webPragmatist> okay i just synced the one file i was needing to
<mathiaz> SpamapS: hi!
<peeps[work]> i have an old server running intrepid.  since that is no longer supported, i'd like to upgrade to lucid.  would you guys recommend a fresh install?  or can i upgrade through all those releases at once?
<SpamapS> mathiaz: so bzr build deb stuff.. I want to make sure the work flow makes sense..
<SpamapS> mathiaz: i've been using the grab-merge script for merges..
<mathiaz> SpamapS: sure - what's your workflow?
<peeps[work]> the box's only purpose is svn server, and internal trac webserver.  if I do a fresh install, i need to be sure that svn can be backed up and restored successfully
<SpamapS> mathiaz: but it seems like it will be a lot easier with bzr
<mathiaz> SpamapS: yes
<peeps[work]> any suggestions?
<mathiaz> SpamapS: bzr branch lp:ubuntu/couchdb maverick
<mathiaz> SpamapS: bzr branch lp:debian/sid/couchdb/ sid
<SpamapS> mathiaz: with bzr, I can just do     bzr merge /path/to/debian/version   in my ubuntu branch and it works the same as the merge o matic, right?
<mathiaz> SpamapS: bzr branch maverick m-merge-from-debian
<mathiaz> SpamapS: cd m-merge-from-debian
<mathiaz> SpamapS: bzr merge ../sid
<mathiaz> SpamapS: and you're done
<SpamapS> yeah ok thats what I thought. :)
<SpamapS> Occasionally tho..
<ScottK> peeps[work]: As long as you upgrade -> jaunty -> karmic -> lucid, it should be fine.  No reason to reinstall.
<SpamapS> debian has incorporated a lot of stuff and it would be easier to start from the debian version and re-apply the few things I want..
<mathiaz> SpamapS: actually you wanna use merge-package instead of merge
<mathiaz> SpamapS: https://wiki.ubuntu.com/DistributedDevelopment/Documentation/Merging
<SpamapS> mathiaz: ah I hadn't gotten that far in the docs.. heh
<SpamapS> mathiaz: anyway, so if I wanted to pull from ubuntu -> debian and then push the debian tree as the new version ... well shoot I should just read that wiki page first
<mathiaz> SpamapS: yeah - that wiki page covers it
<webPragmatist> woh what the heck
<mathiaz> SpamapS: you wanna start from the ubuntu branch though
<mathiaz> SpamapS: as you're working in ubuntu
<mathiaz> SpamapS: and you'll merge debian into the branch
<webPragmatist> why is it in VIM on my terminal the left arrow spits out like "D" and "S"
<SpamapS> mathiaz: right, I'm thinking about the size of the merge proposal.. :)
<mathiaz> SpamapS: that's ok
<webPragmatist> in insert mode
<mathiaz> SpamapS: when I'll do the review I usually have the ubuntu, debian and proposal branches
<mathiaz> SpamapS: so that I can review the diff as I want
<mathiaz> SpamapS: I usually don't look at the diff on the LP merge proposal page as it's too big there
<mathiaz> SpamapS: doing things like: bzr diff --old ../sid/ debian/
<mathiaz> SpamapS: is very simple when using local branches
<webPragmatist> this sucks
<webPragmatist> mathiaz: it's not necessary to type SpamapS b4 everything you type
<SpamapS> mathiaz: alright, that makes sense. :)
<SpamapS> mathiaz: I'll shortly re-submit the couchdb merge as a merge proposal w/ the changelog and control fixes you suggested.
<kirkland> mathiaz: are you reviewing hallyn's qemu-kvm merge?
<kirkland> mathiaz: or should i?
<mathiaz> kirkland: I've looked at it
<mathiaz> kirkland: but I'd more conformtable if you could also review it
<mathiaz> kirkland: I've commented on some packaging bits
<kirkland> mathiaz: okay
<mathiaz> kirkland: but as far as the technical content I'm less sure
<mathiaz> kirkland: wrt to patches and so on
<kirkland> mathiaz: right
<mathiaz> kirkland: so yeah - i'd like you to review it as well
<mathiaz> SpamapS: great - thanks
<kirkland> mathiaz: will do
<kirkland> mathiaz: hallyn: where is it?
<mathiaz> kirkland: https://code.launchpad.net/~serge-hallyn/ubuntu/maverick/qemu-kvm/update-to-12.4/+merge/27293
<mathiaz> kirkland: https://code.launchpad.net/~ubuntu-branches/ubuntu/maverick/qemu-kvm/maverick/+activereviews
<mathiaz> kirkland: ^^ this is where you can see the list of merge proposal for a specific source package
<smoser> what do I need to do to move https://launchpad.net/ubuntu/maverick/+queue?queue_state=0&queue_text=ebsmount to universe ?
<jpds> smoser: It is in universe.
<smoser> so it will build and be available ?
<smoser> i dont need an archive admin action ?
<ScottK> smoser: Yes.
<ScottK> An archive admin needs to review it.
<smoser> ah. ok. thats what i thought.
<webPragmatist> anyone using pacemaker / corosyncâ¦. I am having trouble figuring out what to set bindnetaddr to
<webPragmatist> http://www.openais.org/doku.php?id=faq:configure_openais
<smoser> is it possible to push another upload there at this point, ScottK ?
<smoser> to (per -devel conversations) disable functionality by default
<ScottK> smoser: It is.  I can reject that one and you can reuse the version number.
<webPragmatist> whats 10.17.180.88 && 255.255.255.128
<webPragmatist> 10.17.180.127 ??
<smoser> ScottK, sure.
<smoser> please do
<ScottK> smoser: Done.
<webPragmatist> hrm
<smoser> zul, can you re-review lp:~smoser/+junk/ebsmount.maverick.dev
<smoser> hggdh, ping
<hggdh> smoser: pong
<smoser> what do we know from eucalyptus regarding about:blank
<smoser> whoops
<smoser> https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/566792
<uvirtbot> Launchpad bug 566792 in eucalyptus "metadata service returns empty data with 200 OK" [High,Confirmed]
<smoser> do we know anything more ?
<smoser> funny , about:blank is ~ 200 OK with empty data
<hggdh> only that Chris sent out that email last Friday (which we commented about). No further news
<hggdh> heh
<LowValueTarget> can ssh listen on two ports?
<guntbert> LowValueTarget: two instances can (and must) listen on different ports
<LowValueTarget> thanks bu
<LowValueTarget> thanks guntbert
<guntbert> LowValueTarget: you're welcome :-)  (you have to start two instances of sshd though)
<hggdh> actually, one SSH can run on more than one port
<LowValueTarget> hggdh: comma separated 'Port' configuration option?
<guntbert> hggdh: really? I didn't know that -- sorry LowValueTarget for the misinfo
<hggdh> LowValueTarget: *that* I do not know, I just use as many Port directives as needed
<hggdh> guntbert: indeed
<guntbert> hggdh: thx - its always nice to learn new things :-)
<hggdh> welcome
<cybrocop> Hi All... How can I add a 2nd NIC to a KVM image and have it be on the same "physical" network as the 1st NIC, but diff subnet?
<tyska> hello guys, i cant use the authentication to print in CUPS, someone can help me?
<LowValueTarget> no worries guntbert
<webPragmatist> man
<webPragmatist> why are the HA guys so hard to find around :*
<webPragmatist> :(
<Xpistos> does add-apt-repository not work in lucid server?
<Xpistos> I want to add the ppa for a program but i can't
<hggdh> kirkland: are we a go for Lexington next week?
<Aegil> hey, is there a ssh-askpass for ubuntu server to use from the command line so i can put the passphrase in once and use my keys to connect to any server rather than passphrase on every connection, had a look in apt-get and they seem to be x11 based
<mathiaz> Aegil: ssh-add?
<peeps[work]> doing an upgrade from intrepid to jaunty.  it looks like it's stuck restarting cups. process "/usr/lib/cups/daemon/cups-driverd list 1 0 requested-attributes=all" in htop is taking 9+ minutes of CPU
<peeps[work]> does that sound normal?
<Delemas> Anyone know where I can find a current deb of freeipmi-bmc-watchdog? Universe has an ancient one which broken init scripts...
<Aegil> mathiaz: thats what I needed, couple of problems with it not detecting authentication agent, but thats exactly what i needed, thanks
<peeps[work]> should i kill this cups process?  i don't think it's going anywhere.  17+ minutes CPU time now...
<kirkland> hggdh: yessir
<MTecknology> kirkland: can i come?
<kirkland> hggdh: actually, let's make sure sylvain can do it
<kirkland> MTecknology: heh :-)
<MTecknology> kirkland: :( fine.. I'll just stay here and not party with you guys
<peeps[work]> my upgrade is stuck... :-(
<kirkland> MTecknology: lexington is pretty boring, actually
<MTecknology> I'm lost.. I have 7 servers. sshd_config are exactly the same, .ssh/authorized_keys are exactly the same, permissions on everything... exactly the same. I have one user account that can't log in on 2 servers, and another user that can't login on another... Permission denied (publickey,keyboard-interactive).
<MTecknology> Any ideas what I might be missing?
<MTecknology> kirkland: but i'd be hangin' with the cool cats - i'll feel special if you ever have a reason to invite me somewhere :P
<kirkland> MTecknology: i'll keep that in mind
<MTecknology> debug3: key_read: missing whitespace
<MTecknology> I wonder if that's the issue..
<zul> smoser: upload done
<MTecknology> I get this error when I try to log into one server, but not the other.. http://dpaste.com/207278/
<hggdh> kirkland: I will wait until tomorrow, then
<hggdh> MTecknology: you *could* go, just a question of paying for your own expenses ;-)
<MTecknology> hggdh: probably can't do that :P - if one of our clients doesn't pay us this week I'm out on the streets :P
<MTecknology> s/:P/:(/
<hggdh> MTecknology: ugh!
<kirkland> hggdh: yeah, let's check with spineau, thanks.
<MTecknology> hggdh: the price of running your own business, huh?
<hggdh> MTecknology: been there, done that
<MTecknology> :S .. how do you go from  debug1: Offering public key: /root/.ssh/id_dsa  to  debug2: we did not send a packet, disable method
<MTecknology> debug3 tells me it sent
<MTecknology> "Yup, I sent it, here's the proof of transmission - oh wait- i lied"
<peeps[work]> i did an upgrade, and it failed to reconfigure cups during the upgrade.  it just sits and uses all CPU forever every time it gets to that part, and I have to Ctrl-C it.  can anyone help me?
<peeps[work]> anyone think it would matter if i disconnect the printers?
<peeps[work]> i don't know if i should just continue to the next distro upgrade and hope that fixes it, or make sure it's working first
<peeps[work]> i just upgraded from intrepid to jaunty.  plan on eventually getting to lucid
<MTecknology> reboot didn't even make these listen
<MTecknology> I have absolutely no clue at all what's broken...
<SpamapS> MTecknology: can you try running sshd -d -d -d -P 2222 as root, and then try to login using 'ssh -p 2222' ?
<SpamapS> MTecknology: that will show you a lot of debug info on the sshd side
<SpamapS> oh wait
<SpamapS> sshd -d -d -d -p 2222
<MTecknology> SpamapS: sshd re-exec requires execution with an absolute path
<SpamapS> /usr/sbin/sshd then
<SpamapS> should see   Server listening on :: port 2222.
<SpamapS> as the last line before you connect
<MTecknology> SpamapS: interesting....
<MTecknology> sshd --help gives me the same error
<SpamapS> MTecknology: yes it will you have to explicitly say /usr/sbin/sshd
<SpamapS> thats the sshd guys doing super magic security auditing and finding some reason that its important. ;)
<MTecknology> :P
<MTecknology> I suppose I'll need to disable ufw for that
<SpamapS> MTecknology: oh just ssh from the same host for now
<SpamapS> unless the problem isn't reproducible that way
<MTecknology> it's not
<SpamapS> but yeah I guess if you have draconian firewall rules you need to allow 2222 ;)
<MTecknology> err- maybe
<MTecknology> draconian?
<SpamapS> Kafkaesque? ;)
<MTecknology> http://dpaste.com/207288/
<SpamapS> MTecknology: very hard core. ;)
<MTecknology> oh, I just do ufw default deny :P
<LowValueTarget> anyone know of an offsite backup service that allows backing up from network attached drives?
<SpamapS> input_userauth_request: invalid user root
<SpamapS> MTecknology: are you trying to login directly as root?
<MTecknology> yes, using shared keys
<SpamapS> *evil*
<MTecknology> PermitRootLogin without-password
<MTecknology> :P
<SpamapS> MTecknology: User root not allowed because account is locked
<MTecknology> i know - but it's a dev environment that pretty much gets blown away weekly
<SpamapS> Thats an even *bigger* reason not to allow permissive things.
<MTecknology> it is?
<SpamapS> Development environments should have more limitations and alarms than production.
<SpamapS> Catch the problems *before* they go out.
<MTecknology> staging is locked down
<SpamapS> somebody's going to make a script that needs to login as root now ;)
<MTecknology> dev is open, staging is locked down, production is slightly more open
<MTecknology> SpamapS: thanks a whole spanking lot
<SpamapS> MTecknology: did you figure it out?
<MTecknology> SpamapS: passwd -u $USER
<MTecknology> SpamapS: just that amazingly simple...
<SpamapS> MTecknology: glad you could get it going. I *hate* sshd problems. ;)
<MTecknology> SpamapS: indeed - thanks very very much - I fought that over an hour :P
<SpamapS> MTecknology: take out your frustrations on those dead beat clients who won't pay. ;)
<MTecknology> SpamapS: :P
<MTecknology> sounds awesome
<MTecknology> SpamapS: hey, if you were going to backup the most important parts of a system (so you could restore easily enough), you would want /var/ /etc/ /home/ and anything else?
<SpamapS> MTecknology: back it all up
<SpamapS> MTecknology: don't be stingy with backups *EVER*
<MTecknology> SpamapS: that's a lot of data running across the wire - ~50GB which changes hourly - I'd pay out the crapper hole for that
<LowValueTarget> 100%!!!
#ubuntu-server 2010-06-15
<SpamapS> MTecknology: disks are cheap
<SpamapS> MTecknology: why would you send stuff over the wire?
<maek> anyone using ubuntu in a PCI compliant environment?
<SpamapS> MTecknology: If you can't afford proper tape backup, just get yourself an external enclosure with hot swap drives of some kind.. backup to them, take one offsite every once in a while.. you'll be fine. But don't waste your time trying to exclude crap. It will bite you.
<MTecknology> SpamapS: my backup server is one place. my production servers are elsewhere
<MTecknology> SpamapS: when we get more money our dev system will be the backup system
<MTecknology> for now - I'm stuck on a crappy budget
<SpamapS> MTecknology: understood. When you're starting out especially, you have to take those risks. ;)
<SpamapS> MTecknology: its good to actually sit down and think about what the risks are though.
<zul> mathiaz: do you want to merge puppet or do you want me to?
<MTecknology> zul: how much different is puppet? I hjave yet to see it
<zul> MTecknology: dunno i havent quite looked at it yet
<chewbranca> I've got UEC running eucalyptus and a handful of running nodes, I can only ping those nodes from my master server, but not any other servers on my network, even though I can ssh into those boxes from various locations, what do I need to do to enable ping on those boxes?
<nginxx> hi MTecknology
<MTecknology> nginxx: hi
<SpamapS> mathiaz: ping
<hggdh> do any of you know of any backup pacakge for clouds (storage backups, I mean)?
<zul> hggdh: bacula? ;)
<hggdh> zul: perhaps could be used, yes, thank you. We should look at it.
<chewbranca> anyone monitoring eucalyptus vms with zenoss?
<hazmat> does cloud init install recommends?
<uvirtbot> New bug: #594403 in squid "cannot be made to cache responses with no LMT/Date/Expires" [Wishlist,Triaged] https://launchpad.net/bugs/594403
<X-Sleepy-X> hi
<X-Sleepy-X> is it worth reporting abusive IP's to the ISP that holds the IP?
<X-Sleepy-X> has anyone here done it?
<X-Sleepy-X> and if so, did you get a respons?
 * X-Sleepy-X is not sure if it's worth the hassle
<Todd> My infosec friends say it's useless.
<Todd> As a matter of fact I've heard of them logging into vulnerable dd-wrt routers and fixing bugs themselves so that attackers can't get back in and continue harassing their network.
<Todd> But that's typically a bored Saturday night.
<mac9416> Cloud noob question: if I were to set up a UEC cloud on a few of my older machines, could I install a GUI on the cloud and use it just like a desktop machine?
<qman__> mac9416, in short, no
<qman__> that's not the purpose of a cloud
<mac9416> qman__, I see.
<mac9416> I'm just looking for a purpose for my pile of old computers.
<mac9416> Distributed computing is what I have in mind.
<MTecknology> cluster into a compiling system
<qman__> yeah, a beowulf style cluster would be more effective
<qman__> cloud is aimed at high performance hardware
<mac9416> Ah
<qman__> say you have a dozen quad xeon servers, and you need to run 100 VMs
<qman__> that's what a cloud is for
<mac9416> I see.
<mac9416> That's something I don't have.  :-)
<mac9416> beowulf then. I'll look it up.
<qman__> a beowulf cluster can spread threads across multiple physical machines
<qman__> so if you have a CPU intensive application that supports multithreading, just turn the threads up and it'll share the load
<mac9416> Nice.
<mac9416> I guess one application I had in mind was Blender.
<mac9416> It supports multiple threads for rendering.
<qman__> of course, it has to be relatively big, otherwise the network performance will negate the advantage
<mac9416> Right.
<mac9416> Well, even if it does a half-decent job, I'll learn something in the process, so it won't all be for nothing.
<orudie> how can I check which mail protocols are enabled with dovecot/postfix
<dragondon> can someone help me manage my logs.  They keep recording dropped/aborted/limited events despite havig removed them and something keeps adding those rules back in....getting very frustrating to troubleshoot real software issues with I have 80,000 lines of nothing but those 3 iptables rules....
<CppIsWeird> every time i try to mount anything i get mount: /dev/sr0: unknown device. I've never even attempted to mount /dev/sr0.
<Hilikus> hey guys
<Hilikus> how do i do a remote upgrade to 10.4? when i try do-release-upgrade it says it's not recommended to do remote upgrades
<Hilikus> but i remember i used something else to go from 9.04 to 9.10
<ScottK> Hilikus: do-release-upgrade is the best way.  It does offer you an alternate ssh connection in case of problems.  I recommend you check you can access it before you start the actual upgrade.
<Hilikus> thanks
<unewbie> can i install ubuntu 8.04 as guest os with kvm in my ubuntu 10.04 host?
<twb> unewbie: I don't see why not.
<unewbie> ok, i'll try
<twb> I suppose you might get better *performance* with guests that have recent kernels and thus support virtio, but kvm *should* handle *any* guest OS, albeit slowly.
<prestonc> what's the footprint like (memory wise) of server compared to desktop? Rough guestimate. I need to install a LAMP server and I'm deciding between loading my MacBook up with RAM (I bought a basic MacBook with 2GB) or just installing the server version under VMWare.
<jmarsden> server is smaller by far, if you don't run any services :)  RUn a huge database there and you'll need plenty of RAM... what are you doing with it?
<prestonc> I'm doing development work on an iPhone app against a RESTful server
<prestonc> I have a staging server and live server in the cloud to do testing, etc. Load testing.
<prestonc> However, I need to be able to do development of the app on my VMWare instance.
<jmarsden> You can run server happily in 512MB with apache and a small MySQL db.  Probably in 256MB if you must.
<prestonc> ok
<prestonc> thanks
<jmarsden> You're welcome.
<twb> jmarsden: 128 MB is not sufficient to run the normal installer; it silently fails near the end and the result isn't bootable
<twb> When installing I allocated 512 to my VM; afterwards I *think* was booting happily with 128MB.
<twb> Oh, that was with 8.04 and without the "lowmem=N" boot options.
<jmarsden> twb: Makes sense.  I only suggested going as low as 256MB, which should be OK for install, as well as running thereafter.
<SpamapS> I have a lucid VM running w/ 192M .. but I installed w/ 384
<SpamapS> should be able to go even lower depending on the services you want to run
<prestonc> basically a LAMP server. Nothing fancy.
 * twb grumbles
<twb> "nothing elegant" is more like it.  Stupid mysql.  Stupid PHP.
<prestonc> haha
<prestonc> I agree
<prestonc> I didn't pick the architecture
<prestonc> If I were starting it from scratch it would probably be Python on AppEngine or somewhere where I could take advantage of something like BigTable
<AndrewIII> Hi
<twb> When generating a ramdisk inside a 10.04 chroot, I get a lot of grep: /proc/modules: No such file or directory
<twb> In what way is the 10.04 chroot's initramfs-tools trying to be cleverer than the 8.04 chroot, and how do I tell it NOT to be clever?
<_ruben> just mount /proc ?
<twb> Except that I suspect it's doing stuff along the lines of MODULES=dep, which will generate a totally wrong ramdisk because the host I'm building on and the host I'm booting on are totally different.
<_ruben> i always kinda assumed a ramdisk to be specific to a host its built on, so building for another host would only work if hardware would be identical/similar
<_ruben> well .. an initrd/initramfs/etc
<corpse> when using "get" in ftp, is there a needed option to download a full directory?
<_ruben> depending on the client you could use get -R, or mget, or ...
<corpse> sorry, ubuntu 10.04 using lftp
<twb> _ruben: that wouldn't work very well for e.g. the ramdisks that d-i and the desktop CD user
<twb> s/user/use/
<twb> corpse: that's up to lftp.  The FTP protocol itself has no facility for recursive downloads.
<jmarsden> corpse: I think you may be looking for the "mirror" command in lftp?
<corpse> I am trying to download a directory that has multiple files in it from a seedbox to my fileserver though a ssh window
<corpse> so instead of just moving one file at a time i would like to copy over the hole directory
<jmarsden> So in lftp, type help mirror and use it to move the stuff you need around... right?
<jmarsden> for just a "a bunch of files from one directory" you could use mget instead.  mirror will recurse if your directory to copy contains subdirectories you also want to copy...
<corpse> jmarsden: When i tryed to use mget i would get a file access error. the mirror command seems to be working though. Thanks much
<jmarsden> You're welcome.
<uvirtbot> New bug: #594477 in php5 (main) "5.2.4-2ubuntu5.11 vanished" [Undecided,New] https://launchpad.net/bugs/594477
<trapmax> after upgrading our server, noticed this: http://pastebin.com/cF1TVjx1
<kaushal> hi
<kaushal> I accidentally deleted the sarg index.html file located under /var/www/squid-reports/ the index.html file says about Daily, Monthly and weekly, is there a way to regenerate it again ?
<kaushal> sarg --> squid analysis report generator
<kaushal> I am on ubuntu 9.04 server
<kaushal> checking in again for my query ?
<huats> morning
<RoyK> http://cache.gawkerassets.com/assets/images/4/2010/03/for_traffic_cameras.jpg
<soren> kaushal: Dude. Two minutes after posting your question is /not/ an appropriate time to pester the channel again.
<uvirtbot> New bug: #594509 in irqbalance (main) "irqbalance main process ended, respawning" [Undecided,New] https://launchpad.net/bugs/594509
<remix_tj> Does anyone has installed ubuntu server on IBM xServer 225 ? I get kernel panic while installing...
<twb> I installed 8.04 on some kind of IBM rackmount box
<remix_tj> i'm talking of 10.04...
<remix_tj> now i'm changing cd reader, maybe is broken
<twb> Looking at the IBM product poster, I think it was an x3950 or so
<remix_tj> ah, modern one :-)
<twb> It was new at the time, yes
<twb> It would've been about 3RU, not a blade server, with three SATA disks in a hardware raid5
<twb> It worked, anyway, apart from $boss forgetting to buy the RAID5 ROM
<twb> Does the panic indicate what failed?
<Error404NotFound> are there any nice web management tools for iptables beside webmin and bitfrost?
<twb> Error404NotFound: that suggests webmin is nice.  It isn't.
<twb> ebox is what Ubuntu prefers for web management.  Personally I think it's a bloody waste of time and it cripples both the system and the sysadmin who learns it.
<Error404NotFound> twb, correct :P
<twb> For iptables I'd be using the iptables-persistent package and writing a simple, elegant ruleset.
<twb> If you prefer to have a wrapper make a mess of things, ufw is simple and shorewall is powerful.
<Error404NotFound> twb, shorewall is great...
<Error404NotFound> twb, i think if i get some time i might write a basic PHP web ui with mysql support for managing shorewall...
<twb> Shorewall adds complexity, and I'm not convinced that you get much in return.
<twb> Error404NotFound: I expect someone has already done that, but then of course you'll be running PHP and MySQL...
<Error404NotFound> twb, hmmm, i also expect, but unable to find one :P, there is a module for webmin and shorewall though
<kaushal> soren: apologies
<twb> I guess most cowboys simply use webmin
<uvirtbot> New bug: #594544 in dhcp3 (main) "get prompt about modified config file on upgrade from hardy to lucid" [Undecided,New] https://launchpad.net/bugs/594544
<mco1> Hello. We ware currently experiencing problems with samba on our ubuntu 9.04 server. Access to the shares is very slow. How can I best analyze the problem and have their been recent reports on problems with samba?
<twb> mco1: have you looked at the logs?
<twb> Have you checked /proc/mdstat, SMART, dmesg, etc, for an underlying error?
<_ruben> i'd start at the bottom and work yourself up .. check diskload ... network load
<twb> Yeah, that too.
<mco1>  /proc/mdstats reports no errors
<mco1> The only error I can find in dmesg is "[   33.109609] svc: failed to register lockdv1 RPC service (errno 97)."
<mco1> processor and memory load seems fine
<mco1> But there seems to be a problem with disk load:
<mco1> $ df -h
<mco1> Dateisystem            GrÃ¶Ãe Benut  Verf Ben% EingehÃ¤ngt auf
<mco1> /dev/md0              277G  277G  266M 100% /
<mco1> udev                  501M  264K  501M   1% /dev
<mco1> none                  501M     0  501M   0% /dev/shm
<mco1> none                  501M  568K  501M   1% /var/run
<mco1> none                  501M     0  501M   0% /var/lock
<mco1> none                  501M     0  501M   0% /lib/init/rw
<mco1> none                  277G  277G  266M 100% /var/lib/ureadahead/debugfs
<mco1> /dev/md1              466G  447G   20G  96% /daten/groups
<_ruben> df doesnt show diskload, it shows diskusage
<mco1> my bad, thanks.
<_ruben> but full disks tend to be a bad sign anyway
<mco1> I don't exactly know the purpose of debugfs?
<_ruben> dont worry about that one, / is more important (and the same disk)
<_ruben> as for diskload, use iostat (eg: iostat -m -x 3)
<mco1> I will try to make some space on the disks, meanwhile I will read the manpage of iostat. :)
<Felixb> hello everyone
<Felixb> can someone help me? anyone here?
<hggdh> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<Felixb> well, i have the ubuntu 10 server cd in my 2nd pc now, and want to install it. but it seems that ubuntu doesnt recognize my keyboard, i cant choose the language from the list. but in the "normal" ubuntu version and also in the bios the keyboard works.. anyone got an idea?
<Felixb> ok found the solution... by enabling the usb keyboard support in the bios..
<uvirtbot> New bug: #592641 in eucalyptus "Authorizing simultaneous rules to a group fails" [Medium,Confirmed] https://launchpad.net/bugs/592641
<bogeyd6> truecrypt manage to lose a whole volume i had on a usb drive
<e-DIO-t> does anyone have to work with Ubuntu hosts on ESXi4 Server and deal with vlans?!
<tydeas> what firewall settings does the ufw must have so it can have dns server bind9?
<e-DIO-t> tydeas, guess only needing is that it let pass 53UDP
<twb> Perhaps "ufw allow dns"?
<twb> Make that "ufw allow domain", per /etc/services
<tydeas> Could not find a profile matching 'dns'
<tydeas> what do you mean per /etc/services
<jdstrand> yes, it can use /etc/services, port number[/protocol] or application profile (see ufw app list)
<bogeyd6> twb, you mean make that "sudo ufw allow 53"
<bogeyd6> UDP/TCP will be open on 53 with ufw in that configuration allowing full DNS
<bogeyd6> e-DIO-t, i used to have to do it but then we did away with VLANS and went to true switching environment
<jdstrand> any of these would work:
<jdstrand> sudo ufw allow 53
<jdstrand> sudo ufw allow domain
<jdstrand> sudo ufw allow Bind9
<bogeyd6> check that Bind9
<mco1> It seems like our samba problem was mainly caused due to our mac clients. Thanks to _ruben and twb for helping me find the problem faster.
<tydeas> There is an app Bind9 :)
<e-DIO-t> sigh bodgey: my boss won't buy other switches guess :P
<e-DIO-t> [the fact is that tha idiot bought 2 48port switchs :Â°Â°Â°Â°]
<bogeyd6> sounds like you dont even need VLAN
<bogeyd6> but anyways
<bogeyd6> whats the prob e-DIO-t
<e-DIO-t> well: i'll "show" you all the way
<e-DIO-t> 1 - installed vlan package on the ubuntu server on ESXi
<e-DIO-t> 2 - configured a iface eth0.10 [raw_device etcetc] on network 10.0.0.0/24
<e-DIO-t> 3 - built up a portgroup on Vswitch to Truck all vlan [vlanID 4095]
<e-DIO-t> 4 - set as "tagged member" of VLAN10 the output port of the Vswitch
<e-DIO-t> 5 - setup a eth0.10 on my own laptop, and setup my own switchport as tagged member of vlan10
<e-DIO-t> ...no ping :Â°Â°Â° but the same configuration with 2 phisical hosts [i mean: no vswitch in between] works
<e-DIO-t> [ps: ping fails, arping too]
<bogeyd6> i assume you setup up the actual switch with VLAN
<bogeyd6> e-DIO-t, also we will need a pastebin.ubuntu.com of your "sudo ifconfig"
<bogeyd6> sorry
<bogeyd6> e-DIO-t, also we will need a pastebin.ubuntu.com of your "sudo ifconfig -a"
<e-DIO-t> well, i'm cisco "born" so those 3com are a bit "strange" to me. Anyway since the same config with 2 ubuntu phisical hosts works, guess the phisical switch config it's ok, and even the ubuntu one
<e-DIO-t> ...ok, i'm pasting..would you like a /etc/network/interfaces too?
<e-DIO-t>  http://pastebin.ubuntu.com/450075/ <== heres Ubuntu server "in" EsxI" conf
<bogeyd6> e-DIO-t, is the 8021q module enabled?
<e-DIO-t> not "staticly": but i modprobed it during proofs
<bogeyd6> k
<bogeyd6> have you rebooted since
<e-DIO-t> guess...i should have not.
<bogeyd6> this will load 8021q on boot sudo su -c 'echo "8021q" >> /etc/modules'
<bogeyd6> then we need a pastebin of your /etc/network/interfaces
<e-DIO-t> isical switch config it's ok, and even the ubuntu one
<e-DIO-t> <bogeyd6> e-DIO-t, also we will need a pasteÃ¹
<e-DIO-t> damn...ghgh wait
<e-DIO-t> here's the server one
<e-DIO-t> http://pastebin.ubuntu.com/450077/
<bogeyd6> well there is your problem
<bogeyd6> configured a iface eth0.10 [raw_device etcetc] on network 10.0.0.0/24
<e-DIO-t> mmmh
<bogeyd6> but you clearly have it set as eth1.10
<e-DIO-t> ...
<e-DIO-t> ..well..wait
<bogeyd6> this brings serious doubt of credibility
<nodeadmin> hi, I have eucalyptus (UEC) running on two machines (cc+clc+walrus+sc) and (nc). I can ping created virtual machines and they receive ips from my real DNS in system mode. The problem is that I cannot ssh into them, even though they are running a regular Ubuntu Lucid image. Any ideas?
<bogeyd6> nodeadmin, is the firewall enabled?
<e-DIO-t> no wait
<e-DIO-t> i can't follow u:
<nodeadmin> ufw says inactive on the controller and node.
<e-DIO-t> i got: eth0 as "native", eth1 as auto, and eth1.10 on /etc/network/interface
<bogeyd6> e-DIO-t, well the pastebins look fine and with your apparent knowledge of the system it looks like everything but your switch is setup. You do realize you have to configure the switch for that VLAN and then it should start working just fine.
<bogeyd6> nodeadmin, that was my best guess
<e-DIO-t> mmh...damn: but it won't go :Â°Â°Â°Â°
<nodeadmin> lol, thanks
<bogeyd6> e-DIO-t, https://wiki.ubuntu.com/vlan
<e-DIO-t> well boogey :P right, problem's not the ubuntu one
<nodeadmin> its kind of funny, either I can ssh into them from only the controller, and they can access the outside world, but nobody can access them. Or, in system mode, everybody can ping them but not connect, not even with hybridfox.
<e-DIO-t> guess there's something between switch and vswitch
<tydeas> Is there any gui for bind9"?
<bogeyd6> e-DIO-t, which model of 3com switch do you have?
<e-DIO-t> Baseline Switch 2948-SFP Plus
<bogeyd6> tydeas, not at the moment but here is the best docu i have ever seen on bind9 setup in ubuntu, http://www.ubuntugeek.com/dns-server-setup-using-bind-in-ubuntu.html
<e-DIO-t> and i'm hating them: they got also some "strange issue" on MAC/IP based acl
<e-DIO-t> tydeas: for sure it's called "gnome terminal" ;)
<bogeyd6> !dns | tydeas
<ubottu> tydeas: To set up a Domain Name Service see the !serverguide - https://help.ubuntu.com/10.04/serverguide/C/dns.html
<tydeas> e-DIO-t: i love it.
<e-DIO-t> ^_^
<uvirtbot> e-DIO-t: Error: "_^" is not a valid command.
<tydeas> my boss asked for a gui.
<e-DIO-t> ahaha mine too
<tydeas> using irssi
<e-DIO-t> is still asking for gnome-desktop over a group of servers ;)
<tydeas> to talk here ;)
<e-DIO-t> damned windows-grown geehehe
<tydeas> xoxox
<tydeas> even starting using w3m when want to read documentations such as how to set bind9
<sommer> morning
<tydeas> i am a fedora user though
<bogeyd6> tydeas, http://www.debianadmin.com/bind-dns-server-web-interfacefrontend-or-gui-tools.html
<tydeas> using ubuntu-server
<bogeyd6> e-DIO-t, http://support.3com.com/infodeli/tools/switches/baseline/3Com_Baseline-Switch-2948-SFP-Plus_User-Guide.pdf  suggest 802.1q is not even supported
<e-DIO-t> NOOOOOOOOOOOOOOOOOOOOOOOOOO
<e-DIO-t> THAT WAS MY NIGHTMARE
<e-DIO-t> :Â°Â°Â°Â°
<e-DIO-t> ....
<tydeas> what?
<e-DIO-t> i'm going to kill my boss :Â°Â°Â°
<e-DIO-t> ok...i'm going to smoke and seriously offende some random-god. BRB :(
<bogeyd6> lol
<bogeyd6> read the user guide first
<tydeas> how can i check if the webmin is in the repo of ubuntu?
<bogeyd6> i did a cntrl+f for 802.1q and couldnt find it
<bogeyd6> tydeas, sudo apt-cache search webmin
<Pici> !webmin | tydeas
<ubottu> tydeas: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<bogeyd6> even if it isnt, there is a .deb from webmin themselves
<tydeas> any one form the ones bogeyd6 posted my before that are supported?
<bogeyd6> !ebox tydeas
<bogeyd6> lol
<bogeyd6> !ebox | tydeas
<ubottu> tydeas: ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<tydeas> is it for BIND9 config too?
<bogeyd6> the whole shebang a bang
<tydeas> did not understood
<bogeyd6> tydeas, http://packages.ubuntu.com/intrepid/ebox-dns
<bogeyd6> depending on server version of course
<tydeas> used apt-get to take it :)
<tydeas> what's all about dynamic dns?
<tydeas> i have static ip?
<tydeas> do i need something from this?
<bogeyd6> e-DIO-t, IEEE 802.1Q defines an architecture for virtual bridged LANs, the Tagging
<bogeyd6> Compliance services provided in VLANs, and the protocols and algorithms
<bogeyd6> involved in the provision of these services. An important requirement
<bogeyd6> included in this standard is the ability to mark frames with a desired Class of
<bogeyd6> Service (CoS) tag value.
<bogeyd6> so maybe it is considered a feature of the switch
<bogeyd6> !ebox | tydeas
<ubottu> tydeas: ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<tydeas> what this suppose to mean?
<bogeyd6> !english | tydeas
<ubottu> tydeas: The #ubuntu, #kubuntu and #xubuntu channels are English only. For a complete list of channels in other languages, please visit http://help.ubuntu.com/community/InternetRelayChat
<hggdh> ttx: the server meeting conflicts with Brazil's game today :-(
<ttx> hggdh: use your right brain to cheer and your left brain to type ?
<hggdh> ttx: I guess so :-)
<hggdh> ttx: when does France play?
<ttx> France is still on track ?
<ttx> j/k
<EtienneG> Guys, any way we can actually turn off / disable the Image Store entirely in UEC?
<ttx> hggdh: Thursday 1830 UTC
<EtienneG> I am thinking that it would be best to remove the tab entirely from the web ui where there is no Internet connectrivity
<hggdh> ttx: thanks. Should be a nice game to watch
<Ryan1> I'm setting up key based auth for SSH. Am I able to copy my public key to any other machine I use (eg. by USB stick) or should I generate a new key for each machine?
<EtienneG> Ryan1, check ssh-copy-id
<EtienneG> copying your public key to other machine is basically what it does
<Ryan1> My understanding is that it copies it to the SSH server and adds it to the authorized_keys file
<EtienneG> Ryan1, just fyi, id == key pair, in ssh parlance
<EtienneG> Ryan1, yep
<Ryan1> Basically, my home desktop is my SSH server
<Ryan1> And I'm using my laptop at the moment, which I've set up correctly
<Ryan1> And used ssh-copy-id to move the public key to the desktop/server
<Ryan1> But I also SSH from work
<Ryan1> So I need to know if I can just put my public key on a USB drive and take it to work
<Ryan1> Or whether I need to generate a new key from my work PC
<EtienneG> Ryan1, ok then.  You will need to carry your private key with you, to be able to ssh into the machine where you have deployed your public key in authorized_keys
<EtienneG> Ryan1, *or* generating a second key and adding the public part to the authorized_keys file is apossibility
<Ryan1> ok, thanks
<EtienneG> both would work; I prefer single key
<tydeas> i can not understand how to start ebox yet.
<hggdh> EtienneG: IIRC, it is all javascript
<e-DIO-t> bogeyd6, so in the end: those 3com are vlan useless :Â°Â°Â°
<EtienneG> hggdh, erm, ok.  Any easy way to tweak that?
<hggdh> EtienneG: and, unless you drive a connection to (say) the Image Store, you will not know if it is reachable or not
<hggdh> EtienneG: no, I do not know of any easy way
<EtienneG> hggdh, too bad, I will forget it then
 * hggdh goes have a look
<bogeyd6> e-DIO-t, i dunno
<bogeyd6> e-DIO-t, read the user guide and see if i missed something
<bogeyd6> bbiab, gonna do my backports update and see if this fixes my laptop problems
<e-DIO-t> "4.2 802.1x Auto-VLAN Assignment This release allows VLANS to be assigned via the Radius server. Note that this feature if enabled can assign untagged VLANs to ports where users are already connected. If they
<e-DIO-t> are assigned to other untagged VLANs then they will be removed from the port."
<e-DIO-t> ...so guess it should work with 802.1q trunks :Â°Â°Â°
<e-DIO-t> and i'm in the same ole deep sh!t :Â°Â°Â°
<_ruben> e-DIO-t: why do you need vlan support within your vm? you need more than 4?
<e-DIO-t> nope _ruben: i'd be glad to separate broadcast domains even within the same phisical blade
<e-DIO-t> anyway the fact is: why shouldn't work since vswitch supports 802.1q trunks, phisical switch supports 802.1q trunks and linux supports 802.1q trunks?!
<e-DIO-t> that's sending me nuts :Â°Â°Â°
<_ruben> it works for me as well .. but gotta run now
<e-DIO-t> :Â°Â°Â°Â°
<e-DIO-t> ok...hope to  got you any other day. to get a "chat" bout this
<Pici> e-DIO-t: This conversation is a bit over my head, but perhaps you'd find better support asking in ##networking ? If not, feel free to ignore me ;)
<e-DIO-t> ops: pici neither tought it could exist :P
<e-DIO-t> [and neither searched for it... i'm going to take a look]
<e-DIO-t> mmmh
<smoser> hggdh, ping
<hggdh> smoser: pong
<smoser> eucalyptus bug... mail from them suggesting fix
<smoser> i'll do a build if you'd like and get you some binaries if you can then attempt a fix
<hggdh> yes, small fix, two modules. I tried patching it, but don't know how :-(
<hggdh> smoser: yes, thank you very much
<kirkland> hggdh: ping
<kirkland> smoser: hggdh: actually, i just sent a build to ~ubuntu-virt ppa
<kirkland> smoser: hggdh: get that tested whenever you can
<kirkland> hggdh: maybe you can start prepping the rig for that test
<smoser> kirkland, cool. thanks.
<smoser> my build failed, don't know why.
<smoser> i basically did the same thing you did
<smoser> ah. i know what i did differently, i tried to build on maverick
<hggdh> kirkland: the rig is ready. As soon as your build is done, I will install and run tests on it
<smoser> kirkland, so, just an fyi, lucid-proposed eucalyptus fails to build from source on maverick.
<smoser> probably a "oh well", but just fyi
<kirkland> smoser: yeah, i think Daviey is on top of that one ...  something about libgroovy, i think
<Daviey> smoser: yep.. that is fixed in a pending upload
<Daviey> kirkland: Are you able to upload that?  (Note, i've pushed to the branch today)
<kirkland> Daviey: the 1.6.2 maverick?
<pmatulis> in top i see the process 'apache2'.  is there any way to get more info than that such as what virtualhost this process is serving?
<kirkland> Daviey: i'll sponsor that now
<kirkland> Daviey: wait, i couldn't build a source package
<kirkland> Daviey: where is the orig tarball?
<Daviey> kirkland: from upstream branch
<Daviey> kirkland: wait 1, one more commit, just noticed something
<kirkland> Daviey: okay, i can mumble now
<musictoto> hi all! i'm using ubuntu 10.04 LTS server edition and i need an option like the 'lock screen' option you have in the desktop edition, without logging out. is that possible ? and how ?
<smoser> musictoto, you're talking about the console ? ie, you've logged in and you want to lock it ?
<smoser> if thats the case, I'd suggest using gnu screen (or, better, byobu) and then hitting 'ctrl-a x'
<kirkland> smoser: musictoto: actually you can run "byobu" and then hit F12
<ruben23> hi guys i installed mysql-server 5.1 and accidentally replaced my.cnf with my.cnf version 5, not its not starting, this is a fresh install of 5.1 are there ways i can download fresh default config of mysql5.1-
<musictoto> smoser: kirkland: thanks guys
<SpamapS> hah.. I just hit Cmd-Q instead of Cmd-Tab in my Chrome window.. about 25 tabs closed.. at first I was mad, but then I felt *FREE*
<ruben23> hi guys how do i remove mysql-server 5.1  package
<ruben23> completely
<SpamapS> ruben23: apt-get remove mysql-server-5.1 should do it
<webPragmatist> any of you know if it is possible to use pacemaker+heartbeat instead of corosync
<webPragmatist> (openais)
<ruben23>  SpamapS: when i do that it does conompletly uninstall- it just freeze..
<ruben23> no activity at all
<SpamapS> ruben23: what do you mean it just freeze?
<SpamapS> ruben23: the uninstall process?
<SpamapS> ruben23: maybe mysqld is stuck
<ruben23>  SpamapS:yes..., what happen really is i accidentally replaced the my.cnf of 5.1 with 5.0 my.cnf version--after that mysql-server is not responding at all.
<webPragmatist> ooh nm
<webPragmatist> i just installed heartbeat and it installed pacemaker
<webPragmatist> genius
<ruben23> guys help, im stock
<webPragmatist> anyone ever run "logfile"
<SpamapS> logfile: command not found
<ruben23> how to check if a package is completely remove
 * JPP is away: Work
<webPragmatist> yea it's like a logd maybe something old in this confi
<webPragmatist> g
<mathiaz> kirkland: Daviey: hallyn: bug 594179 - does it make sense?
<uvirtbot> Launchpad bug 594179 in qemu-kvm "Missing -f option for 'qemu-img snapshot'" [Low,Incomplete] https://launchpad.net/bugs/594179
 * Daviey looks
<Daviey> mathiaz: hmm.. the reporter hasn't stated where the patched derived from
<Daviey> is it a cherry pick?
<mathiaz> Daviey: hm - I think wrote it up]
<mathiaz> Daviey: I'm more asking whether what he tries to do *actually* makes sense
<mathiaz> Daviey: ie can you change a format of a snapshot?
<mathiaz> Daviey: it seems to me that the use case he tries to solve is to be able to use qcow2 as the format of the snapshot for a raw file (for example)
<Daviey> mathiaz: Ahh, i see.. I can see that being useful.. not sure it's SRU stuff :/
<Daviey> if it's for maverick, would be nice to see in upstream and then we get it for free
<mathiaz> Daviey: well - does qemu *actually* suport doing that
<Daviey> mathiaz: not a feature set i would be comfortable us carrying, personally.
<Daviey> mathiaz: pass, never done it
<mathiaz> Daviey: I don't think you can just add the format option to the command line and off you go it works magically
<Daviey> mathiaz: brb, on a call
<kirkland> hggdh: did you notice that that eucalyptus ppa built?
<hggdh> kirkland: yes, was on an interview call, but just downloaded them
<jits1998> hi guys... we run a training institute and need a nfs + ldap authentication setup for ubuntu .. we have around 200 users .. please point me to a documentation i can follow as a newbie ... and what kind of hardware server will be needed .. Thanks!!
<RoyK^> jits1998: the ubuntu server guide is quite usable
<RoyK^> 200 users can be anything, really, it just depends what sort of traffic they make
<jits1998> RoyK^: we run a development training institute .. so frequent updates will be there..
<RoyK^> homedirs on nfs?
<jits1998> RoyK^: we want to share home dir frmo nfs
<RoyK^> or local homes?
<RoyK^> that'll create some traffic
<RoyK^> some as in quite a lot
<jits1998> RoyK^: yeah i wd think .
<RoyK^> are we talking about 200 concurrent users?
<jits1998> RoyK^: 120 concurrent via nfs clients..others will likely be using mail and other ldap based stuff..
<RoyK^> how much data space do you plan to support?
<jits1998> RoyK^: data space as in hard disk quota ? .. or total hard disk size ?
<RoyK^> also, is there a fat budget, or do you want things to be cheap?
<RoyK^> total
<jits1998> RoyK^: cheap only .. we are just starting up .. :-) .. we will be renting server ...
<RoyK^> ok, first, how much space do you need?
<RoyK^> 1TB? 10?
<jits1998> RoyK^: may be max 1 Gb per user.. don't know if we would do much more than that per user ..
<RoyK^> how much do they charge for the server rent?
<RoyK^> would it be possible to get something cheap instead?
<RoyK^> cheap or even used
<jits1998> RoyK^: we have a policy to not invest in hardware . as yet......
<RoyK^> doesn't seem too smart to me, but anyway, not my choice
<jits1998> RoyK^: the rentals are planned in  a way to get profit after 2 years i think ..
<RoyK^> so, how much per month?
<RoyK^> btw, where are you located?
<jits1998> RoyK^: I am in india ..
<RoyK^> ok
<jits1998> jits1998: the laptops are rented at around 50 USD per month i think ..
<jits1998> RoyK^: sorry .. replied to myself :P
<RoyK^> hehe
<RoyK^> I just bought this test box at work for storage - 8GB RAM, 8x2TB disk and some SSDs for root and cache, and it cost me less than NOK 25k
<RoyK^> or $3500
<RoyK^> you can get decent hardware quite cheap these days
<RoyK^> and you won't need that amount of storage
<jits1998> we can look at that.. there are some tax issues i guess.. but not sure..
<RoyK^> but still - what you will need is probably good random I/O speeds, meaning lots of drives
<RoyK^> they don't have to be big for your current needs, but you will be wanting many
<RoyK^> say a couple of small drives for the root mirror and 4+ drives for the data
<hggdh> kirkland: just started a test run, 2,000 instances
<kirkland> hggdh: ETA?
<RoyK^> jits1998: placing the storage on a dedicated box will help things a bit, especially if you use something like Nexenta or OpenSolaris on that - that allows you to to dynamically grow the storage without downtime
<hggdh> kirkland: 3 hours to finish, but I will be monitoring. We will have a very good guess in about 30 min
<kirkland> hggdh: great
<RoyK^> hggdh: what sort of test run is this?
<hggdh> RoyK^: UEC runs, mix of all instance types, for both i386 and AMD64 images
<uvirtbot> New bug: #594696 in php5 (main) "eval() with base64_decode causes segfault" [Undecided,New] https://launchpad.net/bugs/594696
<RoyK^> hggdh: any idea about this one ? https://bugs.launchpad.net/ubuntu/+source/linux/+bug/579276
<uvirtbot> Launchpad bug 579276 in linux "Lost network in KVM VM / virtio_net page allocation failure" [Medium,Triaged]
 * ccheney thought he would have rest and just deal with the baby while on leave but has a todo list a mile long :-\
<RoyK^> jiboumans: ?
<jiboumans> RoyK: yes?
<hggdh> ccheney: hey welcome ;-)
<RoyK^> jiboumans: given a ballpark figure of your budget, I could recommend something, but recommending something without any idea of what you may spend on the setup is quite impossible
<jiboumans> RoyK: sorry, i'm lacking context i think
<RoyK^> erm - bloody autoexpand
<jits> RoyK^: sorry i got d/c after you said i wd need lots of drives with good i/a
<jits> i/o*
<RoyK^> :)
<RoyK^> jiboumans: sorry
<jiboumans> RoyK: clearly i need to have everyone with an irc nick beginning with 'ji' banned ;)
 * zul is getting high off the new asphalt in his driveway
<jiboumans> zul: asphalt; the new glue?
<RoyK^> jits: for 120-200 clients with nfs-mounted homedirs, you'll need good I/O. processing power is not likely to be an issue
<jits> RoyK^: okay.. how do i get that :-s
<zul> jiboumans: i dunno...all i know is that its not sitting well with me
<RoyK^> jits: lots of drives
<RoyK^> jits: not necessarily big ones, but more drives
<jits> RoyK^: umm.. as raid or something ?
<jits> RoyK^: i have no clue :-(
<RoyK^> jits: current 2TB drives are very fast linearly, but all 7200rpm drives do around 120 IOPS, meaning not a lot unless you do LARGE reads, which you won't
<jits> RoyK^: yeah it will be very small read and writes .. but frequently..
<RoyK^> jits: yes, RAID-5 or RAID-6. I'd recommend using an external box with nexenta/opensolaris for the storage, since that's very nice, and can use SSDs for caching, can grow existing volumes without downtime and do blocklevel checksumming of everything - you won't get that on Linux until btrfs stabilises and catches up with zfs, which is likely to take a year or more
<jits> RoyK^: that sounds very very expensive :|
<RoyK^> why?
<RoyK^> you can use cheap, even used hardware and make it run very fast
<vraa> opensolaris/nexenta is free, your bulk costs are harddrives
<jits> opensolaris can run on non sun systems ?
<RoyK^> yes
<RoyK^> with zfs (the filesystem in nexenta/opensolaris) you can also replace smaller drives in a RAID, one by one, and when you're done, the zpool has grown
<RoyK^> I don't think linux has anything like that
<hggdh> kirkland: does not look good...
<jits> okay ..
<RoyK^> jits: we have a dual 50TB setup built on supermicro hardware and cheap drives.....
<kirkland> hggdh: alrighty
<jits> RoyK^: 50 TB :P .. we will be rich when we need that kind of disk :P
<vraa> RoyK you still have to resliver after each drive right?
<RoyK^> vraa: yes
<vraa> :) i love zfs
<RoyK^> but if you have an extra slot, you just replace it, no degradation
<RoyK^> jits: http://hub.opensolaris.org/bin/download/Community+Group+zfs/docs/zfslast.pdf
<RoyK^> that's good reading about zfs
<jits> RoyK^: thanks.. let me quickly go thru it and see :-)
<FunnyLookinHat> Looking for some quick advice: what's the most reliable way to transfer large files between servers ?
<FunnyLookinHat> (Not on the same network)
<RoyK^> rsync?
<FunnyLookinHat> Not mirrored directories....
<FunnyLookinHat> One time pushes of large files
<FunnyLookinHat> i.e File shows up in directory - cronjob sees it there and sends it off
<FunnyLookinHat> I was thinking SCP ?
<RoyK^> sure
<RoyK^> rsync --partial can be better if the job is likely to be interrupted, though
<RoyK^> FunnyLookinHat: just make sure the transfer script locks, so you don't get multiple transfers going in parallel :Ã¾
<sjm> FunnyLookinHat: you can use rsync over ssh, too.  look at the man page.
<RoyK^> sjm: rsync runs over ssh by default these days
<RoyK^> if you rsync somefile somehost:
<sjm> RoyK^: Really?  When did that happen?
<RoyK^> years ago :)
<Delemas> On other distributions there are init script functions (/etc/rc.d/init.d/functions) which can be included so init scripts can easily find the pid of a forked child etc. Where can I find these on Ubuntu?
<sjm> ok.  good to know.
<RoyK^> Delemas: see /etc/init.d/skeleton
<Delemas> RoyK^: excellent! Thanks :)
<sjm> RoyK^: since version 2.6.0 (Jan 1, 2004) to answer my own question.  I now feel out of date. :)
<RoyK^> hehe
<Delemas> The initscript for bmc-watchdog is totally busticated so I'm trying to fix it...
<RoyK^> jits: get the point?
<FunnyLookinHat> sjm / RoyK^  - Cool thanks!
<jits> RoyK^: yet to go thru it .. its 11:30 pm here :-) .. time to sleep.. will do it tom morning..
<RoyK^> jits: ok, nite
<webPragmatist> where's the documentation on different pacemaker resources that are supported
<webPragmatist> i'm trying to figure out if i can make it switch a dns record
<toxic> Hello, I'm willing to install ubuntu-server on a 4096MB flash-IDE drive. Is 4096MB enought to get all services for a homeserver up'n'runnin' ? (I intend to install zfs-fuse, lamp, mt-daapd, squid, webmin... the usual ;) )
<webPragmatist> yesâ¦ probably 3gb would be okay
<Pici> toxic: You may want to note that webmin is not in the repositories.
<Pici> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<toxic> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<toxic> thanks Pici !
<toxic> and Pici, what about the minimal requirement for HDD-usage of ubuntu-server ?
<RoyK^> toxic: just make sure zfs gets a gig of ram if you're planning something useful
<RoyK^> toxic: how's the performance of zfs-fuse, btw?
<toxic> RoyK, RAM is not going to be a problem, but as I bought a small SilverStone  Sugo case, I need a very small HDD for the system if I want my 5 drives in my case ;)
<RoyK^> ok
<MTecknology> is it possible to do something like ssh user:pass@server-ip ?
<RoyK^> why not nexenta if you need zfs?
<Pici> toxic: The documentation claims 500mb for base, 1gb for all tasks, see https://help.ubuntu.com/10.04/serverguide/C/preparing-to-install.html
<RoyK^> MTecknology: nope, but look up key auth
<toxic> RoyK, right now I'm using ZFS on a very cheap Motherboard on the integrated SATA II Controller, and Achieve only 40-50 MiO/s reading from zfs and writing to zfs at the same time...
<kirkland> <kirkland> hallyn: so on your stack of verify-kvm-feature-foo work items ...
<kirkland> <kirkland> hallyn: let's start a document in a wiki page, or in google docs, that shows the command line (and any additional instructions) we're using to verify these
<kirkland> <kirkland> hallyn: actually, let's take this to #ubuntu-server (no need to be secret here)
<kirkland> hallyn: i just verified -vnc :1, and -serial stdio
<kirkland> hallyn: but both of those have lots more values than ":1" and "stdio"
<toxic> RoyK, I'm "pretty good" with ubuntu, but have yet no idea of any other linux distrib... And Nexenta is solaris-like I belive ?
<kirkland> hallyn: i think it would be good to note what we've verified
<MTecknology> RoyK^: I'm trying to make a script to automate configuring servers - one of the parts is setting up those shared keys :P
<kirkland> hallyn: and I suspect we'll need to re-test all of these again, after your upload, and closer to release
<RoyK> toxic: nexenta is opensolaris kernel with debian userspace
<RoyK> toxic: same thing, really, for most use
<RoyK> MTecknology: $HOME/.ssh/authorized_keys holds the keys
<hallyn> kirkland: yeah, that's something i was trying ot ask last week.  especially once 12.4 goes to maverick *and*then* gets backported to lucid...
<toxic> RoyK, would you advise me to swich to Nexenta for more stable zfs (still experimental with fuse, but had no issue with it in the last year...)
<RoyK> toxic: yes, without doubt
<kirkland> hallyn: let's do a wiki page for this
<hallyn> kirkland: but i'm logging what i've verified under https://blueprints.launchpad.net/ubuntu/+spec/server-maverick-hypervisor
<panfist> how could i find what user is running the apache service on my server?
<hallyn> new wiki page woudl be good
<hallyn> then we can be more precise/verbose
<RoyK> toxic: tuning, debugging etc will be different, but zfs is zfs all way through
<kirkland> hallyn: right, mark them DONE there --- but let's talk about what we've actually done in a wiki page
<hallyn> ok.
<toxic> RoyK, I'll try that out, I need to find time to test it on a VM, could you just answer this one question : as a ubuntu-geek, how long do you belive I need to adapt to nexenta and have a fully functional homeserver ?
<kirkland> hallyn: how does https://wiki.ubuntu.com/KVMFeatureVerification sound to you?
<RoyK> toxic: not very long
<toxic> (I wanna know if I need 2 days or an hour ;) )
<RoyK> toxic: just try to install nexenta on that wee box before filling it up
<toxic> RoyK, I'll do that ! Thx for the advise !
<toxic> Nexenta runs zfs in the kernel ? It should improve throughput :p no ?
<hallyn> kirkland: sounds good.  i'll create that after mtg if you haven't already
<hggdh> kirkland: I stopped the first run (about 400 instances) and will restart another 2,000 instances. Meanwhile I will look at the errors
<RoyK> toxic: yes, nexenta runs zfs in kernel - that helps a wee bit :Ã¾
<toxic> Cool RoyK thanks ! I'm now asking on #nexenta to leave this chan for ubuntu ;)
<RoyK> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<kirkland> hggdh: so no silver bullet, eh?
<hggdh> kirkland: does not look like it is silver, or even silver-coated
<kirkland> hggdh: dammit
<kirkland> hggdh: you can verify that you did install the new packages
<kirkland> hggdh: restarted the various services?
<kirkland> hggdh: dpkg -l | grep euca
<kirkland> hggdh: i know, i'm sure you did, just checking ....
<hggdh> kirkland: I did verify I installed all new packages -- dpkg -l euca\* uec\* before, then dpkg -i the ones needed on each box, then anotehr dpkg -l euca\* uec\* to verify all had the correct version string
<hggdh> I wish I had missed some :-( then there would still be hope.
<hggdh> kirkland: additionally, we are still running with VNET_ADDRSPERNET = 64, so we will not have spurious errors due to the 32-3 limit
<kirkland> hggdh: okay
<kirkland> hggdh: would you please reply to Chris' note on the cano-euca list with your findings?
<kirkland> hggdh: we need him to get back to work on this
<hggdh> kirkland: will do. I am now finding out what errors we had. Metadata related are certainly more than 10 so far
<kirkland> hggdh: regression then?
<kirkland> hggdh: what a mess ... :-/
<kirkland> hallyn: https://wiki.ubuntu.com/VirtFeatureVerification
<kirkland> hallyn: i put it under "Virt" feature verification, b/c some stuff is kvm, some is qemu, and some is libvirt
<hggdh> kirkland: no, not really regression, just no improvement. Chris stated he could not repeat it...
<kirkland> hggdh: okay;  please continue the dialog on that list
<jits> RoyK: should i be looking at nexenta stor or nexenta :-s
<RoyK> jits: nexenta core platform
<jits> RoyK: okay thanks .. will download it ..
<jits> RoyK: it works fine with ldap ?
<RoyK> I'd guess so
<RoyK> even Sun is replacing NIS with LDAP
<jits> RoyK: cool ... thanks..
<jits> RoyK: just could not sleep .. will put it to download :P
<RoyK> we have opensolaris boxes as CIFS servers in an AD
<RoyK> jits: where are you located?
<jits> RoyK: India :)
<RoyK> ah
<jits> RoyK: its 12;30 now.. have to be in office at 9 :P
<RoyK> still....
<RoyK> I forgot
 * RoyK is in .no
<kirkland> hallyn: feel free to toy with the template or display of the info in that page
<kirkland> hallyn: i just threw up the basics
<hggdh> kirkland: this is different -- on the first run (430 instances) I had 39 failures. BUT this time there were no other failures but metadata
<kirkland> hggdh: hrm, that's interesting
<hggdh> kirkland: before that we would have a mix of metadata and SSH failures (probably due to bad IP addresses)
<uvirtbot> New bug: #594777 in openldap (main) "slapd run level link name to high when using krb5-kdc" [Undecided,New] https://launchpad.net/bugs/594777
<hggdh> kirkland: so, it seems there is a net gain
<bogeyd6> page preview is broken in openoffice for x64 10.04
<mathiaz> SpamapS: https://bugs.launchpad.net/~ubuntu-server/+packagebugs
<jits> RoyK: got that...
<jits> RoyK: still searching for a document to setup nexenta as nfs
<RoyK> jits: that's zfs basics - zfs sharenfs
<bogeyd6> !nfs jits
<bogeyd6> !nfs | jits
<ubottu> jits: nfs is the network file system. See https://help.ubuntu.com/community/SettingUpNFSHowTo for information on installing and configuring NFS.
<bogeyd6> mebbe some guidelines?
<RoyK> jits: /j #nexenta
<RoyK> bogeyd6: not in nexenta
<jits> RoyK: googling..
<RoyK> jits: http://docs.sun.com/app/docs/doc/819-5461
<kirkland> Daviey: so you're saying i should be pushing to: lp:ubuntu/maverick/eucalyptus ?
<kirkland> Daviey: can you confirm that?
<Daviey> one mo
<Daviey> kirkland: lp:~ubuntu-core-dev/eucalyptus/ubuntu/
<Daviey> lp:~ubuntu-core-dev/ubuntu/maverick/eucalyptus
<cdubya> are there any good references on how to setup an odbc connection to ms sql on ubuntu server 10.04?
<kirkland> Daviey: kirkland@x200:/tmp/euca$ bzr branch lp:~ubuntu-core-dev/ubuntu/maverick/eucalyptus
<kirkland> bzr: ERROR: Invalid url supplied to transport: "lp:~ubuntu-core-dev/ubuntu/maverick/eucalyptus": ~ubuntu-core-dev/ubuntu/maverick/eucalyptus is too short to be a branch name. Try '~<owner>/+junk/<branch>', '~<owner>/<product>/<branch> or '~<owner>/<distribution>/<series>/<sourcepackage>/<branch>'.
<Daviey> kirkland: bzr branch lp:~davewalker/ubuntu/maverick/eucalyptus/maverick_to_quilt/ ; bzr push lp:~ubuntu-core-dev/ubuntu/maverick/eucalyptus/devel
<Guest24216> no matter what package i try to install, i get "Could't find package". But if I try to install an installed package I get "already the newest version" what am i doing wrong?
<guntbert> Guest24216: what package are you trying to install? what command did you use?
<Guest24216> and I can only find installed packages with apt-cache, I cant find anything else; example apt-cache search distcc
<Guest24216> guntbert: anything example ... apt-cache install distcc
<Guest24216> whoops apt-get install distcc
<Guest24216> "couldnt fiond package
<guntbert> Guest24216: did you enble the "universe" repo?
<Guest24216> no... how do i do that?
<cdubya> Guest24216, yeah, have you checked your sources?
<Guest24216> yea.. source.list is full
<Guest24216> of http: sites
<cdubya> Guest24216, yes, but are the universe lines uncommented
<guntbert> Guest24216: you must edit /etc/apt/sources.list and uncomment the relevant lines, then sudo apt-get update --- see https://help.ubuntu.com/10.04/serverguide/C/package-management.html
<Guest24216> yes they are
<Guest24216> all unicverse lines are uncommented... this is a fresh install
<guntbert> Guest24216: if there is a # in front the line doesn't work, remove the #
<Guest24216> yes ... i know comments
<cdubya> Guest24216, and you've tried sudo apt-get update?
<Guest24216> apt-get update "Cannot initiate the connection to 8080:80
<Guest24216> whoops must be a proxy fault
<Guest24216> damn
<cdubya> !odbc
<cdubya> !freetds
<guntbert> !askthebot > cdubya
<ubottu> cdubya, please see my private message
<bogeyd6> dang neckbeards
<a3ist> Someone want to help me find out a delay in ssh authentication?  It occurs after the client checks blacklist files.  Here's the client side verbose log: http://pastebin.com/aRQ8pqEy.   IPv6 is disabled/blacklisted
<kirkland> hallyn: mathiaz: qemu-kvm uploaded to maverick
<kirkland> hallyn: mathiaz: thanks a lot
<kirkland> hallyn: how about that memory leak SRU for lucid?
<hallyn> kirkland: https://code.launchpad.net/~serge-hallyn/ubuntu/lucid/qemu-kvm/memleak-fix2   proposed merge/review
<hallyn> kirkland: mathiaz: thanks! (for mav upload)
 * kirkland gets on that one
<kirkland> hallyn: the mem leak one should be fix-released in maverick, now that uploaded 0.12.4, correct?
<kirkland> hallyn: ie, the git commit that you cherrypicked was in the 0.12.4 release, correct?
<hallyn> yup it's in there
<smoser> hggdh, chris misunderstood your email
<hallyn> (just checked 0.12.4 source)
<smoser> please respond
<ccheney> hggdh: hi :)
 * ccheney just got back from taking his wife to the doctor
<smoser> ccheney, all things good ?
<hggdh> smoser, ccheney, what did I do?
<smoser> hggdh, see msg
<hggdh> of course, it is probably my fault ;-)
<LowValueTarget> is installing from usb faster than installing from a dvd
<kirkland> hallyn: fwiw, i subscribed to https://wiki.ubuntu.com/VirtFeatureVerification?action=subscribe
<hallyn> kirkland: me too :)
<kirkland> hallyn: oooh, -redir, neat
<kirkland> hallyn: i just added that to testdrive's default kvm args :-)
<kirkland> hallyn: also, for virtio network and disk, we should find some way of semi-consistently benchmarking this
<kirkland> hallyn: such that we might be able to detect severe regresssions
<hallyn> kirkland: jdstrand has the libvirt qa test script.  we shoudl be able to add some simple things to that maybe
<kirkland> hallyn: definitely
<kirkland> hallyn: would be nice to automate as many of these as possible
<hallyn> we'll want to use a very fast, minimal os.  can you think of one?  :)
<SpamapS> kirkland: btw thanks for the link to your UEC-on-a-key ... I won't get too ambitious w/ the demo.. just want to show it to people so they're aware that it exists and can be played with. :)
<kirkland> SpamapS: sure thing
<kirkland> SpamapS: thanks for reminding me about that
<kirkland> SpamapS: did you catch my blog post on the subject?
<SpamapS> kirkland: no I am eons behind in my RSS feed reading.
<SpamapS> kirkland: but reading now. :)
<kirkland> SpamapS: http://blog.dustinkirkland.com/2010/06/cloud-in-your-pocket-uec-liveiso.html is your guide to your demo ;-)
 * SpamapS makes a steeple with his fingers
<SpamapS> exxxxxccceelllent smithers
<SpamapS> mmmmm dpkg source format 3.0 just saved my bee-hind.
<SpamapS> mathiaz: you were asking how to get jars in the debian dir.. you just have to put '3.0 (quilt|native)' in debian/source/format and add all the binaries to debian/source/include-binaries  :)
<webPragmatist> uhg
<webPragmatist> why wouldn't shutdown -r now work?
<SpamapS> webPragmatist: weird BIOS doesn't like rebooting?
<webPragmatist> no clue >.<
 * SpamapS decides he needs a burrito.. now
<Delemas> cool I sent in a patch for freeipmi.
<Phlogistique> Hi everyone
<Phlogistique> I have a dedicated server I rebooted for a silly reason
<Phlogistique> and now I can't get it to ping anymore
<uvirtbot> New bug: #594840 in openldap (main) "Many "connection_read(): no connection!" warnings from OpenLDAP server when using ldapi:/// and a bind DN (no external authentication)" [Undecided,New] https://launchpad.net/bugs/594840
<Phlogistique> my hosting has investigated
<Phlogistique> and told me that the boot worked, it is possible to login locally, but
<Phlogistique> there is a message "no network configured"
<Phlogistique> they then booted a rescue system on the machine for me to investigate and fix
<Phlogistique> but I didn't change the configuration and what's in the /etc/network/interfaces file looks perfectly sane
<Phlogistique> any idea of where I can find more info/what I can try?
<Phlogistique> http://pastebin.com/fMnfhWaB content of /etc/network/interfaces
<lifeless> kirkland: still up ?
<kirkland> lifeless: yop
<zash> Phlogistique: try poking with ifconfig
<lifeless> kirkland: http://www.tenshu.net/archives/2010/06/08/the-lawnmower-man/
<lifeless> in there he says
<Phlogistique> zash: I can't, my system is not running
<lifeless> The best driver for disk/networking is the paravirtualised âvirtioâ driver. I found that ubuntu-vm-builder had already configured the networking to use this, but not the disk, so I modifie
<Phlogistique> another system is running on the machine
<lifeless> ...
<lifeless> kirkland: is that a bug or feature?
<kirkland> lifeless: page slow to load ...
<Phlogistique> zash: I can look at files but ifconfig won't be interesting
<lifeless> kirkland: in fact, there are a bunch of tunin things there that perhaps should be bugs
<kirkland> lifeless: what part are you specifically talking about as a bug or featureA?
<kirkland> lifeless: for one thing, i only ever use qcow2 as my backing disk image (never lvm as whomever writes there)
<zash> Phlogistique: i meant run stuff like ifup and see what happens
<kirkland> lifeless: is that you, or ng's blog?
<lifeless> kirkland: ng's
<lifeless> Ng: ^
<lifeless> why I am funnelling between you two. bah.
<kirkland> lifeless: heh
<kirkland> Ng: howdy
<lifeless> Ng: meet kirkland. kirkland: meet ng. TALK DAMMIT
<kirkland> Ng: lifeless: if the problem is with vmbuilder, i need to redirect you to soren
<lifeless> kirkland: it seems to me that when one of our sysops looks at the result of ubuntu-vm-builder and notes that changes should be made, we should at least consider whether different defaults would be good.
<kirkland> lifeless: ack, and i agree
<lifeless> kirkland: and you're my go-to guy in server space :)
<kirkland> lifeless: sane defaults should equal "ubuntu"
 * kirkland takes a bow
<Phlogistique> zash: oh you're right this might be interesting - maybe http://pastebin.com/yR5BmnsY
<kirkland> Ng: i'm happy to chat about this tomorrow, when we're both online again
<Phlogistique> or maybe not...
<zash> I have something similar to this problem: http://ubuntuforums.org/showthread.php?t=1507407
<zash> after dist-upgrade from hardy. mysql won't start from init related utils, works-ish if launched directly like sudo -b mysql mysqld
<uvirtbot> New bug: #594847 in samba (main) "Samba doesn't work in Lucid over PPPoE" [Undecided,New] https://launchpad.net/bugs/594847
<Phlogistique> zash: well, my problem's not about mysql
<zash> Phlogistique: but mine is :P
<Phlogistique> oh
<Phlogistique> I thought you meant "somebody has a problem similar to yours" haha
<ccheney> smoser: sorry got called away again, yea she seems to be doing ok they gave her some medicine to take
<FFForever> what is the easiest way to setup a software raid on an already installed system?
<FFForever> (with two new drives)
<JPP> FFForever, mdadm is the tool for linux software RAID
<JPP> in ubuntu server, to install type in apt-get install mdadm
<JPP> (as root or sudo)
<FFForever> also what would be the best way to copy ~500gb to the new raid?
<FFForever> cp -R /oldFolder/* /newFolder/?
<JPP> Yes, probably :)
<JPP> you'll need to format your new harddisks as linux raid first
<zash> What's up with upstart and mysql?
<zash> and why is the load climbing when the server is othervise idle
<jdstrand> hallyn, kirkland, smoser: fyi. it is my eod now, but I have a preliminary libvirt 0.8.1-2ubuntu1 package for maverick
<hggdh> hi ccheney, how are you & SO?
<jdstrand> hallyn, kirkland, smoser: I plan to test it tomorrow and upload maybe late tomorrow or Thursday
<kirkland> jdstrand: awesome
<kirkland> jdstrand: i sponsored hallyn's qemu-kvm today
<kirkland> jdstrand: to maverick
#ubuntu-server 2010-06-16
<uvirtbot> New bug: #594888 in qemu-kvm (main) "no qemu-system-i386" [Undecided,New] https://launchpad.net/bugs/594888
<alyoshka> for some reason I'm not able to access anything from a web server I just set up. I'm using Brightbox's version of Nginx for Ruby on Rails. I've set up the same thing before on another server and everything worked fine, but here it just gives me a gateway timeout error after a few minutes. if I try wget http://localhost from the actual server, it works, but it just won't serve to remote machines for some reason. anybody know w
<alyoshka> that?
<alyoshka> it's like as if Nginx is listening only to requests from localhost or something. anybody know why?
<alyoshka> hmm, if I shut Nginx down, then remote machines fail to connect completely, but when it is running, it has a gateway timeout after like 10 minutes
<alyoshka> so I guess it is listening, but failing to respond or something. why?
<alyoshka> doesn't anybody know what to do about Nginx giving a gateway timeout error on absolutely everything when the request is from a remote machine?
<bc> alyoshka: listening on a port other than 80?
<alyoshka> bc: no, it's on 80
<alyoshka> if I shut down nginx, the remote machine will just say connection refused, if nginx is running, it'll hand for about 10 minutes and then give a gateway timeout error
<alyoshka> so nginx is getting the request, but it's not serving anything
<alyoshka> no static files, no rails, nothing
<bc> alyoshka: I know very little about nginx, but what do the logs say, if anything?
<alyoshka> 2010/06/16 01:09:31 [alert] 2282#0: worker process 2297 exited on signal 9
<alyoshka> 2010/06/16 01:19:38 [error] 2361#0: *5 upstream timed out (110: Connection timed out) while reading response header from upstream, client: xx.xxx.xx.xxx, server: myserver.com, request: "GET / HTTP/1.1", upstream: "unix:/tmp/passenger.2314/master/helper_server.sock:", host: "myserver.com"
<alyoshka> I have a bunch of those in the error logs
<alyoshka> but those are only on the rails site
<alyoshka> the static site doesn't seem to have logged any errors
<bc> alyoshka: I'm wondering if you have a syntax error or loop or but that is causing it to run longer than normal. However, there is an absolute ton on google about 'gateway timeout error rails nginx' -- have you checked those sources? I see a lot of references to a proxy timeout configuration directive that may apply, I'm not sure.
<bc> s/but/bug/
<alyoshka> I tried some of the suggestions there, but nothing worked. another thing is that most of the problems people had were only with the rails websites or with large files, but static files worked for them
<alyoshka> for me, nothing is working
<alyoshka> might have to go back to Apache, but it brings my small virtual servers to their knees
<acajou> Hi all. I'm having an issue with a universe/admin package that works on my Kubuntu desktop but appears broken on a new Ubuntu server install...
<acajou> The package is btrfs-tools.
<bc> alyoshka: is that thing using fast-cgi?
<acajou> When you install it, it's supposed to (amongst other things) create a /dev/btrfs-control file. It doesn't do that, which means nothing works, basically.
<acajou> But I'm not sure if it's just my box or if the package is actually broken...
<bc> alyoshka: does your config specify this directive anywhere? -> fastcgi_pass
<acajou> Would it be best to open a bug report against the package?
<alyoshka> bc: no, it's using passenger for rails and well, static files are served by the server itself
<enav1> hi i need the wiki of this channel.... thanks
<enav1> woops nv
<bc> alyoshka: based on some pages I just looked at, your static files load fine?
<acajou> if someone could try "sudo aptitude install btrfs-tools" on a 10.04 server install and tell me if they see /dev/btrfs-tools, that would be really wonderful...
<acajou> I'd know if it's my box that has a problem, or the package itself.
<bc> alyoshka: I think I'm in over my head. However, include helper_server.sock in the query I mentioned earlier.
<alyoshka> bc: my computer crashed so I didn't get the last few messages u sent
<bc> alyoshka: only one you missed besides the one I just sent was <bc> alyoshka: based on some pages I just looked at, your static files load fine?
<bc> alyoshka: after that: <bc> alyoshka: I think I'm in over my head. However, include helper_server.sock in the query I mentioned earlier.
<alyoshka> bc: the answer to that is no, the static files don't load either; nothing loads at all
<bc> alyoshka: I saw a good bit of info related to the error log snippet you pasted + passenger.
<bc> That is, with 'gateway timeout'
<alyoshka> yeah, but most ppl who have problems with passenger don't have the problem with static files
<alyoshka> I'll set up apache for now because I have a client that needs their site up today and I'll play with nginx later, I guess
<cwillu_at_work> acajou, poke poek
<cwillu_at_work> acajou, did you ever get answers re: btrfs on a server install?
<hallyn> jdstrand: sweet, thanks
<Phlogistique> Hi
<Phlogistique> I need help
<Phlogistique> Does anyone here have an Ubuntu Jaunty?
<Phlogistique> If someone has this and could send me his /etc/{init.d,rc*} in a tar, I would be eternally grateful
<twb> Phlogistique: you can get that from packages.ubuntu.com/jaunty/sysvinit-rc or so.
<twb> dpkg -S /etc/init.d/ should tell you what packages you need.
<twb> Note also that you can "aptitude reinstall <package name>"
<twb> ...although for conffiles that probably won't help.
<twb> In future, I also recommend running etckeeper to place your /etc/ under version control, which would allow you to simply revert the deletion.
<Phlogistique> twb: I didn't delete anything
<Phlogistique> it's far worse
<twb> Go on...
<Phlogistique> well I installed a Jaunty with the /etc of a Lucid
<Phlogistique> and after like one month it's the first time I try booting it
<twb> In that case I suggest you reinstall from scratch.
<Phlogistique> haha
<twb> You will not get /etc back to the way it was
<Phlogistique> but for this I have to save everything
<twb> Well, this is why you put /home and / on different filesystems
<Phlogistique> I know. If I can get the system to boot and to connect, I will be satisfied
<Phlogistique> twb: not everything is in /home
<twb> Granted.
<twb> When installing I would normally make a squashfs of / and put it in /root/<old hostname>.squashfs or so, so that I can easily restore data from it as needed.
<Phlogistique> WOOOOOHOOOOOO IT BOOOT
<Phlogistique> ZS
<Phlogistique> *S
<Phlogistique> YAY YAY YAY
<Phlogistique> YES
<Phlogistique> IT WORKS
<a3ist> anyone know if there's a channel for freenx related questions, or know how to enable compositing for nx-hosted sessions on ubuntu-server?
<uvirtbot> New bug: #594932 in mysql-dfsg-5.1 (main) "MySQL cannot access it's plugin directory (AppArmor rule)" [Undecided,New] https://launchpad.net/bugs/594932
<twb> a3ist: I imagine that would require AIGLX to work over NX
<twb> Unless you mean "work unbearably slowly"
<a3ist> I'll check it out, thanks for the heads up
<a3ist> I'm using gnome sessions hosted via nx to help some family members learn ubuntu
<a3ist> awn needs compositing though
<twb> Yes, well.
<twb> IMO these new-fangled desktops that assume the they get direct rendering should FOAD
<twb> If I wanted a network-opaque windowing system, I'd use glitz
<a3ist> i mean hell, I could always set up x forwarding to the osx clients but the nomachine nxclient was a lot more user-friendly for the non-CLI-comfortable crowd
<ruben23> hi how do i terminate a running application, not responding at all
<a3ist> find its pid, use -kill
<a3ist> or if theres only one instance of it you can do "killall <processname>"
<twb> FSVO killall = pkill
<a3ist> err sorry that's "kill <pid>", not "-kill"
<scar> if that doesn't work, 'kill -9 <pid>' usually will
<uvirtbot> New bug: #594949 in libcommons-cli-java (main) "Sync libcommons-cli-java 1.2-3 (main) from Debian testing (main)" [Wishlist,New] https://launchpad.net/bugs/594949
<ttx> Daviey: should I try to reproduce the instance run / alpha1 issue ?
<Daviey> ttx: If you have a spare cycle!
<ttx> Daviey: installing a UEC rig as we speak.. repdocuing should not take very long
<Daviey> ttx: thanks
<huats> morning
<ttx> huats: o/
<huats> hello ttx !
<ttx> Daviey: reproduced
<ttx> Daviey: also seen elsewhere and also linked to 2.6.34: http://open.eucalyptus.com/forum/decrypting-image-exception
<ttx> Should definitely be escalated to Eucalyptus for them to test on 2.6.34
<Ng> kirkland: hrm, how come that qemu-kvm upload you sponsored doesn't show up on https://launchpad.net/ubuntu/+source/qemu-kvm ? can I monitor its progress into -proposed somewhere?
<uvirtbot> New bug: #594989 in tomcat6 (main) "Lucid Lynx authbind defaults too restrictive" [Undecided,New] https://launchpad.net/bugs/594989
<Daviey> ttx: Agree, seems they are a aware of it.. Really it's an issue for the kernel/mulesoft to resolve
<Daviey> ttx: Will mention it in the weekly call.
<ttx> I don't think Mule is in the path
<ttx> It's a bouncycastle exception
<Daviey> On another note, anyone else notice we don't have any daily cd images?
<Daviey> ttx: ah yes
<ttx> Daviey: I'll have a look at the crypto code in WalrusImageManager.java to check it's sane
<Daviey> ttx: Sounds good to me, thanks
<Daviey> ttx: There are two bugs that seem to have the same behaviour on the bouncycastle tracker
<Daviey> However, both seem to be user issue.. but this could be also..
<Daviey> (i doubt it)
<ttx> Daviey: link ?
<Daviey> http://www.bouncycastle.org/jira/browse/BJA-275
<Daviey> http://www.bouncycastle.org/jira/browse/BJA-251
<ttx> yes, those don't look like the same issue
<Daviey> i agree.. but there are two potential pointers to check for a work around.
<Daviey> ttx: I'm going to compose an email to euca upstream shortly regarding this (so they have more info ready for the call), any extra insight would be appreciated.
<ttx> Daviey: yes, just make sure to point out that forum post as being the same issue
<Daviey> will do
<ttx> Daviey: the issue is either a kernel regression, something that needs to be changed in Bouncycastle to accomodate recent kernel changes, or in theur implementation of crypro decoding
<Daviey> agreed
<ttx> though that last one looks sane to me
<Daviey> ttx: Hmmm.. how big is the image it's try to decrypt?
<ttx> big.
<Daviey> >2GB big?
<ttx> hmm
<Daviey> http://www.bouncycastle.org/jira/browse/BJA-276 could perhaps be related
<Daviey> Although.. i fail to see why lucid kernel works.. if that is the issue.
<Daviey> i would expect it to be a JVM version issue.
<ttx> shouldn't be > 2Gb
<ttx> the image before encryption is 1.4 Gb uncompressed
 * ttx tries to find the size
<ttx> hmm, looks like a red herring too
<Daviey> yeah
<ttx> not PGP, and I don't see why 2.6.34 would factor in
<Daviey> Yeah, i noticed it wasn't PGP - but i would imagine it shares the same functions.
<ttx> can be tseted by registering a verysmall image
<Daviey> ttylinux
<ttx> yep
<Daviey> ttx: When you predouced, did you test the Alpha1 kernel - or the current maverick kernel?
<Daviey> reproduced*
<ttx> alpha1
<ttx> I can upgrade that.
<ttx> Daviey: looking at the logs, it decrypts the kernel alright
<ttx> but not the image
<Daviey> ttx: Okay, whilst you have the enviroment of A1, can you upgrade the kernel and try again?
<ttx> So it's just not "decryption fails", it's "some decryption fails"
<Daviey> ttx: Oh aye.. which made me wonder if it was a file size issue
<ttx> yep
<Daviey> ttx: Can you apt upgrade to maverick kernel?
<ttx> will try upgrading first, then a ttylinux image
<ttx> you know where I can find one ?
<Daviey> cool.. That should answer if this is fixed in the latest kernel for the ubuntu-kernel team
<Daviey> (/me suspects it'll still be there)
 * Daviey pokes his lab
 * ttx retries regsietring/running on latest kernel
<ttx> same fail. Registering is sufficient to trigger the decryption error... no need to try to run it
<nimrod10> is there a documentation where I can read about how ubuntu-server 10.04 handles pam and passwords for users ?
<nimrod10> I found out I can't create users with empty passwords in 9.10 and 10.04 server
<nimrod10> This was so that the users would login via ssh key and then set their own password
<ttx> Daviey: where can I find a ttylinux image ready to register ?
<Daviey> ttx: Hmm, is it not on the UEC web store?
<ttx> I don't think so... looking again
<Daviey> wget http://eucalyptus.cs.ucsb.edu/downloads/euca-ttylinux.tgz ?
<ttx> will try that
<Daviey> scrub that
<Daviey> 40
<Daviey> 404
<remix_tj> no one got problems while installing ubuntu 10.04 server on IBM eServer 225? I get kernel panic while detecting hardware...
<ttx> fwiw, registering an emi with an artificial .img the same size as the kernel is working
<ttx> Daviey: ^
<Daviey> interesting
<ttx> So it's not a question of different codepaths between kernel and image
<ttx> it's either size or luck
<Daviey> remix_tj: I would recommend registering a bug against the package "linux"
 * Daviey bets on size
 * ttx will try with the smallest image in store, a karmic i386
<Daviey> ttx: IIRC the ttylinux is shipped in the euca deps, where the WSDL stuff is (so unpackaged)
<ttx> I can test the size issue by randomly making .img files.
<ttx> they don't really need to be runnable
<Daviey> ttx: ah, using dd?
<ttx> yep
<Daviey> good thinking that man
<ttx> So far 4Mb -> ok, 1.5Gb -> fail
<Daviey> interesting
<ttx> the karmic image should test 1.3 Gb
<ttx> i'll try 200Mb
<ttx> 200 Mb -> fail
<ttx> karmic (1.3Gb -> fail
<Daviey> 100MB?
<ttx> i'm on it :)
<Daviey> sorry
 * ttx dichotomizes
<Daviey> That is the first use of dichotomise this week!
<remix_tj> Daviey: but i can't read all the kernel panic... now i try with alternate, else i'll file a bug
<ttx> Daviey: 75Mb -> pass
<ttx> 140Mb -> pass
<ttx> beh
<ttx> 205Mb -> pass
 * ttx retests 200Mb
<ttx> arh, seems like its not just size
<ttx> 1Gb -> fail
<Daviey> remix_tj: This clearly sounds like a bug, so even if you can;'t provide enought detail at the moment - raising a bug in regards to the hardware make/model would be useful
<Daviey> ttx: Bah.. was hoping it was a clear cut size thing
<ttx> I'm testing by trimming images now
<ttx> the one that fails is a blantant cp X.tar.gz X.img
<remix_tj> ok Daviey
<ttx> 500 Mb -> fail
<Daviey> ttx: There doesn't seem to be any obvious consistency, unless it's related to free cache space at the time.
 * ttx tries to refine nevertheless
<ttx> 270Mb -> pass
<ttx> 390 Mb -> pass
<ttx> 490 Mb -> fail
<ttx> 451Mb -> fail
<ttx> 410Mb -> pass
<ttx> I think it's accumulative, the more you add size the more likely you're to fail
<ttx> but not failing on a precise size whatever the contents.
<ttx> 430Mb -> pass
<ttx> I've one file that fails at 200 Mb, and another that fails around 440 Mb.
<ttx> I think it's just a question of when you hit that "bad block padding"
 * ttx -> lunch
<Daviey> yeah
<ruben23>  hi guys anyone have tried implemeting thin client..? in a network environment..?
<ruben23> using thin client server-ubuntu-server
<SpamapS> oi... 22G of mirror downloaded.. 8G to go...
<jpds> SpamapS: You're using mirror.anl.gov as a source?
<BuZZ-dEE> hello, which package can i install to provide an openid server?
<remix_tj> Daviey: bug 595040
<uvirtbot> Launchpad bug 595040 in linux "kernel panic while installing lucid on IBM xServer eServer 225 " [Undecided,New] https://launchpad.net/bugs/595040
<SpamapS> jpds: no, uoregon.edu..  why?
<acajou> cwillu_at_work: Nope. Also tried #btrfs. https://bugs.launchpad.net/ubuntu/+source/btrfs-tools/+bug/594910
<uvirtbot> Launchpad bug 594910 in btrfs-tools "/dev/btrfs-control missing on Ubuntu Server install" [Undecided,New]
<acajou> You'd think this package is especially well-suited to Ubuntu Server... ZFS-like bit-rot proof filesystem. I'm surprised that it seems no one else has tried it on Ubuntu Server.
<acajou> If I don't solve it soon, I'll have to use a mirrored ext3/4 partition instead...
<Daviey> remix_tj: That is a good bug, thanks
<Daviey> remix_tj: I wouldn't expect it to be fixed for the next 2 weeks, at least.
<SpamapS> acajou: btrfs is experimental
<SpamapS> acajou: but it works fine on lucid
<SpamapS> acajou: give it another year, btrfs will be the default FS on Ubuntu. :)
<Daviey> ttx: Have you returned?
 * SpamapS should not be awake. :-P
<ttx> Daviey: yes
<Daviey> SpamapS: a true geek, never sleeps :)
<Daviey> ttx: Not having much joy with maverick atm
<Daviey> ttx: I tried pinning back librampart, but that isn't it
<Daviey> Most of the other deps seems to be the same as lucid.
<ttx> Daviey: start with alpha1 and upgrade one at a time ?
<Daviey> ttx: Times like this debian style snapshot archive would rock.
<Daviey> ttx: I'm seeing something you have experienced before, axix2c.log [error] http_transport_utils.c(2557) Service or operation not found
<tydeas> I am having some issues with the bind9 dns server
<Daviey> !ask | tydeas
<ubottu> tydeas: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<tydeas> sorry.
<cwillu_at_work> acajou, try building from git, it's straightforward and recommended by upstream at this point anyway
<cwillu_at_work> btrfs-tools at least
<tydeas> I have set the ubuntuserver machine will call it "7" from know on the bind9 dns server
<cwillu_at_work> I'm not certain btrfs-tools is responsible for creating entries in /dev though; at the very least, /dev/btrfs-control doesn't show up in the listed files on my 64bit server
<tydeas> i set him as my primary dns server in an other machine but can resolve names
<tydeas> firewall is fine
<LukAtMeee> Please help.  Setting up a Linux Xubuntu based server on windows network.  Have installed Samba and configured as per the "Ubuntu 10.04 Help Server Windows Networking" page, and it says "From a windows client you should be able to browse the Ubuntu file server and see the shared directory"..  Well I can't.  I can ping the Linux box from a windows box on the network, but can't ping any windows box from the Linux box.
<LukAtMeee> I can see the windows boxes from each other.
<uvirtbot> New bug: #595040 in linux (main) "kernel panic while installing lucid on IBM xServer eServer 225 " [Undecided,New] https://launchpad.net/bugs/595040
<remix_tj> Daviey: no, problem, i try to install hardy, for the moment
<cwillu_at_work> acajou, yep.  "modprobe btrfs" is what creates /dev/btrfs-control, not btrfs-tools (just tested on my desktop)
<remix_tj> or karmic
<Daviey> tydeas: Hmm.. have you tried the tool "dig"?
<Daviey> ttx: Do you remember what fixed the axis2 issue?
<hggdh> <yawn/>
<LukAtMeee> Anyone, any ideas.  I've tried uninstalling and reinstalling samba to get a fresh start, and the Xubuntu is a brand new install from scratch (10.04).  I have read through the help guide, but when I can't even get it to do the most basic thing, I think there must be a problem, hence why I'm here!!
<ttx> Daviey: doesn't ring a bell... why do you say I've hit this one before ? (I might have, I hit so many...)
<Daviey> heh, one mo
<Daviey> ttx: https://lists.ubuntu.com/archives/ubuntu-devel/2009-September/029089.html
<tydeas> Daviey: brb
<Daviey> ttx: it looks like the issue may be the same/similar
<ttx> hm
<ttx> that one was due to upstartification missing a few steps... lemme check the commits
<LukAtMeee> Also, if I run smbclient -L it tells me that the linux box is the only box on the workgroup, which it blatantly isn't.  So where is the problem??!
<Daviey> ttx: it can't be apache/libapache2-mod-axis2c related as they are the same version as lucid
<acajou> cwillu_at_work: What's surprising is that /dev/btrfs-control was created without my intervention on my desktop...
<cwillu_at_work> acajou, does btrfs show up in lsmod on your desktop?
<Daviey> LukAtMeee: If you leave it a few hours, zul might be the best person to ask about that :)
<cwillu_at_work> acajou, it disappears if you rmmod btrfs, and comes back when you modprobe btrfs, seems pretty conclusive to me :p
<cwillu_at_work> LukAtMeee, if you "restart nmbd; restart smbd", does it magically start working?
<cwillu_at_work> I think the samba upstart jobs in lucid are slightly broken if you have more than one network interface
<LukAtMeee> cwillu_at_work: nope.  Now I can't see the server in the workgroup either!
<LukAtMeee> Daviey: okay, thanks.
<cwillu_at_work> oh, sorry.  You can connect from windows to the server, but you can't connect from the server back to any windows machines?
<LukAtMeee> So now I can't see the windows machines from the Linux box, and the Windows boxes can't see the Linux box and the Linux box can't see the Linux box when I run smbclient -L servername
<halvors> What is the best administrationpanel for my serve?
<halvors> server*
<cwillu_at_work> LukAtMeee, can the windows machines current ping the server (even though the server doesn't show in the workground)?
<LukAtMeee> yes
<cwillu_at_work> okay, the workgroup should fix itself then in a few minutes
<LukAtMeee> and they do it by IP address or by servername
<cwillu_at_work> this should definitely work, but what does "net lookup <windows host name>" do?
<LukAtMeee> gives me the IP assigned by my router for each of the windows machines....I feel like there's a light at the end of the tunnel, finally (I;ve been trying for 3 days!)
<ttx> Daviey: ISTR the issue was some unset AXIS2C env variables in the upstart script
<Daviey> ttx: hmm.. don't think that is this issye
<cwillu_at_work> LukAtMeee, I'm not 100% certain of this, as my desktop doesn't seem to need it (but that could be for other reasons);  but try adding "wins" to the hosts line in /etc/nsswitch.conf (after files)
<Daviey> issue*
<ttx> Daviey: check /var/run/eucalyptus/httpd-cc.conf
<Daviey> ttx: I've increaced verbosity of axis2 and apache, and here are all the logs
<Daviey> http://pastebin.daviey.com/yVVp/
<Daviey> ttx: looks like axis is doing it's thing, but for a non-obvious reason apache is being killed
<cwillu_at_work> LukAtMeee, you may also need to install "winbind", but try it without first.  Should take effect immediately after modifying the file
<LukAtMeee> I don't have a line like that in my smb.conf  What should it say?
<cwillu_at_work> hosts:          files wins mdns4_minimal [NOTFOUND=return] dns mdns4 is mine
<cwillu_at_work> it's not smb.conf though
<cwillu_at_work> /etc/nsswitch.conf
<cwillu_at_work> (i.e., it's not a samba setting)
<LukAtMeee> ok....brb
<cwillu_at_work> no reboot necessary
<ttx> Daviey: confirmed -- my error was solved by appropriately setting Set EUCALYPTUS and AXIS2C_HOME environment variables in eucalyptus-cc upstart job
<LukAtMeee> okay, do I need to do a service restart or anything?
<ttx> so probably not the same root error
<Daviey> nah
<Daviey> *sigh*
<ttx> Daviey: but I would really try to fix one issue at a time
<ttx> Daviey: and concentrate on the already-identified alpha-1 critical issue
<_tydeas_> hi back on the dns server issue.
<_tydeas_> Do i have to allow icmp also from firewall
<cwillu_at_work> LukAtMeee, no, it takes effect immediately
<Daviey> ttx: Hmm.. when i spoke with Jos.. we seemed to think euca not starting at all was more pressing
<_tydeas_> i run the wireshark on server with dns filter
<LukAtMeee> okay, done the above, but windows still can't "see" linux, nor the other way around....any other ideas???
<ttx> Daviey: then you should start from A1, gradually upgrade and check which upgrade breaks it
<Daviey> ttx: ok
<cwillu_at_work> LukAtMeee, ignore the windows not seeing linux for now
<cwillu_at_work> LukAtMeee, as I said, that should go away within 30 minutes or so
<cwillu_at_work> LukAtMeee, with that change, can you "ping <windows host>"?
<LukAtMeee> sadly not....
<cwillu_at_work> okay, install winbind and try again
<LukAtMeee> okay, tried it, but no joy.  should I reboot?
<cwillu_at_work> can you pastebin your /etc/nsswitch.conf?
<LukAtMeee> # /etc/nsswitch.conf
<LukAtMeee> #
<LukAtMeee> # Example configuration of GNU Name Service Switch functionality.
<LukAtMeee> # If you have the `glibc-doc-reference' and `info' packages installed, try:
<LukAtMeee> # `info libc "Name Service Switch"' for information about this file.
<LukAtMeee> passwd:         compat
<LukAtMeee> group:          compat
<cwillu_at_work> ugh
<LukAtMeee> shadow:         compat
<LukAtMeee> hosts:          files wins mdns4_minimal [NOTFOUND=return] dns mdns4
<cwillu_at_work> use  a pastebin
<LukAtMeee> networks:       files
<LukAtMeee> protocols:      db files
<LukAtMeee> services:       db files
<LukAtMeee> ethers:         db files
<LukAtMeee> rpc:            db files
<LukAtMeee> netgroup:       nis
<LukAtMeee> ah, how do I do that?
<cwillu_at_work> LukAtMeee, never paste more than a couple lines directly into the channel
<LukAtMeee> sorry
<cwillu_at_work> http://pastebin.com
<cwillu_at_work> that said, the file looks right :p
<LukAtMeee> okay....any more ideas?
<LukAtMeee> you're being very helpful, thanks!
<LukAtMeee> brb
<_tydeas_> The problem with bind is that i can dig from the dnsserver machine.
<_tydeas_> But if i set this server machine as dns server to a local area machine it can not get the addresses.
<_tydeas_> i am trying to dig from local machine and nothing
<_tydeas_> the firewall of the server allows 53
<_tydeas_> any ideas?
<_tydeas_> how can i debug this issue?
<cwillu_at_work> apt-get install pastebinit; strace -o /tmp/ping.trace ping windowshostname; pastebinit /tmp/ping.trace
<cwillu_at_work> _tydeas_, you're allowing udp and tcp?
<cwillu_at_work> LukAtMeee, that apt-get line is for ou
<cwillu_at_work> you
<LukAtMeee> Thx, it's running now.
<_tydeas_> i used wireshark and check that ICMP protocol with source local and dest server is port unreachable.
<cwillu_at_work> LukAtMeee, when it's done, it'll spit out a link;  paste that link here
<acajou> (sorry - power failure)
<cwillu_at_work> _tydeas_, here's a question, if you turn off the firewall, does it work? :)
<LukAtMeee> http://pastebin.com/38SeBZrD
<_tydeas_> root@sindos2:~# ufw status
<_tydeas_> Status: inactive
<LukAtMeee> okay, I hope you can unserstand that, because most of that looks....interestingly complex(?) to me!
<cwillu_at_work> LukAtMeee, it's a list of all the system calls made by "ping"
<_tydeas_> cwillu_at_work: still does not work
<cwillu_at_work> LukAtMeee, you can see which files it opens, etc
<cwillu_at_work> _tydeas_, okay, not a firewall problem then :/
<LukAtMeee> okay, thx, now it makes more sense!
<LukAtMeee> never realised ping was so complex...
<cwillu_at_work> it's not :p
<cwillu_at_work> but it calls out to libraries which are somewhat
<cwillu_at_work> figuring out hostnames is serious business, just ask _tydeas_
<_tydeas_> :)
<_tydeas_> any other idea?
<cwillu_at_work> What interfaces is the dns daemon listening on?
<acajou> cwillu_at_work: You're right modprobe btrfs creates /dev/btrfs-control.
<cwillu_at_work> acajou, I usually am :p
<sommer> morning
<cwillu_at_work> acajou, you may not have noticed it on your desktop if you made and mounted a btrfs filesystem before you started experimenting with the tools
<hggdh> kirkland: morning, and a Q about eucalyptus-network.conf and $IFACE
<cwillu_at_work> _tydeas_, check "lsof -iTCP -iUDP"
<cwillu_at_work> _tydeas_, make sure it's not listening on only localhost or something silly like that :)
<acajou> cwillu_at_work: first thing I did was convert an ext3 filesystem... (btrfs-convert, then mount -t btrfs)
<cwillu_at_work> acajou, okay; that would have resulted in btrfs being modprobed
<acajou> (that would have auto-created /dev/btrfs-control?)
<cwillu_at_work> acajou, yes, modprobing the driver is what triggers the creation of btrfs-control
<acajou> Hmmmm. Seems to me modprobing should be part of the package install?
<cwillu_at_work> acajou, no
<cwillu_at_work> acajou, this has nothing at all to do with btrfs-tools :p
<cwillu_at_work> the tools which require btrfs-control require a mounted filesystem anyway
<acajou> Well, if you start by mkfs.btrfs, thinhgs fail.
<cwillu_at_work> eh?
<cwillu_at_work> mkfs.btrfs should work regardless, and then when you mount it, everything works, no?
<acajou> On the server, instead of starting by converting an ext3 FS I tried to mkfs, and that failed.
<acajou> With the missing /dev/btrfs-control error.
<cwillu_at_work> let me test, one sec
<cwillu_at_work> acajou, works here with btrfs not loaded
<cwillu_at_work> mkfs -t btrfs ./btrfs-test
<cwillu_at_work> fs created label (null) on ./btrfs-test
<cwillu_at_work> 	nodesize 4096 leafsize 4096 sectorsize 4096 size 256.00MB
<acajou> I believe I used: mkfs.btrfs -m raid1 -d raid1 /dev/sdc /dev/sdd
<cwillu_at_work> k, let me try that
<zul> LukAtMeee: are you using opendns?
<LukAtMeee> @zul erm, I don't know.  How do I find out?
<acajou> I don't know how to undo the modprobe, so I can' t come back to my previous state...
<cwillu_at_work> acajou, "rmmod btrfs"
<zul> LukAtMeee: check your /etc/resolv.conf
<LukAtMeee> and how do I highlight that a message is aimed at a particular person on the irc?(new to this too!)
<acajou> cwillu Thanks. :)
<cwillu_at_work> LukAtMeee, include their name on the line (use the tab key to complete nicks)
<LukAtMeee> zul: no, looks like I'm using the virgin dns
<LukAtMeee> cwillu_at_work, thanks\1
<cwillu_at_work> acajou, looks like it's specific to raids
<acajou> cwillu_at_work May not be fatal, it just says " failed to open /dev/btrfs-control skipping device registration"
<cwillu_at_work> acajou, it doesn't work though, tested
<cwillu_at_work> acajou, you can create a btrfs fs with a single device as raid1 (which is actually "dup" in that case), and then add the second device after mounting it
<cwillu_at_work> but that won't give you the same result I don't believe
<cwillu_at_work> there's raid1, and then there's dup.
<acajou> Hmmmm. If I modprobe first, it seems to work, but tells me the FS created is 2.73TB, and it should not be that large for two 1.5tb drives in raid1....
<cwillu_at_work> yep
<cwillu_at_work> acajou, no, that's correct
<cwillu_at_work> you have to remember that "used space" is a complicated notion in a filesystem as flexible as btrfs or zfs
<cwillu_at_work> acajou, you have a 2.73tb pool which can be allocated to particular trees
<cwillu_at_work> i.e., the metadata tree, or the data tree, or the system tree
<acajou> Hmmm. First brushes with raid...
<acajou> OK
<cwillu_at_work> normal "df", "btrfs filesystem df /mount/point", and "btrfs-show" will all give different views on that
<cwillu_at_work> "btrfs filesystem show /dev/device" instead of btrfs-show, actually
<cwillu_at_work> _tydeas_, can you pastebin the actual output from ping?
<cwillu_at_work> _tydeas_, it looks like it's resolving fine from the strace dump, and it's just the actual ping packets that aren't getting through
<blsmith> Anyone here?
<cwillu_at_work> no.
<ttx> jasonb: please see bug 591802 and bug 594989 and comment on them if the proposed solution looks good to you
<uvirtbot> Launchpad bug 591802 in tomcat6 "tomcat fails to start using a security manager" [High,Triaged] https://launchpad.net/bugs/591802
<uvirtbot> Launchpad bug 594989 in tomcat6 "Lucid Lynx authbind defaults too restrictive" [Wishlist,Confirmed] https://launchpad.net/bugs/594989
<cwillu_at_work> blsmith, pro-tip:  don't ask to ask, just ask.
<blsmith> I'm setting up a 10.04 server and need setting up a usb wireless adaptor.
<cwillu_at_work> blsmith, if you set up the wireless under a desktop session, hit the "Available to all users" option in the connection editor
<LukAtMeee> cwillu_at_work, so did that ping.trace help at all?
<cwillu_at_work> blsmith, then it should automatically connect even with nobody logged in
<cwillu_at_work> LukAtMeee, sorry, I sent that to the wrong person
<cwillu_at_work> LukAtMeee, (not _tydeas_), it looks like it's resolving fine from the strace dump, and it's just the actual ping packets that aren't getting through
<cwillu_at_work> LukAtMeee, can you pastebin the actual output from ping?
<blsmith> cwillu, I'm under server, should I install a desktop version?
<LukAtMeee> if I ping, it just sits there and does nothing until I Ctrl-C
<cwillu_at_work> LukAtMeee, what does "host <hostname>" say?
<LukAtMeee> portable.cable.virginmedia.net has address 192.168.1.118
<acajou> cwillu_at_work: Ya, df -> 2.93TB. Gonna put 60 odd gb to see what that does. So I guess the trick is just to modprobe first...
<cwillu_at_work> yep
<cwillu_at_work> LukAtMeee, okay, it's working fine then
<cwillu_at_work> LukAtMeee, you probably just have a firewall on the windows machines that's blocking ping and so forth
<LukAtMeee> but how do I get them to see the machines...remove the firewall?
<cwillu_at_work> LukAtMeee, basically;  do you really need to be able to see them from the server though?
<blsmith> cwillu_at_work, Should I install ubuntu desktop in order to set up the newtork then, disable the GUI?
<cwillu_at_work> bladernr, a moment
<cwillu_at_work> blsmith, I'm not sure if networkmanager is used in a bare server install;  it'd be straightforward to install that though if it's not.  That still doesn't help you configure wireless though.
<cwillu_at_work> blsmith, is this just a home server?
<cwillu_at_work> if so, then yes, I'd say just install ubuntu-desktop to configure it, simpler that way
<YouCanHelpMe> damn.  don't know what happened, but I am LukAtMeee.   cwillu_at_work: not really, that's a fair point, but I do need to be able to see the server from the windows machines.
<cwillu_at_work> I know you can configure it via dbus calls (dbus-send from a command line), but I don't have the commands on hand
<cwillu_at_work> YouCanHelpMe, okay, you'll have to figure out the firewall rules on those machines then
<YouCanHelpMe> okay.  I'll look into it.  I have to go now, but THANKYOU so much for helping out.
<cwillu_at_work> one option might be to set up those machines to use the samba wins server (which you'd enable from /etc/samba/smb.conf)
<remix_tj> Daviey: problems affecting also karmik, maybe due to raid controller
<YouCanHelpMe> okay... cwillu_at_work, how do I do that?
<cwillu_at_work> YouCanHelpMe, you're gonna have to dive into the documentation a little ;p
<YouCanHelpMe> no worries.  Will do.  Thanks again!
<cwillu_at_work> my consulting rate is 105$/h :p
<YouCanHelpMe> ouch!
<blsmith> cwilu_at_work, thanks for the help.
<cwillu_at_work> blsmith, that works for you?
<cwillu_at_work> blsmith, I'm sure there's some instructions somewhere to configure it by hand, it's just that most servers aren't connected over wireless
<blsmith> cwilu_at_work, yeah, i have a copy of 9.10 desktop, I'm going to set up the wireless network and then upgrade that to 10.04.  I understand and thats why i'm not even going to spend anymore time looking for instructions.
<bogeyd6> wireless on a server isnt so bad if the server has a definite need to be
<YouCanHelpMe> cwillu_at_work, I don't believe it.  The windows machines and Linux server just started talking to each other without me doing anything else!  So it must have been what you suggested!   Thanks again!
<cwillu_at_work> ;)
<ruben23> any problem on the ubuntu-server lucid repo, im installing packages now but its really so slow..downloading..
<bogeyd6> cnc program relay servers work great over wireless in a factory setting
<blsmith> bogeyd6, can you help me set this up?  I think its being recongnized but its just not turning on.
<ruben23> any issue on the repo site
<cwillu_at_work> bogeyd6, that's why I said "usually aren't" and not "it's stupid to think about it"
<bogeyd6> cwillu_at_work, thank you for the unnecessary explanation
<bogeyd6> ruben23, you in the midwest US?
<cwillu_at_work> bogeyd6, and thanks for the unnecessary correction :)
 * bogeyd6 's neckbeard radar as went full alert
<ruben23> bogeyd6: Asia
<bogeyd6> ruben23, if you are in the midwest area of the US you need to switch all of your repos to anl.gov
<bogeyd6> blsmith, i can try but i wasnt here fr the original problem
<cwillu_at_work> bogeyd6, wants to configure wireless from the console
<blsmith> bogeyd6, basically i'm trying to set up a 10.04 server with a dlink dwa 150 wireless adaptor. Did a google search nothing came up  so I came here.
<bogeyd6> blsmith, are you using it USB style?
<blsmith> bogeyd6, yes it is usb, I'm not sure what other style it could be though?
<bogeyd6> blsmith, https://help.ubuntu.com/community/HardwareSupportComponentsWirelessNetworkCardsDlink   << suggest your card is not supported
<blsmith> bogeyd6: dmesg output after unplug and replug.  Registered led device: rt2800usb-phy1: :radio
<bogeyd6> oh thats ok blsmith, linux does lots of dumb stuff like that. ask anyone using 9.10 how they felt about everything the broadcom chipset looking like everything was kosher and would connect to the AP but no traffic could be transmitted/received
<bogeyd6> bcm43*, it was a peach, thankfully it works in 10.04
<blsmith> bogey6: ouch.  so i'm actually getting no where with this device.
<bogeyd6> blsmith, your comments and the documentation do in fact suggest that
<bogeyd6> however if you want to continue might i suggest this
<bogeyd6> !wireless | blsmith
<ubottu> blsmith: Wireless documentation, including how-to guides and troubleshooting information, can be found at https://help.ubuntu.com/community/WifiDocs
<blsmith> bogeyd6, i don't understand, what would you like me to try?
<remix_tj> is there a way to disable hw autodetection?
<bogeyd6> blsmith, visit that website and follow the step by step instructions and when you reach the end if it works, great, if not then move on
<blsmith> thanks
<bogeyd6> https://help.ubuntu.com/community/WifiDocs/WiFiHowTo
<bogeyd6> its for the cli
<blsmith> bogeyd6: this didn't help. sorry, but thanks for the support. moving on to attempt desktop setup.
<elb0w> why do I see /usr/bin/dpkg --status-fd 31 --unpack --auto-deconfigure /var/cache/apt/archives/mysql-server-5.1_5.1.41-3ubuntu12.3_amd64.deb
<elb0w> is that an auto-update?
<bogeyd6> elb0w, only if you have the updates set to install ALL and not just security
<acajou> cwillu_at_work: Thank you! Things seems to be working peachy fine now.
<elb0w> bogeyd6, how can I check
<cwillu_at_work> acajou, marked the bug as invalid
<elb0w> root     10995  0.0  0.0  50868   780 ?        S    Jun10   0:00 /usr/bin/perl -w /usr/share/debconf/frontend /var/lib/dpkg/info/mysql-server-5.1.prerm upgrade 5.1.41-3ubuntu12.3
<elb0w> root     10997  0.0  0.0   9236   928 ?        S    Jun10   0:00 /bin/bash -e /var/lib/dpkg/info/mysql-server-5.1.prerm upgrade 5.1.41-3ubuntu12.3
<elb0w> I did not ask for these
<cwillu_at_work> elb0w, ps axjf | less
<cwillu_at_work> elb0w, you can use that to figure out what process started it
<elb0w> which row is the starting process?
<elb0w> PPID is parent process I guess
<acajou> cwillu_at_work: 10-4.
<bogeyd6> elb0w, sudo cat /etc/apt/apt.conf.d/50unattended-upgrades
<smoser> kees, around ?
<cwillu_at_work> elb0w, that command would bring up a tree list, just follow it back
<elb0w> I traced it back to 1
<elb0w> sbin/init
<elb0w> Unattended-Upgrade::Allowed-Origins {
<elb0w> 	"Ubuntu lucid-security";
<elb0w> thats all I have unchecked
<elb0w> er commented
<cwillu_at_work> okay, probably a cron job as bogeyd6 suggests
<elb0w> im checking what bogey suggested. The only thing I have enabled is security
<bogeyd6> ok then it must be a security update, but i distinctly remember have to run apt-get upgrade myself to get that particular update because it was causing utf-8 tables to be manually repaired
<ElTonerino> I upgraded dovecot today, and am now having problems when trying to send emails.
<ElTonerino> I get this error "warning: SASL: Connect to private/dovecot-auth failed: Connection refused"
<ElTonerino> any ideas?
<bogeyd6> Anyone know how to tell gnome terminal to stop capturing my fkeys?
<bogeyd6> ElTonerino, seems like the service may not be running or maybe the ufw was enabled
<ElTonerino> dovecot is running, I'll check ufw
<ElTonerino> ufw seems the same today as it was yesterday: http://pastebin.com/xUSvz8RB
<guhcampos> I need to create a local mirror. Lucid Server only, should I use debmirror or apt-mirror?
<ElTonerino> netstat -ln: http://pastebin.com/rZHfjyN2
<dassouki> sometimes I want to check my email when i'm working on the server. back in the day we used to use pico ... I'm wondering is there a google mail friendly terminal email client
<bogeyd6> dassouki, mutt or pine
<bogeyd6> https://help.ubuntu.com/community/mutt
<bogeyd6> ElTonerino, i wish i could help but i use zimbra
<ElTonerino> bogeyd6, ok.  I'm still stuck if anyone else wants to help. :)
<bogeyd6> ElTonerino, using postfix?
<bogeyd6> http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL
<bogeyd6> during the upgrade a config file maybe screwed the pooch
<ElTonerino> bogeyd6, Yeah. Thanks for the link, I'll go through it.  I think I might head to my backups and compare the configs to todays config.
<bogeyd6> diff command will help big time
<kirkland> hggdh: howdy, here now
<kirkland> Ng: it has to be approved into proposed
<kirkland> Ng: subscribe to the bug to monitor it's progress (i suspect you are already)
<hggdh> kirkland: after applying the euca update yesterday, I noticed that euca (re)start would print out a message stating IFACE was an undefined variable
<hggdh> kirkland: /etc/init/eucalyptus-network.conf uses it
<Ng> kirkland: k, I'll have a look tonight
<smoser> kirkland, you fixed the byobu-in-byobu behavior when jumping through systems and byobu-by-default, right ?
<smoser> i thought you did, by checking TERM != SCREEN
<jasonb> ttx: Alright.
<bogeyd6> rotfl, the nagios3 documentation in the help guide doesnt include the install of nagios-cgi
<ttx> jasonb: just emailed you about those
<jasonb> ttx: Ahh.  Thanks!  I just got up over here in the Pacific time zone.
<jasonb> ttx: "if Ubuntu's solution doesn't already implement this alternative to authbind" .. I meant Debian's solution (sorry).
<ruben23> its really slow downlaoding on installing repo pagakaage for ubuntu-server lucid..any idea, is repo site having problems now
<ruben23> my location si southeast asia
<kirkland> smoser: i have for maverick
<kirkland> smoser: i think that probably needs to be sru'd to lucid though
<kirkland> smoser: ie, it was after rc-freeze
<ElTonerino> bogeyd6, Yeah, there were changes in /etc/postfix/main.cf.  Fixing them resolved my problem.
<ElTonerino> Pheww...
<bogeyd6> thankfully
<uvirtbot> New bug: #595116 in apache2 (main) "ssl "error reading the headers"" [Undecided,New] https://launchpad.net/bugs/595116
<ruben23> taking 40 minuites to download a single package only..:'(
<konam> hi
<konam>  i installed a lamp server on my ubuntu desktop to learn php but it doesn't seem to be working, i even installed phpmyadmin and it works but i can't get my php scripts to work.
<konam> can somebody tell me why
<konam> or how to fix it
<hallyn> Daviey: .
<Daviey> hallyn: \o
<hallyn> hey, i noticed your emails about virsh save failing.  how long have you been looking into that?
<Daviey> konam: what happens if you open a php file in your browser?
<Daviey> hallyn: When do those mails date to?
<hallyn> hm, well i saw them yesterday, i think on qemu list
<hallyn> i was just wondering whether  you got the impression anyone know the cause at this point
<hallyn> it seems like some ppl think i twas the dd blocksize in virsh, but qemu ppl think not?
<Daviey> ahh that
<hallyn> right
<konam> Daviey it opens a download file dialog....
<hallyn> anyway i was hoping to ask jdstrand to reproduce with 0.8.whatever :)
<Daviey> hallyn: It seems to be both, there is (was) a bug in libvirt and that has improved it somewhat
<Daviey> but qemu think there is also a timing issue there
<jdstrand> 0.8.1 is being a little grumpy, but I'll have something for people to play with
<hallyn> because it still takes 56 seconds?
<hallyn> Daviey: have you reproduced it yourself?
<Daviey> konam: Hmm.. I think you might need to clear the cache and/or restart your browser
<hallyn> jdstrand: rockin'
<Daviey> hallyn: no
<hallyn> ok
<hallyn> (then i'll stop bugging you :)
<Daviey> hallyn: well yes, i know it was really slow!
<Daviey> but i never looked deeply into the cause
<hallyn> Daviey: well the thing is i don't know if on my laptop it's just really slow, or completely hung :)
<hallyn> i've never seen it finish
<hallyn> and i don't see the savefile grow
<Daviey> hallyn: iotop showing anything interesting?
<hallyn> Daviey: i don't think so
<hallyn> but i hadn't really looked
<Daviey> :/
<Daviey> ttx: I've found the cause of UEC not starting!
<ttx> Daviey: \o/
<ttx> what was it ?
<Daviey> ttx: groovy!
 * ttx cries
 * Daviey wimpers
<Daviey> ttx: Any debug pointers on that?
<ttx> no, I'm completely groovy-ignorant
<ttx> Daviey: we might have to have a groovy-1.6 package if Euca doesn't support 1.7
<ttx> another one to push upstream.
<konam> Daviey but i'm having this behavior since yesterday when i installed the lamp server (i installed phpmyadmin today though)
<Daviey> konam: Yes, sometimes it's a client issue, rather than a server issue
<Daviey> konam: If phpmyadmin is working, it sounds like php is working on the server
<Daviey> konam: perhaps created a simple <?php echo "TEST"; ?> in /var/www/test.php
<Daviey> then use "curl -v http://localhost/test.php" and see what is returned
<remix_tj> Daviey: found, it was the motherboard's scsi controller
<Daviey> ^^ from the server
<uvirtbot> Daviey: Error: "^" is not a valid command.
<Daviey> remix_tj: Oh, hardware failure?
<remix_tj> no, it is not an hw failure. with windows works. maybe a driver bug
<Daviey> remix_tj: Ahh, i see
<Daviey> can you update the bug with info, and provide lspci -vvv info?
<konam> Daviey you were right, i tried with another file with a .php extension and it worked
<Daviey> konam: cool
<remix_tj> Daviey: after completion of the setup i'll do
<Daviey> remix_tj: thanks, really appreciate it
<remix_tj> but i do not know if the os will boot with that hw enabled...
<kpettit> can anybody recommend a good search tool for a desktop/server that doesn't suck up alot of resources?
<kpettit> locate just isn't doing the trick and a few others I've tried make the desktop slow when they are archiving
<bogeyd6> man i spent 30 mins preparing a bug just to have to mark it invalid because of my own stupidity
<konam> Daviey a question, should i put eclipse's workspace on the root of localhost? it doesn't seem to be working otherwise, it says that it can't find my php file on the localhost..
<Daviey> konam: I would say not.. but i've never used eclipse for php work
<Daviey> konam: How are you accessing the files in the server through eclipse?
<konam> i just created a project and when i hit execute it gives me a NOT FOUND error
<konam> the server is set to localhost i think
<Daviey> konam: Is this eclipse ON the ubuntu server, or ubuntu desktop accessing php files on the server?
<konam> Daviey no, i installed the lamp server on my desktop so eclipse is on the server
<Daviey> ok.. in that case; it is probably easier to have your workspace in the webroot
<Daviey> konam: if you "sudo a2enmod userdir" , restart apache
<konam> i tried but it's readonly
<Daviey> mkdir ~/public_html , you can put everything in the public_html folder in your home folder
<Daviey> then you can access it via http://localhost/~konan/
<Daviey> (for example)
<uvirtbot> New bug: #595133 in nagios3 (main) "/nagios/cgi-bin/status.cgi was not found on this server." [Undecided,Invalid] https://launchpad.net/bugs/595133
<konam> Daviey uhm, i don't understand, what command should i use first?
<Daviey> konam: "sudo a2enmod userdir"
<konam> userdir would be?
<Daviey> konam: as i typed
<Daviey> (userdir is an apache module)
<Daviey> konam: then, "mkdir ~/public_html"
<Daviey> then anything you put in ~/public_html (example, /home/konam/public_html/) will show in http://localhost/~konam/
<Daviey> and eclipse will have read/write access there
<lau> hello, I am trying to migrate from hardy to lucid
<lau> I do-release-upgrade
<lau> now I get the initramfs prompt on the server
<amstan> hey guys, i'm getting an error from a 3ware card, apparently i have a degraded unit
<Daviey> ttx: Confirmed, latest maverick with lucid groovy works.. attempting to investigate further.
<amstan> i'm just installing the os, so no problems there, but what does degraded mean? 1 dead drive? or are they not in sync yet?
<lau> libudev: udev_monitor_new_from_netlink: error getting socket: Invalid argument
<lau> Segmentation fault
<ttx> Daviey: I'd suggest pushing a groovy 1.7.3really1.6to a PPA in order to have an easy workaround
<lau> ALERT! /dev/disk/by-uuid/23.... does not exist. Droping to shell!
<lau> any idea ?
<Daviey> ttx: End game solution?!
<ttx> Daviey: I mean, to easily unblock testers, while waiting for a solution
<Daviey> ahh, that makes more sense :)
<SpamapS> lau: that sounds pretty serious.. hmm
<lau> SpamapS: I chrooted from a live cd to the system then (re) installed grub but same issue
<Daviey> ttx: urg! groovy is a horrible package
<lau> now I am trying to replace uuid param by /dev/sdx param in menu.lst
<lau> any idea ?
<SpamapS> lau: that may work yes
<SpamapS> lau: I'm sorry I'm sort of a novice when it comes to upgrades.. :-/
<SpamapS> In my world you do upgrades by buying new servers and putting the new version on them. ;)
<ttx> Daviey: agreed.
<SpamapS> lau: http://ubuntuforums.org/showthread.php?t=1127779   did that help at all?
<jdstrand> hallyn: hey, so are you planning another qemu-kvm upload any time soon?
<Daviey> ttx: Uploading groovy_1.7.3really1.6-0ubuntu1 now
<ttx> Daviey: I meant, in your PPA
<ttx> Daviey: not necessarily to the archive.
<ttx> Daviey: I think it makes sense to the archive as an endgame solution
<ttx> <ttx> Daviey: I'd suggest pushing a groovy 1.7.3really1.6to a PPA in order to have an easy workaround
<konam> Daviey and isn't there a way to especify the directory you want apache to access?
<hallyn> jdstrand: when the next kvm version is released, yeah
<hallyn> jdstrand: you mean for maverick, and newer than 0.12.4 right?
<jdstrand> hallyn: yes for maverick. ok. I have a patch I need in qemu for libvirt 0.8.1 network device attach to work
<Daviey> hallyn: Do you know KVM's release schedule, is it worth tracking the unstable version through maverick?
<jdstrand> hallyn: I'll just upload it after testing
<jdstrand> hallyn: fyi-- e53f27b9d9df73461308618151fa6e6392aebd85
<jdstrand> hallyn: but I'm already working on it
<hallyn> jdstrand: the SCM_RIGHTS one?
<Daviey> ttx: yes, i pushed to my PPA
 * hallyn tries to recall what aliguori told kirkland about the next kvm release
<ttx> Daviey: ok
<Daviey> ttx: https://edge.launchpad.net/~davewalker/+archive/groovy
<jdstrand> hallyn: yeah
<lau> SpamapS: thx for the link but not working yet, still trying the fix in your thread
<jdstrand> hallyn: http://www.redhat.com/archives/libvirt-users/2010-June/msg00053.html
<hallyn> jdstrand: the patch looks liek it should be safe with or without newer libvirt, wonder if i can just cherry-pick it into 0.12.4+noroms-0ubuntu1
<jdstrand> hallyn: you cannot-- it doesn't apply clean. but I've already got the patch going and am building it
<hallyn> oh, ok
<jdstrand> hallyn: I just didn't want to step on your toes with an upload that you were already planning
<hallyn> ok cool, thanks.  yeah i was gonna wait
<jdstrand> hallyn: thanks
 * ttx -> eod
<Daviey> ttx: o/
<kirkland> hallyn: not that that should be 0.12.4+noroms-0ubuntu2 ... i uploaded last night
 * jdstrand is working off ubuntu2
<kirkland> jdstrand: okay, good;  just wanted to make sure that hallyn was aware
<hallyn> i was not
<hallyn> kirkland: so do you recall when the next kvm release was expected?  in 2 weeks?
<kirkland> hallyn: i think 0.13 is due around August 1st
<kirkland> hallyn: there may be more 0.12.x releases though before then
<kirkland> hallyn: i'd like to target 0.13 for Maverick
<hallyn> k
<hallyn> kirkland: oh, yeah, that one (qemu-system-i386)
<mathiaz> zul: re puppet merge
<mathiaz> zul: I'd rather wait a bit
<mathiaz> zul: Debian is about to upload a new version - 0.25.5
<mathiaz> zul: and we may be able to sync it
<zul> cool
<halem> nyone here using a USB microscope under linux and could tip me off about good and compatible brands etc..?
<pmatulis> zul: any word?
<zul> pmatulis: no i dont have a fix can you submit the bug upstream for me?
<pmatulis> zul: yes
<zul> pmatulis:thanks
<Mateo_> Hey !
<Mateo_> i didn't knew that there was a ubuntu server channel :)
<Mateo_> maybe someone already encountered this problem: i'm trying to configure postfix (sudo dpkg-reconfigure postfix ) but at the end, i have a newaliases: fatal: bad string length 0 < 1: setgid_group =
<lamont> what does main.cf have in it?
<Mateo_> lamont: oh, a lot of line :)
<Mateo_> but concerning the setgid_group =  line
<Mateo_> i have nothing on this line after the =
<lamont> delete it?
<Mateo_> lamont: sure ?
<lamont> it's not in the default main.cf, and it needs to be either the default or not there
<Mateo_> lamont: ok, so if i have other lines like that, i comment them ?
<Mateo_> like now i have the same error with sendmail_path
<lamont> where did you get this file from?
<lamont> because, yeah, nothing should be set to blank in that file
<Mateo_> from the default install, but in my user directory
<lamont> default package install doesn't add those variables
<Mateo_> lamont: in fact, i have like a LOT of blank in this file :s
<Mateo_> i didn't had any main.cf after the install, so i took the one from /usr/lib/postfix
<Mateo_> lamont: how could i generate a brand new one with the good options ?
<lamont> dpkg-reconfigure postfix after removing /etc/postfix/main.cf should do it for you
<zul> smoser: ebsmount is uploaded
<smoser> danke
<smoser> pinged Riddell in -devel to ask him to review
<Italian_Plumber> wow... I'm removing some directories, about 36GB, and my load average is at 1.5 ....
<Italian_Plumber> Taking longer than I expected too...
<Mateo_> lamont: the reconfigure tool keep on giving me blank line (sendmail_path, newaliases_path, mailq_path ...)
<amstan> hey guys, how do i override key errors in ssh?
<amstan> in many situations i reinstall a server and i can't reconnect anymore to it because of a key error, since they key changed
<amstan> therefore i proceed to remove .ssh/known_hosts
<amstan> which makes the whole system less secure
<reisi> amstan: you can just remove the offending line, as stated in the ssh message
<amstan> and how do i know which line offends it?
<amstan> there is no ip addresses, nothing: U6HV2wqfAO2DiuEEZ+3K2WuXhbarpOj3SyFqargL12Iyi7xTQNgO1M5FEa5osq4Txn6PTRFLCpqzELJrq0oEfoHXiLVb7IStwGNBgGBPdkKHzkSLP0HZjwTkWLMkRydcP5vYFSmd0ub2VI8acPkEyUQ4rczftSlcvKsnqV0Q==
<reisi> amstan: i remember there was text like "the offending key is at $HOME/.ssh/known_hosts:LINENUMBER"
<reisi> amstan: there is actually identification data at the end of line afair
<amstan> reisi: oh, thanks, i overlooked the line number
<reisi> amstan: no problemos
<sommer> mathiaz: had a chance to review the openldap-dit branch?
<tasaif[work]> does anyone in here exist?
<tasaif[work]> I'd like some assistance with an ubuntu server running kvm
<jpds> tasaif[work]: Potentially.
<tasaif[work]> I'm wondering if it's possible to install a guest and complete the installation using only the command line
<cloakable> Why wouldn't it be?
<tasaif[work]> cloakable: well when you run virt-install to create a guest, it starts up a graphic /win 4
<tasaif[work]> woopsie
<tasaif[work]> it starts up a graphic console
<tasaif[work]> i'm wondering if it's possible to set up just a text console
<cloakable> aha
<cloakable> unsure
<cloakable> ssh /w X forwarding?
<tasaif[work]> i don't want any X involved =p
<tasaif[work]> i'd like to be connect to the VM's output and send it my input
<RoyK> tasaif[work]: it's in the virt-install docs - you can easily install with virt-install and just connect to that with vncviewer later
<tasaif[work]> RoyK: Yes, but I don't want to do the installation graphically.
<RoyK> tasaif[work]: don't you have a graphical workstation?
<RoyK> iirc you can do with a serial console-thing as well
<RoyK> so you can install with minicom or something
<tasaif[work]> RoyK: I do but the key is automation
<tasaif[work]> i can't automate a graphical installation
<RoyK> tasaif[work]: see kickstart - that can be used to automate the install
<RoyK> !kickstart
<ubottu> Ways to automate installation of Ubuntu on multiple machines are described at https://help.ubuntu.com/8.04/installation-guide/i386/automatic-install.html - See also !cloning
<tasaif[work]> yes but that involves a premanipulated image doesn't it =p
<RoyK> it does
<RoyK> you don't really get automated installs for free
<RoyK> that is, free from work
<tasaif[work]> hmmm
<RoyK> the installer wants to know language, timezone, how to partition the disks, a username and password for the new user etc
<RoyK> vnc is the easy way
<tasaif[work]> yes, but I require automation
<RoyK> then see above
<tasaif[work]> so vnc is out
<tasaif[work]> RoyK: okie dokes tyvm ^__^
<hallyn> vmbuilder?
<hggdh> kirkland, smoser: for a bit of enlightement: on the UEC run (with Chris fixes) we had 51 failures (~5%). All these failures were metadata issues; all these instances did not get a public Ip address
<smoser> how do you know they did not get a public ip address
<hggdh> kirkland, smoser: now, I know very well that correlation is not causation
<hggdh> smoser: by browsing the script log for every single one, and looking at the IP address assignments
<smoser> "script log" ?
<smoser> the test log output ?
<hggdh> correct
<smoser> hold on
<hggdh> (running in debug mode)
<smoser> where is "upstream" for that ?
<hggdh> lp:~hggdh2/+junk/uec-qa
<smoser> lp:...
<hggdh> smoser: be prepared, some few 100s MB
<smoser> oh
<smoser> no
<smoser> the test cases
<smoser> where are those ?
<hggdh> lp:uec-testing-scripts
<kirkland> hggdh: okay, so this is progress, right?
<kirkland> hggdh: what class of issues did this solve?  as it seems to have solved some, no?
<smoser> "progress" in that its now harder to hit a race condition
<hggdh> and progress in that I do not see any other failure apart from the metadata
<smoser> what other failures did we see before ?
<hggdh> please note that I am still to go thru the "not-tested" instances (which may have some 'failed to start'
<hggdh> smoser: SSH failing, but with metadata correctly gotten
<hggdh> so, right now, based on ~1,400 instances run, we ar at ~90% success, with ~5% failures, and another ~5% not-tested
<smoser> hggdh, so, when you look at the logs, you see stuff like:
<smoser> public IP was 0.0.0.0, now is X.Y.Z.T
<smoser> for the "good" results
<smoser> but not for the bad ones ?
<hggdh> smoser: actually I was looking at the output of euca-describe-instances for the pub/priv addresses
<smoser> i see that you recently added that code.  i didn't know it was there.
<smoser> well, i think you need to be careful
<smoser> because a terminated instance always has private == public
<hggdh> indeed. But *not* running instances
<hggdh> see, for example, http://pastebin.com/SHLXbnf8
<hggdh> hum. No, this is not a good one, there is no console output for it.
<hggdh> see http://pastebin.com/deELdKvC
<smoser> maybe that output is from old logs ?
<smoser> WARNING:INSTANCE i-4CDA092C:public IP was 172.19.2.24, now is 172.19.2.24
<smoser> it seems that the current code should only output when a change is done
<shanezilla> anyone pretty good with email server set up??
<smoser> might be also useful to see the state of the instance there.
<hggdh> smoser: the code wa wrong, I updated it after this run (last rev)
<smoser> and that really should be splitting on tab, not white space
<smoser> yeah. i thought so
<hggdh> smoser: indeed, good idea. On this run the code would always print, even if no IP change
<hggdh> hum. Tabs.
 * hggdh notes it down
<smoser> as it is, 'split()' will empty fields
<smoser> which you dont want. i dont knwo if decscribe-instances ends up giving empty fields, but describe-images does have empity fields
<shanezilla> looking for a yoda to help me out
<hggdh> smoser: If sep is not specified or is None, a different splitting algorithm is applied: runs of consecutive whitespace are regarded as a single separator, and the result will contain no empty strings at the start or end if the string has leading or trailing whitespace. Consequently, splitting an empty string or a string consisting of just whitespace with a None separator returns [].
<smoser> right.
<smoser> which is bad
<amstan> why does "sudo su" not make me root? i did 10 minutes ago
<hggdh> only if the line is empty/whitespaced
<smoser> you're supplying no separater
<smoser> which means [[:blank]*]
<smoser> (i think)
<hggdh> indeed, but per the doc it means whitespace
<_ruben> shanezilla: stating your actual problem(s)/question(s) might yield more (useful) responses
<hggdh> blanks/tabs
<smoser> one or more white space
<smoser> it shrinks empty fields
<smoser> which you do not want
<hggdh> oh. I see the risk now
<hggdh> will correct. Still, the results stand since I was looking at -describe-instances
<_ruben> amstan: the "proper" command would be to use sudo -i
<amstan> _ruben: still alex@
<amstan> only sudo bash works
<_ruben> amstan: root's default shell got busted? (in /etc/passwd)
<amstan> yeah.. why is it /bin/false?
<_ruben> because you changed it?
<amstan> maybe i did, and it only took effect now
<smoser> hggdh, i would agree that it certainly seems like (from lines 7 and 9) that this instance did not get an IP addresss
<amstan> _ruben: thanks for the suggestion
<_ruben> amstan: no problem
<hggdh> smoser: all of the failures are similar. What I do not know is what is cause, and what is consequence
<hggdh> or even if they are independent
<hggdh> smoser: the field separator is only tabs?
<shanezilla> so I was wondering when configuring the postfix instillation with dpkg under the section for the localhost section, do I put in the ip address of my local machine the server is on?
<shanezilla> the example is mail.example.com, localhost.localdomain, localhost
<shanezilla> I know the mail.example.com name but should the localhost.localdomain be the default?
<shanezilla> and as well the localhost be the default 127.0.0.0 ?
<JackTO> hi, new to linux, where do i set the ip add of the server,  need to change it... what file should i edit
<JackTO> address*
<tasaif[work]> JackTO: millions of articles online
<amstan> JackTO: /etc/network/interfaces, careful though, there's a syntax required for that you either have to read the manual
<amstan> or follow some guide on the internets
<bogeyd6> JackTO, amstan is correct, there are many good guides on the intarwebs
<bogeyd6> my personal fav is http://www.ubuntugeek.com/ubuntu-networking-configuration-using-command-line.html
<hggdh> smoser: corrected and pushed. Thank you
<JackTO> thanks guys
<JackTO> i messed up my MySQL listening IPaddress, anyonknow where the file is to change the ip restriction and port listining number for mysql
<mathiaz> JackTO: /etc/mysql/my.cnf
<JackTO> thanks
<tyska> hello guys
<mathiaz> bug 595117,
<uvirtbot> Launchpad bug 595117 in qemu-kvm "qemu-nbd slow and missing "writeback" cache option" [Undecided,New] https://launchpad.net/bugs/595117
<mathiaz> hallyn: ^^?
<mathiaz> hallyn: IIRC upstream qemu is using LP for their bugs
<mathiaz> hallyn: so I would just open a task against the upstream project
<tyska> i cant authenticate on CUPS through windows to use a printer installed on CUPS, i get this error message on the logs: windows-ext client-error-bad-request. Someone can help me?
<mathiaz> hallyn: and state the patch should pushed in upstream first
<Mateo_> Hey :)
<mathiaz> hallyn: https://wiki.ubuntu.com/ReviewersTeam/ReviewGuide
<mathiaz> hallyn: ^^ outlines a workflow to handle patches
<hallyn> mathiaz: thx
<Mateo_> I have another question please, i have created a user and i would like him to have the same rights that the root user
<mathiaz> hallyn: I haven't looked at the bug specifically but it seems that the patch should be pushed upstream as well
<hallyn> mathiaz: but isn't "open a task" waht the guy just did?
<mathiaz> hallyn: in *Ubuntu*
<mathiaz> hallyn: there could also be a bug in the *upstream* qemu project
<hallyn> i thought it was on LP
<hallyn> still looking
<hallyn> thx
<mathiaz> hallyn: for example, bug https://bugs.launchpad.net/qemu/+bug/584143
<uvirtbot> Launchpad bug 584143 in qemu "qemu fails to set hdd serial number" [Undecided,In progress]
<mathiaz> hallyn: you can see there is a bug in both the *upstream* project and in Ubuntu
<mathiaz> hallyn: doing so will help in tracking down when the upstream bug will be closed
<hallyn> so the way i read that is launchpad.net/qemu is upstream, launchpad.net/qemu-kvm is ubuntu...
<mathiaz> hallyn: and then you can decide what is the next step in Ubuntu (eg integrate the patch in ubuntu)
<mathiaz> hallyn: yes - launchpad.net/ubuntu/+source/qemu-kvm is the qemu-kvm package in the Ubuntu project
<mathiaz> hallyn: https://bugs.launchpad.net/qemu/+bug/584143
<uvirtbot> Launchpad bug 584143 in qemu "qemu fails to set hdd serial number" [Undecided,In progress]
<mathiaz> hallyn: https://bugs.launchpad.net/ubuntu/+source/qemu-kvm/+bug/584143
<mathiaz> hallyn: ^^ these two urls represent the same bug
<mathiaz> hallyn: one is the upstream project, the other in ubuntu
<mathiaz> hallyn: that way if the bug is closed in upstream, we'll know it in ubuntu as well
<hallyn> mathiaz: spurious up arrow?
<hallyn> or are you getting repeated responses from me?
<hallyn> mathiaz: i've marked it as also affecting qemu, thx.  the thing still bothering me is what state to elave it in :)  i can't "confirm" it really, but i'm not allowed to mark it 'triaged'
<mathiaz> hallyn: ok - so in ubuntu you're not allowed to mark it triaged because you're not part of the bug-control team
<mathiaz> hallyn: usually triaged comes after confirmed
<bogeyd6> that bug isnt confirmed yet?
<mathiaz> hallyn: so if you can't confirm the bug you shouldn't set to triage
<bogeyd6> there i just confirmed it for lucid
<mathiaz> hallyn: https://wiki.ubuntu.com/Bugs/Status
<mathiaz> hallyn: ^^ see the wiki page above for an overview of the meaning of Bug Statuses in Ubuntu.
<hallyn> bogeyd6: cool, thanks
<hallyn> mathiaz: yes, i've seen it, and nothing seemed to apply
<hallyn> there is nothing that says "noone has confirmed, it's up to upstream, I've passed it along to them"
<hallyn> but now it's been confirmed.  i'm happy  :)
<mathiaz> hallyn: ok - in that case I would open a task in the upstream project
<mathiaz> hallyn: set the status to incomplete
<hallyn> hm
<mathiaz> hallyn: and leaving a comment outlining what information is missing (like can someone else confirm the bug?)
<hallyn> again, by 'open task' you mean set "also affects"?
<mathiaz> hallyn: yes
<hallyn> is verbal confirmation on irc sufficient?
<mathiaz> hallyn: for example, bug 595117 has two tasks now: one in the upstream project, one in Ubuntu
<uvirtbot> Launchpad bug 595117 in qemu-kvm "qemu-nbd slow and missing "writeback" cache option" [Undecided,Confirmed] https://launchpad.net/bugs/595117
<mathiaz> hallyn: if you can trust the reporter on IRC
 * hallyn trusts noone
<mathiaz> hallyn: you could ask the reporter on IRC to add a comment to LP
<mathiaz> hallyn: :)
<bogeyd6> ala james bond style
<hallyn> bogeyd6: would you mind commenting in LP?
<mathiaz> hallyn: if I don't know what status to set, I usually set it to Incomplete (in Ubuntu) and leave a note about the peace of information/next step to take in order to move the bug to another state
<mathiaz> hallyn: so setting the bug to Incomplete in Ubuntu and leaving a note ""noone has confirmed, it's up to  upstream, I've passed it along to them"
<mathiaz> hallyn: is good enough IMO
<hallyn> mathiaz: ok, thanks very much.
<mathiaz> hallyn: you're welcome!
<JackTO> i'm trying to join the #mysql channel, and my nick is registed, but it says I cannot send to channel..  anyone know why?
<_ruben> JackTO: you dont seem to be identified by nickserv
<brandon_>  guys how can i prevent certin comands from running in sudo? like rm -rf
<brandon_> anyone?
<hallyn> brandon_: well you could deny rm using /etc/sudoers, but can't select on arguments that i know of
<brandon_> but i can disable rm alltogether right?
<hallyn> should be able to yes
<hallyn> course then the user can probably cp /bin/rm /tmp/notrm and use that
<hallyn> so blacklisting woudl be tough to get right
<brandon_> h,,
<brandon_> hmm
<hggdh> and... you might break usage
<hallyn> if you can whitelist, that'd be good
<hallyn> (i.e. if all they need to do is be able to ifconfig)
<hallyn> brandon_: i'd go ask on #ubuntu-security
<hallyn> but anyway 'man 5 sudoers' is full of info
<hggdh> hallyn: go ping pedro_ for you application to -control... it is in his hands now ;-)
<brandon_> well here is the scenario, we have a server running for students to mess with and understand root there is 26 students we just dont want an ass to bring it down since there are 25 other students using it
 * hallyn looks around for pedro_
<hallyn> hggdh: though i assumed it woudl take awhile for something liek that to happen, i.e. i shoudl "prove myself" or something :)
<hggdh> hallyn: indeed. But the bugs you provide as example are good enough (apart from my comment on Importance)
<hggdh> and you got two +1, which is enough
<hallyn> sweet
<hggdh> pedro_ is in #ubuntu-bugs
<hggdh> or #distro
<hallyn> brandon_: maybe use schroot?
<hallyn> or lxc
<hggdh> or evn set a VM, and let them run under the VM
<hallyn> giving each one his own container shoudl be about as lightweight as each their own login shell
<brandon_> im unfamiliar with those two what would it allow me to do?
<hallyn> heh, he said 'students' so i assume they're light on hardware
<hallyn> brandon_: it's not completely foolproof, but it should protect your host from any serious damage from the students
<brandon_> we have a full server rack :D
<brandon_> and give them root access?
<hallyn> oh then why not just give each a kvm VM?
<hallyn> yes, root access, but limited somewhat to their own container
<hallyn> so what they see as / is actuall /var/lxc/container1
<hallyn> when they edit /etc/ it's actuall /var/lxc/container1/etc
<hallyn> and, with their own virtual network interface so they won't ifdown the real eth0
<brandon_> and they can ssh into it?
<hallyn> brandon_: yup
<kees> brandon_: "rm" is a system call; you can't really remove it.  perl -e 'unlink("/the/file");'  etc
<brandon_>  and if they rm -rf it only kills there container? if so thats what ill use just point me towards a guide
<hallyn> brandon_: well if your hardware is beefy enough to do kvm for each of them, then http://www.linux-kvm.org/page/Main_Page
<hallyn> otherwise, lxc.sf.net (link to tutorial on the right)
<fr1sco> i'm sure this isn't possible but, anyone know of a way to start screen in an open local session while ssh'd?
<hallyn> kees: what's the best intro to schroot?
<hallyn> fr1sco: 'open local session'?  don't get what you mean
<fr1sco> hallyn: i was working physically at a svr and left the terminal session open but forgot to start screen.  now i'm away but wanted to get back into that session.
<hallyn> oh, just screen -d
<hallyn> well, screen -list to get the name if there are more than 1 open
<hallyn> screen -dr somesessionanme
<hallyn> will detach that one, and reattach you to it from your new login
<fr1sco> sweet thx
<hallyn> np
<kees> hallyn: "best"?
<kees> hallyn: I would say: https://wiki.ubuntu.com/SecurityTeam/BuildEnvironment
<kees> hallyn: or just "man mk-sbuild"
<hallyn> kees: yeah that's the link i used, but i was wondering if that was the best for brandon_
<hallyn> hm, really i guess lxc might be the better way to go anyway (keep hte kids from kill-9ing each other)
<brandon_> so lxc over kvm
<hallyn> brandon_: that'd probably turn into a vi-vs-emacs style debate :)
<hallyn> i think lxc would be more appropriate...  but it has more gatchas still
<mathiaz> brandon_: which version of Ubuntu are you planning to run on?
<hallyn> particularly depending on your distro
<hallyn> distro/version
<mathiaz> brandon_: does your hardware support VT extensions?
<brandon_> well its probably going to be one server ubuntu on server fedora
<brandon_> it may i would have to examine it
<mathiaz> brandon_: if your hardware doesn't support VT extensions then it rules out kvm
<hallyn> and qemu for a bunch of kdis would be far too slow
<brandon_> what does kvm do that lxc dosent?
<mathiaz> brandon_: are you planning to use the same Ubuntu release for all of the students?
<hallyn> it virtualizes the hardware
<brandon_> same ubuntu on one and same fedora on the other
<brandon_> 2 servers
<hallyn> how many kids did you say?
<brandon_> 26
<brandon_> with acces to both servers
<brandon_> so 26 people per server running 24/7
<hallyn> brandon_: AFAIK most ppl look to http://blog.bodhizazen.net/linux/lxc-configure-ubuntu-lucid-containers/ for setting up ubuntu containers
<brandon_> thanks all look into it from here thanks so much for the help hallyn
<wtf1> what is partial upgrade?
<kirkland> smoser: ping
<zul> smoser: it got rejected again?
<kirkland> smoser: could you take a look at https://help.ubuntu.com/community/UEC/Provisioning/DD-WRT
<kirkland> smoser: and update it accordingly?
<kirkland> smoser: seems like you and I have looked at this a few times;  i decided to document it once and for all
<hggdh> kirkland: on that page, s/Aadress/Address/
<hggdh> kirkland: nah, forget, I can do it myself...
<kirkland> hggdh: thanks
#ubuntu-server 2010-06-17
<CppIsWeird> after installing ubuntu server the computer boots and just hangs. it wont go to the next boot device and it doesnt display anything from booting linux. it just stops.
<uvirtbot> New bug: #595216 in vsftpd (main) "SSL certificate for vsftpd is missing" [Undecided,New] https://launchpad.net/bugs/595216
<CppIsWeird> after installing ubuntu server the computer boots and just hangs. it wont go to the next boot device and it doesnt display anything from booting linux. it just stops.
<sdfoj8> how i can add new vps to my ubuntu server ? on 10.4 ?
<pwnguin> ok this has been bugging the hell out of me for some time
<pwnguin> how the hell do i turn off gnome terminal transparency?
<CppIsWeird> pwnguin, iirc right click on the terminal, and click on edit options. but im not on a ubuntu desktop atm.
<pwnguin> profile is set to black
<pwnguin> solid color
<CppIsWeird> there is no slider bar under the colors for adjusting transparency
<CppIsWeird> ?\
<pwnguin> its just rgb
<pwnguin> alpha is done seperate
<prestonc> anyone here run Ubuntu Server virtually? I'm running it under vmware-fusion and having trouble with the arrow keys.
<CppIsWeird> prestonc, i run it in virtual box fine.
<CppIsWeird> never tried vmware fusion
<prestonc> vm
<prestonc> oops
<prestonc> hmmm, rather
<prestonc> never had to mess with key mappings in virtual box to get the arrow keys to work? Basically my ubuntu server install isn't responding to arrow keys in bash for history. I assume this isn't a setting of server, but rather a vm issue.
<uvirtbot> New bug: #595341 in puppet (main) "type ssh_authorized_key ignores the metaparameter "require"" [Undecided,New] https://launchpad.net/bugs/595341
<CppIsWeird> i could not imagine fixing 600,000 bugs
<pwnguin> dont worry
<pwnguin> we mark a ton invalid
<pwnguin> and wontfix another ton
<pwnguin> another ton is fixed upstream, and makes its way to debian and ubuntu by sync, having never addressed the problem
<pwnguin> yet another ton is just duplicates
<CppIsWeird> any reason why the ubuntu server i just installed have internet access during installation but doesnt now?
<unewbie> what is jeos?
<unewbie> !jeos
<ubottu> JeOS (pronounced "Juice") is Just enough Operating System.  It is an efficient variant of the Ubuntu Server operating system, configured specifically for virtual appliances. See http://www.ubuntu.com/products/whatisubuntu/serveredition/jeos for more information.
<CppIsWeird> just enough operating system
<unewbie> CppIsWeird: use it as a guest os?
<CppIsWeird> i imagine so.
<CppIsWeird> might have less driver support initially due to it expecting a virtual environment
<trimeta> I have a couple of questions about disk drive checking.
<trimeta> So, I rebooted my system only to find I couldn't ssh into it or anything.
<trimeta> I then rebooted the machine (the system was on for less than 15 minutes before this), and got the "disk drive checking" screen, which means that's probably what it had been doing beforehand.
<trimeta> The first question is, how likely is it that unattended, it had fully fsck'ed my 4.5 TB RAID5 array and had begun writing changes to disk, changes that I messed up?
<CppIsWeird> dont waste your time, no one is around
<trimeta> CppIsWeird: Ah. Oh well; how's the main channel? Or is this too esoteric a question for them?
<CppIsWeird> dunno, im banned from the main channel for loosing my patience with no one answering my question and spammed the hell out of it
<CppIsWeird> childish, but effective at expressing frustration
<trimeta> Was it effective at getting an answer?
<CppIsWeird> oddly enough, yes.
<trimeta> In my experience, asking a second time 5 minutes later is usually helpful, but after that you just piss people off.
<CppIsWeird> not that i suggest doing that.
<CppIsWeird> i asked intermittently throughout the day to no avail
<CppIsWeird> for two days i think
<trimeta> I can see how that would get frustrating, yes.
<Jeeves_Moss> I'm getting "dovecot: IMAP(scott@moseley.ca): Invalid data in file /mnt/raid/www_root/mail/moseley.ca/scott/.Sent/dovecot-uidlist" as an error.  What file is it requesting, and how do I repair it?.
<Error404NotFound> I am setting up a box that will be used as reverse proxy for some of my sites and will host some static content. What is the best option? Apache? Nginx? Lighthttpd?
<Jeeves_Moss> Error404NotFound, I prefer apache.
<Error404NotFound> Jeeves_Moss, i do as well, but isn't that an overkill for such a simple task?
<Jeeves_Moss> 'meh.
<Jeeves_Moss> Error404NotFound, I find that I usally "over build" stuff becasue I'm lazy
<Error404NotFound> Jeeves_Moss, hmmmm
<sdfoj8> how i can add new vps to my ubuntu server ? on 10.4 ?
<Jeeves_Moss> sdfoj8, it looks like it's mostly dead in here tonight
<sdfoj8> wmware is already installed with ubuntu right ?
<sdfoj8> so i can add new vps
<sdfoj8> ?
<sdfoj8> also, i want to ask that, people are sometimes installing vps and run their works from virtual machines instead of running it from a dedicated pshyically
<sdfoj8> what is the reason for that
<CppIsWeird> I installed ubuntu-server 10.04 on a server with multiple hard drives. upon installing ubuntu on one of these hard drives the computer would not boot into linux. removing all the hard drives except the drive i want to install ubuntu on and ubuntu will boot up. can anyone help me fix so that i can boot ubuntu and have all my hard drives installed?
<Jeeves_Moss> CppIsWeird,  lol, I'm guessing that the BIOS is setting the wrong drive to the first drive.  I would put everything back together the way you're going to keep it, boot from the CD, and do a GRUB repaie
<Jeeves_Moss> sdfoj8, I just run VMWare
<CppIsWeird> Jeeves, i installed it once with all drives the way they are. that did not work. so i removed all the drives and installed ubuntu again, then it worked. use same course of action?
<Error404NotFound> If i am creating a reverse proxy, does it actually have to a AMP server if the server behind it is a AMP?
<Error404NotFound> I mean, does the reverse proxy box even need php5 mod and all that?
<Jeeves_Moss> CppIsWeird, you need to get the drives installed the way they're going to stay, then install the OS?
<CppIsWeird> i did that. and nothing worked.
<Jeeves_Moss> CppIsWeird, you need to get the drives installed the way they're going to stay, then install the OS?
<Jeeves_Moss> I'm getting "dovecot: IMAP(scott@moseley.ca): Invalid data in file /mnt/raid/www_root/mail/moseley.ca/scott/.Sent/dovecot-uidlist" as an error.  What file is it requesting, and how do I repair it?
<jmarsden> Jeeves_Moss: That's a file tracking what messages scott@mosely.ca has read in his Sent folder.  You can probably just delete it and it will be rebuilt when needed.
<jmarsden> He may end up re-downloading some of his Sent messages, but it should solve the error.
<riz0n> Hey guys, I m running an Ubuntu Server w/ Apache. Is there a way to make http://host/~user go to /home/user/www ?? Thanks
<twb> It should go to ~user/public_html if the appropriate module is enabled.
<riz0n> ok, that will be fine too
<riz0n> how would i go about enabling the module for that
<riz0n> and is there a way for me to choose which "virtual server" it would place the /~ directories under, or would it apply to all virtual servers running on the machine
<twb> I imagine it's a2enmod(8) with some form of argument.
<twb> I don't use apache myself.
<twb> ITYM "virtual host".
<twb> And I don't know.
<jmarsden> userdir, I think.
<riz0n> I will ask the guys in #httpd and see if they have any further info
<jmarsden> Looks like    sudo a2enmod userdir
<jturek> riz0n: https://wiki.ubuntu.com/UserDirectoryPHP
<jturek> might help as well
<riz0n> Thanks for your help guys. Got it all set up and running!
<uvirtbot> New bug: #595395 in mysql-dfsg-5.1 (main) "double stop / start upon upgrade" [Undecided,New] https://launchpad.net/bugs/595395
<RoyK^> what does it take to make canonical fix a bug? bug 579267 has been open for quite some time now, and the debian bug for this issue is even older. the problem is fixed in redhat and upstream kernels
<uvirtbot> Launchpad bug 579267 in language-selector "language-selector doesn't allow to change system language (dup-of: 368848)" [Undecided,New] https://launchpad.net/bugs/579267
<uvirtbot> Launchpad bug 368848 in language-selector "Russian breaks langsel drop down" [Low,Confirmed] https://launchpad.net/bugs/368848
<RoyK^> ubottu: bug #579267
<uvirtbot> Launchpad bug 579267 in language-selector "language-selector doesn't allow to change system language (dup-of: 368848)" [Undecided,New] https://launchpad.net/bugs/579267
<uvirtbot> Launchpad bug 368848 in language-selector "Russian breaks langsel drop down" [Low,Confirmed] https://launchpad.net/bugs/368848
<RoyK^> erm, I mean bug 579276
<uvirtbot> Launchpad bug 579276 in linux "Lost network in KVM VM / virtio_net page allocation failure" [Medium,Triaged] https://launchpad.net/bugs/579276
<corpsegrindr> Some days streaming tv from my server works just fine and some nights it wants to buffer every 3 sec. I have no other down/uploads going and minimal use of bandwidth. Is there any key targets i can look for to fix this problem?
<alvin> Thanks RoyK^. This bug explains a few things.
<corpsegrindr> or is there a way to have a video file temp load well on pause (kind of like youtube)
<RoyK^> alvin: _
<RoyK^> alvin: ?
<dsfwea23> can someone tell me how I can change drupal to work in the root directory of apache2 in 10.04?  Default install wants /drupal6/*
<trapmax> question about confluences webdav-plugin: the plugin is enabled, but when i try to connect to webdav://<server>/plugins/servlet/confluence/default, i get only get prompted for username/password
<trapmax> then get "file or folder does not exist" -error
<trapmax> testing with konqueror
<Daviey> dsfwea23: I've never used drupal from the repo, but i would imagine the setting is in /etc/apache/conf.d/*drupal*
<Daviey> dsfwea23: If you are using it with a virtual host, then you should be able to make the setting in the /etc/apache2/sites-avaliable/$somesite
<dsfwea23> Daviey, the config in the repo actually has to be copied in, by default to /etc/apache2/sites-available, then enabled... but what I'm running into is that it doesn't play well when I tell it to use root directory
<Daviey> dsfwea23: Hmm.. i don't know..  I'd need to know the error, as i say - i've never used drupal from the archive
<Daviey> dsfwea23: The other thing you could do, is an internal rewrite from your docroot
<ttx> hallyn: I edited the server-maverick-hypervisor whiteboard: the comments you added were considered as new work items. If you want to make comments, use a separate section... or the wiki spec.
<dsfwea23> basically I'd like to run drupa6 for my root site with clean urls, but still have access to things like /squirrelmail etc.  But once I change the directory for drupal to root apache doesn't like the other aliases anymore.
<dsfwea23> Daviey, rewrite might work better for me.
<Daviey> dsfwea23: Rewrites are pretty good.. i'm sure you'll be able to work out how to get started with that
<dsfwea23> Daviey, =)
<dsfwea23> gets kind of complicated with drupal's clean urls since that does it's own rewrite
<Daviey> dsfwea23: Sounds like this is an ideal oppertunity to document how you resolve the issue on the wiki :)
<dsfwea23> well seems it won't matter, there is an issue with drupal6 in 10.04 with php 5.3.
<screen-x> The UEC image store is mentioned here: http://www.ubuntu.com/cloud/private/deploy is it possible to browse the available images without having a UEC installation? I want to see what's available.
<hallyn> ttx: k
<ttx> hallyn: this spike in WI caused a near heart attack to me this morning :P
<hallyn> it should've showed up in monday's chart too right?
<ttx> ah ?
<ttx> it's been there since Monday ?
<ttx> then... someone else must have been adding WIs :)
<ttx> smoser: around ?
<hallyn> ttx: yeah they were there last week, assuming you're talking about what i think you're talking about
<smoser> ttx, here.
<ttx> smoser: -> pm
<ttx> well no.
<ttx> smoser: just as a reminder...
<ttx> smoser: alpha2 freeze is next Thursday
<smoser> yeah. thanks.
<ttx> smoser: so I suggest you concentrate on what would land in main packages... cloud-init.
<smoser> i'm making progress on the cloud init stuff.
<ttx> smoser: the kernel upgarde stuff can actually be handled during the freeze.
<ttx> since it won't result in formal landing in packages yet.
<ttx> SpamapS: same for you... everything that lands into main packages on your side should be completed by next Thursday.
<ttx> SpamapS: (that should include cloud-utils and web20-workloads)
<ttx> kirkland, Daviey: I propose that we have a quick Mumble session when you're both around, to prepare the euca call.
<ifoo> hi, i'm trying to install ubuntu server 10.04 on my intel ss4200 NAS box. for the system drive i use an IDE DOM. problem is the ubuntu installer doesn't load the right IDE module (ide_generic + ata_piix).
<ifoo> and it seems they are not even contained on the installation cd. the SATA controller is an intel ICH7 chip. It works with the debian installer. are these modules removed from the default ubuntu installer?
<sommer> morning
<amstan> hey guys, i'm looking to regular backups with a script
<amstan> i know how to use cron and copy files, the interesting part is getting the script to keep only the latest 5 backups for example
<ElTonerino> amstan, I use rsnapshot.  More than hapy with it.
<ElTonerino> amstan, http://rsnapshot.org/
<amstan> i like that idea of hardlinks
<ElTonerino> I use it to back up a server and a couple of laptops.  It's saved me a few times.  Yesterday being the most recent.
<amstan> does it delete old backups automatically?
<ElTonerino> yes
<Kartagis> hi
<Kartagis> how do I generate some passwd.db out of passwd file?
<soren> passwd.db for what?
<konryd> hello everyone. How do I connect to a freshly-baked vm instance?
<konryd> I prepared one with vmbuilder. It has openssh-server installed, and I know the username and the password
<bogeyd6> konryd, which virtualization package did you use?
<konryd> bogeyd6: kvm
<bogeyd6> sorry but i only use vmware
<tio_> hello
<tio_> can somebody help me<
<tio_> ?
<guntbert> !ask | tio_
<ubottu> tio_: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<tio_> ok, so Hello, I need help with RTL8111DL 1gbps wired and broadcom4311 wireless network interface. I have mainboard d945gsejt. I have in PCI one 100Mbps wired network interface. When I was installing system know both wired intrfaces. I select 100Mbps as primary (will be WAN port). 1Gbps will be bridged with wireless to LAN. Problem is, that system not recognize these two cards. after install
<tio_> root@atom:~# ifconfig
<tio_> https://gist.github.com/4986fb78b804ff2911ea
<Kartagis> soren, I figured out thanks
<Kartagis> the command was postmap
<tio_> This show only one - primary. So I downloaded latest realtek driver and install it. But no change. So I fix kernel modules, because was loading r8169 instead r8168.ko. It is ok now. But no change
<_ruben> first mistake: forget about the existence of ifconfig (and route)
<tio_> Broadcom have same issue. I installed drivers -- package b43-fwcutter - extracted fw, rebooted. But no change. So I looked here
<tio_> root@atom:~# lshw -c network
<tio_> I see, that these two cards are recognized but disabled
<tio_> https://gist.github.com/cb05afd045e3dc8eb1a3
<tio_> I attached this output (look last three devices)
<tio_> root@atom:~# lspci -v
<tio_> https://gist.github.com/9a0e3277853e34e960f7
<uvirtbot> New bug: #595501 in libvirt (main) "iptables rules for NAT break ufw setups" [Undecided,New] https://launchpad.net/bugs/595501
<tio_> Would somebody help me? I have installed Ubuntu server 10.04 LTS 32bit. Thanks
<hallyn> hm, centos 5.5 won't boot (once installed) in lucid kvm - whines about apic.  sounds like a 3 year old kernel!
<hallyn> ah, it's a xen kernel thing
<tio_> haha, I am lama, I just add interfaces to /etc/network/interfaces and its ok now
<zul> hallyn: smoser had some documentation about that
<hallyn> oooh, cool, thanks
<smoser> oh yeah, documentation is my specialty
<smoser> :)
<smoser> but, no, i dont know much about that.
<hallyn> gah
<kirkland> smoser: speaking of documentation ....
<smoser> i did get centos 5.3 booting in kvm, and running xen inside it
<smoser> though
<kirkland> <kirkland> smoser: could you take a look at https://help.ubuntu.com/community/UEC/Provisioning/DD-WRT
<smoser> that was probably what zul was thinking of.
<hallyn> smoser: i'm just surprised that even booting with --no-acpi didn't work
<zul> smoser: yeah it was
<hallyn> (http://us.generation-nt.com/bug-528077-kvm-fails-setup-timer-interrupt-via-io-apic-help-168961491.html suggests there's not much to be done)
<smoser> i think that looks reasonable, kirkland
<kirkland> smoser: cool, anything to add?
<kirkland> smoser: i'm working on documenting all of the uec auto provisioning steps
<smoser> no
<smoser> kirkland, you might want to point at that page from https://help.ubuntu.com/community/UEC/Tips
<smoser> or replace that one
<Genk1> hello
<hackeron_> hey, I have ubuntu set up as a nat router to share the internet connection. I also want to add NAT-PMP/UPnP for automation NAT traversal so I don't have to manually manage the firewall for games/bittorrent - how would I set that up?
<kirkland> smoser: yeah, when it's all ready to go
<kirkland> smoser: https://help.ubuntu.com/community/UEC/Provisioning will be the entry point
<smoser> yeah, i dont really care.
<kirkland> smoser: so far, i've documented dd-wrt and setting up a mirror
<smoser> just pointing at the old tips page, at least put that all together
<kirkland> smoser: i still need to do the pxe, tftp, wakeonlan, preseed, and web front end docs
<kirkland> thanks
<Genk1> I just want to find a way to disable nat in my station
<Genk1> how can I proceed
<Genk1> ?
<_chris__> heja. i have mounted a windows share to my server. now i want to copy a folder from linux to windows share. ive done t hat with "cp /folder/ -R /share/" problem is: i have some folders/files there with german chars in it lik 'Ã¤Ã¶Ã¼' and when they are copied to the windows share the names are pretty weird cause he makes stranges things out of the special chars
<_chris__> is there a way to solve this ?
<nimrod10> is there a way to force passwd to unlock users without a password ?
<bogeyd6> nimrod10, can you be more general
<bogeyd6> _chris__, is the windows share a en_US bawx?
<nimrod10> what do you mean bogeyd6 ?
<_chris__> no its german
<_chris__> ad bogey
<bogeyd6> nimrod10, you mean when they login to a box, a samba share, or the http, what have you?
<bogeyd6> _chris__, did you set your term to UTF8?
<_chris__> bogeyd6, u mean while mounting the drive ?
<nimrod10> :) creating a user as a linux account with a blank password is possible but the account is locked, and doing passwd -u username won't unlock the user. Is there a way to force passwd ?
<nimrod10> that is on a ubuntu-server 9.10
<bogeyd6> _chris__, your system locale should be UTF8 to include those
<bogeyd6> nimrod10, so you want a user to have a blank password and then upon login they are forced to change it?
<_chris__> bogeyd6, okay, im pretty new to linux, how can i set this ?
<_chris__> bogeyd6, its just a virtual machine for testing purpose
<uvirtbot> New bug: #595528 in nagios3 (main) "nt.cfg" [Undecided,New] https://launchpad.net/bugs/595528
<nimrod10> bogeyd6, the user logs in via ssh keys auth, after that I want them to be able to set the passwd they want. If I create their account with an empty passwd then when they set the pass it won't ask for the old pass
<bogeyd6> _chris__, server or desktop?
<bogeyd6> nimrod10, i guess you answered your own question. set it to a generic password first
<nimrod10> but if  they have a blank pass ubuntu locks the account. and passwd -u won't unlock it
<bogeyd6> this command will solve it too # usermod -p ââ foo # chage -d 0 foo
<_chris__> bogeyd6, the machine with the share is a desktop
<amstan> ElTonerino: thanks for that suggestion, rsnapshot works great
<nimrod10> bogeyd6, if I set it to a generic pass then everyone knows the pass and they can become the other user that hasn't changed his pass yet
<ElTonerino> amstan, Glad to hear it.
<bogeyd6> _chris__, https://help.ubuntu.com/community/LocaleConf
<bogeyd6> i dont know if you can make a blank password and login through ssh with it
<bogeyd6> i know you can use an ssh key instead of a password
<bogeyd6> but as far as just a str8 up blank login, dont think so
<hackeron_> anyone? I have ubuntu set up as a nat router to share the internet connection. I also want to add NAT-PMP/UPnP for automation NAT traversal so I don't have to manually manage the firewall for games/bittorrent - how would I set that up?
<bogeyd6> hackeron_, https://help.ubuntu.com/community/Servers#UPNP%20Mediaserver
<corpsegrindr> Some days streaming tv from my server works just fine and some nights it wants to buffer every 3 sec. I have no other down/uploads going and minimal use of bandwidth. Is there any key targets i can look for to fix this problem?
<corpsegrindr> or is there a way to have a video file temp load well on pause (kind of like youtube)
<_chris__> bogeyd6, set it to de_DE.UTF-8 now, but still same :/
<hackeron_> bogeyd6: I don't want to set up a media server, I just want to enable NAT traversal
<bogeyd6> _chris__, you didnt log out and log back in
<_chris__> hm
<_chris__> true :)
<_chris__> brb
<SpamapS> ttx: should make some progress on cloud-utils today. :)
<jdstrand> hallyn, kirkland, smoser: fyi-- I uploaded libvirt 0.8.1 yesterday. the only oddity is 0.8.1 ftbfs on powerpc because of a test case failure. I'm not sure that is a problem for you, but wanted to explicitly mention it. I don't plan to look at that any time soon
<ttx> SpamapS: good :)
 * ttx disappears
<jdstrand> hallyn, kirkland, smoser: I can say that redhat disabled some tests in their builds because of powerpc test suite failures, but not this one. In other words, our powerpc build didn't fail the one they blacklisted and their powerpc didn't fail on the one that ours did
<smoser> nice
<jdstrand> the test suite has always been a little fidgety...
<jdstrand> it shouldn't be hard to disable that test on powerpc only, but like I said, I don't have a lot of time for that atm
<jdstrand> actually, it wouldn't be earth shattering if just the nwfilterxml2xmltest was disabled... but rather than just disabling it, I think it should be investigated, which is precisely the part I don't have time for
<jdstrand> hallyn, kirkland, smoser: ^
<hallyn> jdstrand: so if i update a maverick box i'll get the new package?
<jdstrand> hallyn: oh yes :)
<hallyn> rockin'  thanks
<jdstrand> https://launchpad.net/ubuntu/+source/libvirt
<jdstrand> hallyn: sure! :)
<jdstrand> hallyn: I cleaned out some old packaging cruft too. the delta is still significant, but at least it is smaller than lucid
<jdstrand> hallyn: and upstream didn't break apparmor this time either :) only thing I added for the apparmor driver was a patch that they forgot to commit to 0.8.1 that will be in 0.8.2
<jdstrand> (I did fix some profiling bugs, but that is ubuntu-specific)
<jdstrand> hallyn: if you are interested in the powerpc ftbfs (and I hope you are ;), this would be a good opportunity to become acquainted with porting boxes (ie davis.canonical.com for powerpc)
<hallyn> jdstrand: IIUC you're saying the new package does not build from source on powerpc, and I should take a look at why...
<hallyn> i'll take a look at that - if nothing else it'll test my account's ability to get into the machines :)   (after testing lxc merge)
<jdstrand> hallyn: that is exactly what I am suggesting :) though, it builds, it fails a test in the test suite (which is enabled in the build). See http://launchpadlibrarian.net/50454753/buildlog_ubuntu-maverick-powerpc.libvirt_0.8.1-2ubuntu1_FAILEDTOBUILD.txt.gz
<kirkland> hallyn: jdstrand: powerpc is *very* low priority for us, however
<kirkland> should be fixed, but should not consume your time
<smoser> SpamapS, i just shoved a 'Usage.txt' file to lp:~smoser/junk/uec-run-instances/ that describes kind of what we're hoping to hvae.
<LowValueTarget> I have a deb package directory structure I built with dh_make..... is there an easy way to increment the package version without having to manually put entries in the changelog etc?
 * jdstrand nods
<jdstrand> part of why I can't jump on it atm
<jdstrand> hallyn: I neglected to mention that only amd64, i386 and armel are officially supported architectures. all others are community driven. I brought this up cause I don't know how important powerpc is in reality to the server team, which kirkland answered
<jdstrand> hallyn: earlier releases have a different list, but last few releases are those 3 archs
<jdstrand> hallyn: my rule of thumb when working on devel is to not break the community archs needlessly, but I'll fix when I have time for it
<jdstrand> mdeslaur: oh, I forgot to mention to you that I uploaded a new libvirt yesterday (0.8.1) in case you want to refresh virt-manager and friends
<mdeslaur> jdstrand: ok, thanks
<SpamapS> smoser: thats super helpful thanks. :)
<SpamapS> smoser: should I branch your uec-run-instances and work from that? It looks to have quite a few things different from the one in lp:ubuntu/cloud-utils
<smoser> SpamapS, you can start from that branch that i have (the junk one).
<SpamapS> smoser: sweet thanks
<smoser> i hope to basically be bacwards comaptible with the cloud-utils/uec-run-instances
<smoser> but a whole lot more powerful
<unlex> anyone using a dual p4 xeon as servers?
<JackTO> hi all, i'm configing my ip for the first time ibn linux, in the /etc/networks/interfaces file, what is the field "network" for, its under netmask, i nebver had this in wondows
<steffan> JackTO: "man interfaces" explains that
<JackTO> just says requied for 2.0 kernels, but what does it do, mean?
<JackTO> if my address ip is 212.203.83.4, does that mean that addess always ends in a 0, like 212.203.83.0
<kaushal> hi
<kaushal> Anyone using collectd on ubuntu ?
<unlex> i have a dual P4 Xeon and was wondering if i should derack it considering it's got only two physical CPUs with one core each which is rathr quaint in my opinion but would it fit to buoild a cluster/server?
<unlex> or replace it with an entry level X3430 single socket quad core box ?
<elnur> How to force bind9 to update its cache?
<_ruben> elnur: rndc flush (it doesnt really update it, it flushes it)
<jilly> hi. im setting up dns
<jilly> how do i find my network address?
<jilly> like 192.168...
<SpamapS> jilly: whose network adress?
<SuperLag> SpamapS: I want yours, so I can set up some scripts on your server. :)
<SuperLag> SpamapS: and don't tell me 127.0.0.1, either :)
<LowValueTarget> why would apache freeze on serving up css files
<kirkland> SpamapS: what's your LP id?
<SpamapS> kirkland: clint-fewbar
<SuperLag> You're fubar, alright :)
<SuperLag> How goes it, dude?
<SuperLag> I'm just in one of those moods.
<SuperLag> SpamapS: are you working hard, or hardly working?
<SpamapS> SuperLag: a bit of both :)
<owen1> i created new user. when i run something with sudo i get:
<owen1> sudo: must be setuid root
<owen1> any clues?
<jonny2> Hi, I am trying to setup a server with 6 IP addresses on 1 card, but only one IP address works, /etc/network/interfaces http://pastebin.com/bX7nEsFW, ifconfig output http://pastebin.com/sU31SMys, any pointers would be helpful, I have based /etc/network/interfaces on the server guide
<Rigorm0rtis> Hello, I am having problems with Ubuntu crashing when I copy a large file to it over the network. Whenever I transfer a file > 60GB the system crashes. I have had this happen over ssh and samba. If I write a large file locally, the system does not crash. I have logs. This is happening on Ubuntu 10.04 server x64 on an EXT4 partition that is 2tb. I have run memtest on the machine and it held...
<Rigorm0rtis> ...up for three passes. Any ideas?
<elnur> _ruben, it didn't help. my server still has old domain's data. maybe i should flush something else, not bind?
<_ruben> elnur: it depends on your dns infrastructure
<kaushal> Can someone please guide me about my query regarding collectd on ubuntu server ?
<_ruben> !poll
<ubottu> Usually, there is no single "best" application to perform a given task. It's up to you to choose, depending on your preferences, features you require, and other factors. Do NOT take polls in the channel. If you insist on getting people's opinions, ask BestBot in #ubuntu-bots.
<hggdh> Rigorm0rtis: what do you mean by "crashing"? You get a kernel OOPS?
<Rigorm0rtis> hggdh: The system completely locks up. I can't get a picture from attached monitor, and any network connections drop.
<hggdh> Rigorm0rtis: yeah, sounds bad. Is this a server?
<hggdh> brb
<corpsegrindr> Some days streaming tv from my server works just fine and some nights it wants to buffer every 3 sec. I have no other down/uploads going and minimal use of bandwidth. Is there any key targets i can look for to fix this problem?
<Plecebo> I'm having trouble getting postfix to send mail on my server. I tried testing with telnet but i've never tested postfix before so not sure what success/failure looks like. Can someone help me?
<pmatulis> Plecebo: telnet is just a means.  the result is that mail is sent.  check /var/log/mail.log or recipient inbox.  however, i'm sure googling for 'testing smtp telnet' will help
<jeremyn> Plecebo: i like to use nc to the smtp port and then type "ehlo <domain>"
<jeremyn> Plecebo: or submission port, like run, on the server "nc localhost 587" and then type "ehlo <domain>" and hope you get back some responses that sound like mail
<Rigorm0rtis> hggdh: Yes, a file server primarily.
<cwillu_at_work> Rigorm0rtis, are you familiar with netconsole?
<_ruben> cwillu_at_work: netconsole as in performing the install procedure over ssh?
<cwillu_at_work> Rigorm0rtis, also, do the magic-sysrq keys work?  (alt-sysrq-[r, e, i, s, u, b] to cleanly reboot)
<cwillu_at_work> _ruben, no
<cwillu_at_work> _ruben, netconsole is a low level output for the kernel log, which usually allows you to capture oops and such when the system goes down
<Rigorm0rtis> cwillu_at_work: I am about to leave work right now. I will return in about 30m.
<Ichat> can someone help me with an upgrade issue....
<guntbert> !ask | Ichat
<ubottu> Ichat: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<Ichat> atm im running ubuntu 8.04 - with ebox    on a   3TB raid5  array (ext 3)
<Ichat> now i want to install  the new lts,  with  it converted (if posible and safe)  to  ext 4 ) can i do that
<Ichat> as its being  3tb data,   id dont like the idea of loosing it,   even though i have backups  (on mostly old  160gb spares..     one can emagine that  restoring data wont be an option to consider light
<cwillu_at_work> Ichat, for the most part, ext4 is just ext3 with some extra features turned on, in the same way that ext3 is just ext2 with a journal
<cwillu_at_work> however only newly written files will gain benefit from things like extents
<cwillu_at_work> investigate "tune2fs"
<Ichat> meaning it should be done after i installed the new server and server software
<guntbert> cwillu_at_work: and a few bugs added as anyone can tell who tries to use a virtual box guest with a virtual SATA adapter when the host FS is ext4
<Ichat> so i should just 'install'  the new server, and ebox  (im not going to try upgrading it) ....  than get my / old     /home   partition mounted again,   and than worry about convertiong it to  ext 4  ???
<Ichat> strange (i think) that the server cdrom didn't  offer me an upgrade ?
<SpamapS> grr.. why doesn't vim have the modeline option on by default!? argh.
 * SpamapS wants his 5 minutes back
<_ruben> SpamapS: "security feature" i think
<SpamapS> smoser: so I think I'm going to use twisted.conch for the ssh not paramiko.. that way we can check all the instances asynchronously :)
<smoser> i have no opposition to that.
<smoser> i had gone the twisted route, but then decided that it wasn't terribly useful
<smoser> as
<SpamapS> smoser: The bash script calls the euca/ec2 tools for describe.. is there an API equivilent?
<smoser> a.) we dont want to finish until all things are finished
<smoser> b.) i forget what b was.
<SpamapS> smoser: yeah b was probably that you can't start ssh'ing until you have the console scrape anyway.. right?
<smoser> there are definitely api equivalents to describe images anda get-console-output
<smoser> that might have been it :)
<smoser> one thing the twisted would really help witih, that we dont want to be serialized on is multiple instances running a long running command
<SpamapS> smoser: if I can use twisted for that step then if nothing else we can finish a little earlier. Is this so people can start 100 instances efficiently, or 5?
<smoser> so the reason for execing PREFIX-run-instances, PREFIX-describe-images, PREFIX-get-console-output
<smoser> instead of using an API is that you can the assume that the user has set those commands up
<SpamapS> smoser: ah, the API's don't share the same setup as the tools?
<smoser> well, euca and ec2- use different ways.
<SpamapS> makes sense
<smoser> i didn't want to invent another.
<smoser> but, yeah, that is prettier.
<smoser> SpamapS, i dont know if its 100 or 5.
<smoser> i'd say "and run command" is likely a 1 thing
<smoser> but can't hurt
<smoser> i'm not at all opposed to having things twisted wher epossible.
<SpamapS> smoser: I mean, part of me just wants to do exec("ssh blah &") for that. ;)
<SpamapS> smoser: I'll keep it in mind... paramiko *is* simpler... and I like simple
<ghost_> hi all I'm having a problem running rails I get a could not find RubyGem active support error http://pastebin.com/NgRh2fLz
<ghost_> any help is appreciated
<SpamapS> smoser: but I can see waiting for 100 ssh's taking a long time if not done in parallel somehow.
<smoser> mostly i was going th eparamiko route for verifying keys
<smoser> i didn't know about twisted.conch
<smoser> and also, paramiko can read .ssh/known_hosts and such
<smoser> but... id ot know what others can do
<smoser> SpamapS, one thing i'd really like to do well is get the command execution remotely done well
<smoser> there are a couple thing si dont know really what to do about
<SpamapS> smoser: when spawning instances, how is the stuff in .ssh/known_hosts useful ?
<smoser> well if you're connecting to them
<cwillu_at_work> SpamapS, making sure you're logging into the machine you think you're logging into is good
<smoser> the idea was that --known-hosts would update your known-hosts such that subsquent 'ssh host' would have the entries
<SpamapS> cwillu_at_work: spawning EC2 instances means not necessarily having a known key.
<smoser> you scrape console for keys, verify that versus ssh-keyscan, and then write the entry to the users known hosts.
<SpamapS> smoser: ah, so its more about saving to it
<smoser> right, but in saving to it, you also have to remove
<smoser> and remove with hashed values
<smoser> which, i had no idea how i was going to do. paramiku does that sort of thing . i've not actually done it, but read about it.
<smoser> the things i want to well but dont know exactly how to do are in remote execution:
<smoser> - ssh somehost foo bar "wark two"
<smoser>   that always gets screwed up. the commands are never delimited correctly as they go through multiple levels of shell interpretation
<smoser>  i'd like to make it work correctly. i'm not sure if the deficiency is in the ssh client, or the ssh server.  ie, i dont know if going through a library rather than system(ssh) is going to help that.
<SpamapS> smoser: right you have at least 3 shells to screw it up (your login shell, the shell that the script uses to run ssh, and the shell on the other side)
<smoser> - for a long running command on the remote host, your network connection could get lost
<smoser> i'd like to somehow recover or "be correct"
<cwillu_at_work> you're using python?  Don't use os.system or any of the routines that do shell calls if you can avoid it, having the extra shell just causes problems
<SpamapS> cwillu_at_work: we're more talking about how it has been done in the past. I intend to send the command directly down the pipe w/ either paramiko or conch. :)
<cwillu_at_work> okay
<cwillu_at_work> none the less, os.system calls are a bad sign in a codebase
<cwillu_at_work> subprocess.popen is the correct approach, where you pass a list of strings rather than allowing the shell to perform the splitting for you
<cwillu_at_work> ignoring the conch approach :p
<SpamapS> cwillu_at_work: noted.. since I may be calling some commands as well. :)
<cwillu_at_work> hmm
<smoser> SpamapS, i dont know if "right down the pipe" is truely "right down the pipe"
<smoser> in the end, the thing that i want is 'sudo' like behavior rather than 'su' like behavior
<cwillu_at_work> explain?
<smoser> sudo -u ${USER} sh -c 'for f in "one 1" "2 two" "three 3"; do echo $f; done'
<smoser> one 1
<smoser> 2 two
<smoser> three 3
<SpamapS> smoser: playing w/ paramiko, I can feed it a raw key and it will save to a known_hosts file. :)
<cwillu_at_work> ugh, sudo -u ${USER} -i 'for f in "one 1" "2 two" "three 3"; do echo $f; done would work
<SpamapS> smoser: so while it seems strange, I can use paramiko for the local key management while still using conch for the transport.
<SpamapS> which it doesn't seem to do
<SpamapS> er
<smoser> cwillu_at_work, the above command and output is correct
<SpamapS> conch doesn't seem to do local key management
<smoser> basically, su takes '-c' "command string"
<smoser> sudo takes -- command arg arg2 arg3
<smoser> the latter is greatly superior in my experience
<SpamapS> smoser: I believe su simply switches user and runs a shell whereas sudo execs the binary you told it to exec
<holmser> is there any way to forcibly unbind a port without rebooting my server?
<SpamapS> holmser: kill the process that has it bound
<holmser> already did
<SpamapS> kill -9 ?
<holmser> killall
<SpamapS> try the same killall but 'killall -9 whateveryoudidbefore'
<holmser> got it... thanks
<Rigorm0rtis> Hello, I am having a problem with Ubuntu 10.04 server. When I transfer a file >60 GB over the network to the server hard locks after about 60GB is transferred. This happens over ssh, and samba. The destination directory is an ext4 2tb hardware raid10 array. When I create a large file locally on the machine it does not crash. Memtest reports no errors after 3 passes. Does anyone have any...
<Rigorm0rtis> ...ideas? I have a few logs.
<Ng> kirkland: hrm, I'm trying to test that qemu-kvm upload and getting weird failures - I don't appear to even be able to start a VM
<Ng> kirkland: I dug in some logs to find the command libvirt is executing and got: http://paste.ubuntu.com/451300/
<qman__> Rigorm0rtis, sounds like a bug in the ext4 driver to me, is your kernel up to date?
<qman__> if it were something else, it probably wouldn't hard lock, but rather fail in some other more graceful manner
<qman__> that, or hardware failure
<Rigorm0rtis> qman__: I'm using the most recent kernel on 10.04.
<Black_Prince> bad sector looks like hw problem
<Black_Prince> descriptor
<Rigorm0rtis> But then why would it work when I create a file locally?
<Ng> kirkland: hrm, belay that, qemu-common wasn't installed properly, so /usr/share/qemu was empty
<Ng> yep that was it, VMs start now :)
<mathiaz> Ng: is there a missing dependency in qemu-kvm
<mathiaz> Ng: ?
<Rigorm0rtis> Black_Prince: If I just copy from /dev/urandom to a file it gets past 100GB no problem. But if I try to send a file over the network via ssh, or samba it consistently dies around the same point. The outfile shows as being ~60GB.
<Ng> mathiaz: no, I'm not really sure what happened - I was downgrading from packages I'd backported from debian to the ones in -proposed to test a bugfix there, and somehow qemu-common was installed, but empty
<qman__> Rigorm0rtis, could be the NIC too, try copying several smaller files, like 10GB, then start the big file
<qman__> if the failure point changes to ~50GB, then the network card is a real possibility
<Rigorm0rtis> qman__: I regularly copy copy windows images and partimage captures over the network. Today alone I probably transferred >100GB. It very much seems to be the size of one transfer.
<kirkland> Ng: why wasn't qemu-common installed properly?  archive, package, or user error?
<cwillu_at_work> Rigorm0rtis, does anything show up in kern.log from the actual crash?
<cwillu_at_work> Rigorm0rtis, do the sysrq key-combo's do anything
<cwillu_at_work> and you should really set up netconsole and reproduce the crash to make sure you're getting any panic or oops messages
<Rigorm0rtis> cwillu_at_work: I can check kern.log tomorrow when I am at work. I am not familiar with the sysrq key combos (but I do know that the capslock and numlock keys stop responding). I don't know how to set up a netconsole.
<cwillu_at_work> Rigorm0rtis, then I suggest you google them :)
<cwillu_at_work> Rigorm0rtis, the sysrq combos may allow a clean shutdown even with a partially hung system, and netconsole will allow you to capture kernel messages on a different machine using a very low mechanism that generally still operates during all but the worst crashes
<Rigorm0rtis> I have noticed that right before a crash, I start getting these errors in syslog: http://paste.ubuntu.com/450086/
<Rigorm0rtis> they also pop up on the terminal.
<cwillu_at_work> okay
<Rigorm0rtis> the first two lines, not the entire thing. Right after that seqence in the log file, there is usually another, or messages from the system booting after I reset it :)
<Ng> kirkland: I'm honestly not sure, but since I was downgrading let's go with user error :)
<kirkland> Ng: heh
<cwillu_at_work> Rigorm0rtis, yes, the first two lines are at a different debug level than the rest, this is configurable
<kirkland> Ng: how long to tell if it's still memleaking?
<Ng> kirkland: I'm just setting up the tests now, but to be fair I should leave it running overnight
<Ng> it ought to be obvious when I check in the morning
<kirkland> Ng: cool
<kirkland> Ng: take your time, just respond in the bug
<cwillu_at_work> Rigorm0rtis, might try mounting with nodelalloc
<Rigorm0rtis> cwillu_at_work: So is this netconsole thing equivalent to remote syslog?
<cwillu_at_work> Rigorm0rtis, yep
<cwillu_at_work> but at a low level that survives most crashes
<Ng> kirkland: I want to get it done so I can get back to setting up my new server as a VM host ;)
<Rigorm0rtis> cwillu_at_work: I guess I do know how to set that up then!
<cwillu_at_work> Rigorm0rtis, it's a kernel module you load with parameters
<Rigorm0rtis> nodelalloc is an fstab mount option correct?
<cwillu_at_work> http://www.mjmwired.net/kernel/Documentation/networking/netconsole.txt
<cwillu_at_work> believe so, although if it's your /, you might need to pass it in a different way, not sure
<cwillu_at_work> i.e., via rootflags= on the kernel command line or some such
<Rigorm0rtis> The drive that the writes are occurring to is separate from the root. This is a storage server, I've got one drive each for / and /home, and then a 2TB raid for the general storage.
<Rigorm0rtis> cwillu_at_work: So, tomorrow I should remount the drive with nodelalloc, set up the netconsole, crash it again (if possible) and then grab the logs?
<Rigorm0rtis> I'm at home right now and the machine isn't configured for remote access. :(
<cwillu_at_work> Rigorm0rtis, you need another local machine anyway to capture the netconsole output
<cwillu_at_work> but something like that, yes
<Rigorm0rtis> I'll use my personal linux box to capture it. I just have to enable the receipt of syslog messages from remote hosts correct?
<cwillu_at_work> no, you need to read the documentation :p
<Rigorm0rtis> I am looking at this doc you sent me, and it says The remote host can run either 'netcat -u -l -p <port>', 'nc -l -u <port>' or syslogd.
<cwillu_at_work> looks like it can talk to syslogd though, yes
<Rigorm0rtis> syslogd seems like a cleaner way to do it to me.
<Rigorm0rtis> I will do this and report back tomorrow. Thank you for you help. FYI I've got a thread on the ubuntu forums about it I'm keeping updated as well. http://ubuntuforums.org/showthread.php?t=1510233
<Rigorm0rtis> Thanks again. I know my way around Linux I would say, but I don't have much troubleshooting experience (never really have problems ;) ).
<cwillu_at_work> ah, ubuntuforums, where good information goes to die :p
<Rigorm0rtis> Yeah I hate it when I google a problem and the top result is an ubuntuforums post with zero replies. :(
<rapha> Hi all!
<rapha> Regarding the dovecot-postfix meta-package ... what would the proper way to set that up with MySQL be?
#ubuntu-server 2010-06-18
<FreeNslaved> http://www.boldvoices.tv    meme went live on channel 5 ten minutes ago
<kusznir> Hi all: I'm installing a ubuntu server without any graphics devices (xen domu, using the xm console method).  How do I add users to the system?  (when I tried using the traditional "useradd" program, the account was pretty botched; the only way I've found so far to add user accounts was through the ubuntu gui if I wanted them to work)
<qman__> kusznir, use 'adduser'
<qman__> it sets all the things right for the users to work
<kusznir> Ok, thanks.
<gbear14275> hello, I've been researching pci passthrough to enable NIC passthrough to one of my VM's and believe it requires vt-d support from my motherboard.  I discovered that there is no vt-d support on my motherboard and am wondering if there is a way to do PCI (specifically NIC) passthrough without vt-d?  the reason I am investigating this is I only have 1 static public facing IP to assign to a webserver I would like to run
<Yosi> hi all
<Yosi> I just changed my IP on my ubuntu-server and I get the following error...   "apache2: Could bo reliably determine the server's fully qualified domain name, using 208.83.212.218 for ServerName"  any idea of what I broke??
<qman__> Yosi, you need to set up your hosts file correctly
<qman__> it'll work as-is, but if you want the error to go away, the domain name you're using in apache needs to resolve to your IP
<Yosi> qman, thanks. i think that is whats going on...some guy in #linux was saying the issue was my httpd.conf file, but in ubuntu that file is empty
<Yosi> qman: to fix th error, what file in apache would contain that domain name?
<ajavid> hi, I am unable to install/remove/upgrade mysql-server <-> http://pastebin.com/9pQjQivc (Ubuntu 10.04) It crashed/locked up during an upgrade process and since then aptitude fails on everything
<tomswartz07> hi all, I just have a quick q. im looking into starting and setting up a personal apache server on my 10.04 desktop. Does anyone have any advice or good guides for a beginner?
<amstan> tomswartz07: if you already have the comp installed, and you just want apache on there
<qman__> Yosi, /etc/apache2/sites-available/[yoursiteconfig]
<tomswartz07> amstan: I have 10.04 desktop installed, plain vanilla. ive found some sites hosted from ubuntu, but no decent guides for beginners.
<tomswartz07> a plain jane web site server is fine by me
<tomswartz07> what other services could you run from a home server like this?
<amstan> tomswartz07: just install apache2 libapache2-mod-php5
<amstan> tomswartz07: umm.. you probably want mysql too, so install that, and php5-mysql
<amstan> you can do all of this with synaptic
<amstan> when you're done you put your website in /var/www
<tomswartz07> amstan: and thats it? what does mysql do, exactly?
<amstan> tomswartz07: ok... hmm
<pmatulis> Yosi: the value for ServerName needs to resolve to an address.  set up /etc/hosts accordingly
<amstan> tomswartz07: what exactly do you want from this website?
<amstan> tomswartz07: if it's for a personal website, and you're just playing with html, then you don't need mysql and maybe not even php
<amstan> tomswartz07: so.. apache is the server, php a scripting language that makes all the pages dynamic
<tomswartz07> just a place to host a page or two, even better if i could have file hosting.
<amstan> tomswartz07: and mysql is a place to put all the data that php has to play with, stuff like user accounts and so on, it's easier to use mysql for some stuff than files, but you need to program that retrieval
<amstan> tomswartz07: i'm not exactly sure where i can get you some guides about this, i kind of passed this stage already
<amstan> if you have any questions just ask me
<tomswartz07> amstan: ah, i see. Thats a bit too rich for my blood just yet. i dont think ill be having users and logins, etc. Would just plain apache be right for my needs?
<tomswartz07> im looking to just do basic hosting, web pages and files
<amstan> tomswartz07: if you don't want to touch programming with php, just plain apache is fine
<amstan> tomswartz07: apache will provide all the things that makes your computer serve a static page/file
<tomswartz07> amstan: excellent. Ill see what else I could dig up. I just didnt know what to look for
<tomswartz07> amstan: thanks for the help! ill give a shout if i have anything else! :D
<amstan> tomswartz07: you could try some html tutorials
<amstan> tomswartz07: if you you're not already familiar with it
<tomswartz07> i have the html down pat, i just dont know how to get it hosted myself for free haha
<amstan> tomswartz07: did you ever port forward/ do you know what that means?
<ajavid> this is a waste of time distro.
<tomswartz07> amstan: yeah, i use it for ssh pretty often. i read that apache just uses port 80
<amstan> tomswartz07: yep, you got a domain too, right?
<amstan> no-ip at least?
<tomswartz07> through dyndns, i have the router set up to update with the IP, if thats what you mean
<amstan> yep
<amstan> tomswartz07: well.. you're pretty set then
<tomswartz07> amstan: woot woot. thanks again! ill see what i could do!
<zul> mathiaz: ping can you review the wording and make suggestion, this is the email being sent out for the sru process http://paste.ubuntu.com/451416/
<Jeeves_Moss> how can I fix this file error?  "dovecot: IMAP(scott@moseley.ca): Invalid data in file /mnt/raid/www_root/mail/moseley.ca/scott/.Sent/dovecot-uidlist"
<Yosi> pmatulis:  I just checked /etc/hosts and there are two entries there, the first is 127.0.0.1 localhost and the seond line is 218.83.212.218 cs1      (cs1 is the host name of the machine)
<qman__> Yosi, you need the FQDN also on that second line
<dereks> hey all, might not be in the right place for this, but let me know. i am interested in setting up a linux box in my house to do dns, authentication (ldap), posibly NAS, etc. Ideally, want to run on a small atom machine. Any easy to use Small Business distros you knwo of? maybe one with a nice web UI?
<dereks> based on ubuntu
<Yosi> qman: would the fqdn not just be the hostname, but the hostname.domain
<Yosi> ?
<qman__> that is what an FQDN is
<Yosi> qman: webmin put that in there..  its so odd...
<qman__> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<Yosi> qman: would having a fqdn in there fix my apache2 error?
<qman__> yes
<qman__> as long as it's the FQDN used in the apache configuration
<qman__> ServerName needs to be resolvable
<qman__> whatever that happens to be
<Yosi> qman: i looked in the directory u mentioned in apache2, but i didn't see a ServerName, all I saw was default
<qman__> Yosi, default is a configuration file
<qman__> ServerName is specified inside it
<Yosi> qman: I just checked, I' read the file, and there is no ServerName field specified in the file just says VirtuaHost *.80
<Jeeves_Moss> Yosi, and idea on my dovecot issue?
<Yosi> exit
<mathiaz> zul: line4: add the list of SRU criteria
<macd_eee> having qemu/kvm issues on 10.04, specifically, error: unable to connect to '/var/run/libvirt/libvirt-sock': Connection refused
<twb> macd: ls -l that file
<macd> srwxrwxrwx, I set it 777 to test, added root user to libvirtd
<twb> OK, first undo every "test" you did, then try again.
<macd> Sure, and I get the same results from virsh -c qemu:///system list (FYI adding the root user to the libvirtd group is in the qemu documentation)
<twb> Now, tell me the full line for ls -l on that file.
<twb> I'm surprised the *qemu* documentation mentions libvirt at all.
<macd> srw-r-x--- 1 root libvirtd 0 2010-06-17 22:36 /var/run/libvirt/libvirt-sock
<macd> I should have been more specific, the ubuntu/qemu documentation
<twb> macd: URL>
<macd> https://help.ubuntu.com/community/KVM/Installation
<twb> Well, first of all "community" indicates that it's not Ubuntu's documentation, it's Ubuntu users' documentation -- which can be outright wrong.
<macd> Im thinking we could focus on the problem at hand rather than the documentation that led me there, I'll remove root from the group
<twb> I'm surprised root need to be in any group, since root generally circumvents posix DACs entirely.
<macd> And logout/in, reissuing the above command virsh command yields the same results
<macd> I tend to agree at adding root to anything, it should superseed
<twb> Are you running things as root, or as a normal user?
<macd> there is no selinux either so it is definetly DAC
<macd> I am running as root.
<twb> Any reason you're running as root?
<macd> I like it.
<macd> I could login and sudo instead, I dont really see the difference
<twb> My understanding is that a large part of libvirt's job is to allow non-root users to use VMs (which require privileged access to e.g. brctl).
<twb> If the normal way of using libvirt (and Ubuntu) is to not run stuff directly as root, I suggest trying that.
<macd> I get the same results using my user, with or without sudo.
<twb> And that user was in the libvirtd group when you logged in?
<macd> added, logout/in, same result
<twb> OK, at this point I would be checking the log files and asking #virt
<macd> yeah, Im querying in @qemu as well, I appreciate your help.
<macd> twb, Jun 17 23:37:11 spare5 kernel: [ 3667.415428] kvm: disabled by bios
<macd> I thnk I figured it out ;)
<twb> Grmph.  I'd have hoped it'd just use software virtualization in that case.
<macd> Im under the impression it only supports full virtualization, and not para
<twb> Well, qemu sure as shit supports software virtualization, and if Ubuntu has dropped that in it's combined qemu/kvm package, I will be Pissed Off.
<uvirtbot> New bug: #595789 in lm-sensors (universe) "after resuming from suspend, sensors -s is required" [Undecided,New] https://launchpad.net/bugs/595789
<unewbie> anyone using 8.04 server as kvm virtualisation host?
<unewbie> i can't connect guest os after install
<unewbie> i installed with ubuntu-vm-builder
<lau> hello, why does sudo aptitude install kvm libvirt-bin ubuntu-vm-builder bridge-utils on a fresh lucid server install
<lau> tries to install x11-common ?
<RoyK> no idea - some dependencies - probably some X-stuff in there somewhere - why? does it matter with a few extra libs?
<twb> lau: x11-common is just a few boring files, it's not anything significant
<twb> Most likely it is there for keyboard support.
 * Ng drumrolls
<huats> monring
<Ng> kirkland: I have good news and bad news. Actually I just have bad news, that package doesn't fix it, three of my four test VMs have been OOM killed. I'll comment as such on the bug.
<Ng> kirkland: (at least it doesn't fix the leak I'm exposing, maybe it fixes others)
<lau> twb: thx
<lau> just create new vm sudo ubuntu-vm-builder kvm lucid
<lau> want to remove it from the system, is rm -rf ubuntu-kvm the proper way ?
<lau> or does it exist a ubuntu-vm-builder erase kvm lucid ?
<twb> lau: did you check the manpage for ubuntu-vm-builder?
<lau> twb: yes man vmbuilder but I only saw references to create a vm not to delete it (maybe I missed it?)
<twb> I don't know, I'm just triaging
<lau> twb: I also took a look at https://help.ubuntu.com/community/JeOSVMBuilder but without success
<soren> lau: Unless you used the --libvirt option, the VM is just the disk image. Delete the disk image, and the VM is no more.
<xperia> hello to all. i have a small question. i am running on two ubuntu servers the apache webservice however every server has it own website. when i call the Website of the second server i get allways site not found. the domain resolves great but somehow the apache server dont return the page. i must say that on the second server i have configured thecan somebody help me to debug the problem ? site as vhost maybe that is the problem ?
<xperia> i must say that on the second server i have configured the site as vhost maybe that is the problem ? can somebody help me to debug the problem ?
<twb> xperia: is apache running?
<twb> xperia: is it bound to port 80?  What happens when you browse from the local host (e.g. with w3m)?
<xperia> yes it is running but i check it again over the local ip adress
<xperia> twb: when i call the server over the local ip adress it return "It Works"
<twb> Therefore you most likely have a firewall, routing or name resolution issue.
<xperia> so apache is working. will check if the vhost is configured right. the thing is both servers are behind one static ip and on both servers bind is running great one time as master and one time as slave on the second server
<xperia> hmmm will check that with the firewall
<twb> Um, it would be exceedingly peculiar for a single (ip, port) tuple to be connected to multiple hosts.
<xperia> port 80 is open for the second server too in the firewall.
<twb> A network diagram showing where your masquerading, DNATs, mod-proxying and load-balancing happen would be useful.
<xperia> twb: thank you a lot for your help. i have a router and behind this router the two servers are located. the router has port 80 open to both servers. if i do "dig secondserver.example.com @wanip" it resolve the domain great also if i do  "dig secondserver.example.com @lanipfirstserver" and "dig secondserver.example.com @lanipsecondserver"
<xperia> so bind runs on both servers great and i ca browse the sites on the first server with no problems
<xperia> just the second new added server dont display the sites even the hostdomain resolve great !
<xperia> a diagram would look like this
<xperia> wan ip adress static | router | 2 servers
<xperia> at the moment only the first server works great
<Error404NotFound> If i run a reverse webserver proxy, it means that everything will be loaded from the box behind proxy, right? Is there a purpose of having documentroot for a proxy host?
<cwillu_at_work> Error404NotFound, you don't necessarily have to proxy _everything_ on a particular host
<cwillu_at_work> i.e., your static files could be served by apache
<Error404NotFound> cwillu_at_work, so i can actually load some of the files off the reverse-proxy webserve
<Error404NotFound> cwillu_at_work, great...
<Error404NotFound> cwillu_at_work, also if i am proxying a LAMP, do i need MySQL and PHP on the reverse proxy host? even if i am not serving any PHP content on that?
<cwillu_at_work> Error404NotFound, lamp is a marketing term :p
<cwillu_at_work> Error404NotFound, you should only ever install what you need
<cwillu_at_work> if you don't need mysql and php on a box, don't install it
<Error404NotFound> cwillu_at_work, Nginx could be a possible alternate to Apache + mod_proxy + mod_proxy_html + mod_rewrite?
<cwillu_at_work> I suppose so
<cwillu_at_work> I tend to avoid the use of mod_rewrite myself
<twb> In lucid, gdm's default greeter has the same background as the default GNOME desktop, a bar along the bottom that looks like gnome-panel, and a login dialog in the middle that looks rather similar to the old gnome 2.10-ish "loading splash" -- especially since the list of users was empty (apparently it can't/doesn't enumerate LDAP accounts by default).
<twb> This was sufficiently confusing that it took me four reboots and a co-workers' help to realize that the system wasn't crashing in the middle of the casper "ubuntu" user's login -- it was actually the GDM theme.
<ttx> Daviey: just popping in.. any questions on the groovy fix proposed by Chris ?
<ttx> Daviey: looks like s/groovy/groovy-all/ in eucalyptus-java-common.links might fix it
<Daviey> ttx: It's not looking like the fix tbh.. I manually did the symlinks, and didn't produce joy
<Daviey> Just built a package wth it done in the packaging, not expecting it to work
<Daviey> but thought i should try
<Daviey> ttx: In other news, removing the battery in the laptop made the NIC start working again :/
<ttx> trying to run with groovy-all in the classpath instead of groovy doesn't fix it ?
<ttx> Daviey: about the laptop -- hopefully just a tarnisient issue
<ttx> transient, even
<Daviey> ttx: Yeah, i'm investigating groovy issue as we speak
<Daviey> ttx: Not currently blocked on anything.. you should be on holiday :)
<xperia> hello to all. how do you setup two web servers behind one wan ip to work right ?
<ttx> ok, I'll stay around for a few while reading up email -- just in case you have questions
<Daviey> ttx: thanks
<xperia> what is the best way running two servers behind one wan ip ?
<sommer> morning
<Danawar> Xperia
<xperia> good evening :-)
<xperia> yes i am listening
<Danawar> I'm no pro
<xperia> me either :-)
<Danawar> But if you are trying to set up 2 servers for 2 fifferent things
<Danawar> You can use port forwarding on your router
<Danawar> to send things like mail to one server and webvisits to the other
<Danawar> is this what you are after or have i misenturpreted
<xperia> well i am running webservers that listen on port 80 both
<Danawar> okies
<xperia> so i have two webservers behind a router with a static wan ip
<Danawar> ok
<xperia> and need now to get the second server to run but somehow it wont
<Danawar> ok
<Danawar> so all traffic is going to server number 1?
<xperia> well in my router i opened port 80 to both servers
<xperia> so both servers should be able to answer
<Danawar> hrmm
<Danawar> tricky ;/
<xperia> but at the moment only the first delever the page when i call up the hostdomain of the second server
<xperia> i just get the wrong page for a host domain
<Danawar> http://forums.kayako.com/f74/2-web-servers-1-public-ip-address-iis-17558/
<xperia> that should be delevered by the second server
<Danawar> Not sure if that will help
<xperia> well the keyword for resolving that is as i have readed from your post "NameVirtualHost" need to study that more. thank you a lot for the help. your post descibe my problem exactly
<cwillu_at_work> xperia, forwarding 80 to two different boxes won't work
<xperia> why not if i may ask ?
<xperia> normally it should work with no prob when vhost works
<cwillu_at_work> vhost is different than this though
<cwillu_at_work> with vhosting, you've got one server answering to two different domain names
<cwillu_at_work> in order for your router to figure out which server it's supposed to send the packets to, it would have to provide exactly that
<cwillu_at_work> setting up your server to forward one vhost to the other server is probably the best way to do it, if you want port 80 to work for both addresses (and assuming your router is fairly simple)
<xperia> hmmm so if i understand you right you say me the router will probably never send any request to the second router
<cwillu_at_work> to the second server, right.
<cwillu_at_work> or it might just randomly choose :p
<jpiche> I'm trying to find out the differences between the server and generic kernels, but I'm getting a 404 on http://www.ubuntu.com/products/whatisubuntu/serveredition/features/kernel, any ideas?
<xperia> yeahh that could be the problem. then i need in my bind server to resolve to names to the wanip adress with a specific port like wanip:8081 and then redirect all trafic for this port to the second server in the router
<cwillu_at_work> you can't do that though
<cwillu_at_work> dns has no concept of ports
<cwillu_at_work> i.e.: xperia.com will resolve to your ip address, but there's no way you can also include a port in that
<xperia> really. i have read that bind can resolve hostnames with port number
<xperia> if that really is not possible with bind how can i run then two servers behind one static ip ?
<cwillu_at_work> now, a different approach would be to have a vhost on server A that simply redirects to xperia.com:81
<cwillu_at_work> xperia, you use a vhost, and have one server proxy through to the other
<cwillu_at_work> ProxyPass / http://127.0.0.10:8000/ min=10 max=20 retry=0
<cwillu_at_work> ProxyPassReverse / http://127.0.0.10:8000/
<xperia> yeah this i have allready also thinked but redirects arent really good
<cwillu_at_work> would be the apache for it, (substituting the address as necessary)
<cwillu_at_work> the other approach would be to use a redirect
<cwillu_at_work> even so, you'll find at least some people won't be able to access the server on the non-standard port
<cwillu_at_work> as many firewalls / proxies block such access
<xperia> hmmmm did not thinked that such a small problem would need such strange fixes like redirects :-)
<cwillu_at_work> I wouldn't recommend the redirect approach, as I said
<cwillu_at_work> the right solution is the reverse proxy forwarding
<cwillu_at_work> there are smaller servers that are dedicated to such use, although apache will work fine as well
<xperia> okay reverse proxy forwarding is a keaword that i need to look further
<xperia> i am asking really how does the big hosting companys solve that problem
<cwillu_at_work> note that this implies all of the traffic from the second server will go through the first server as well, but that's pretty much unavoidable
<cwillu_at_work> xperia, they have loadbalancers which basically do exactly this
<twb> The key words are "high availability" and "load balancing".
<xperia> they have hundreds of physical servers behind one ip and resolve thousend of hostdomains
<cwillu_at_work> yep
<ttx> Daviey: I'm going back to my vacation
<twb> But since you aren't a large corporation yourself, many of the things you find will be out of your experience/budget/feasibility range
<cwillu_at_work> and they have several servers that are largely identical
<xperia> well thank you a lot for the info need to look really more into that
<twb> FSVO largely = blade centers :-)
<cwillu_at_work> myself, I just use racks and racks of beagles :)
<twb> I don't have a hard drive.  I just keep twelve thousand Indian teenagers in my basement and force them to memorize numbers.  -- http://bash.org/?quote=98
<Daviey> ttx: have fun!
<twb> In lucid, how do I get to the grub menu (so I can start memtest86+)?
<cwillu_at_work> hold down the right shift key
<twb> Ugh.
<cwillu_at_work> twb, no, ugh is that they did it to save one second on the boot time :p
<cwillu_at_work> twb, you can change that in /etc/default/grub though
<twb> What do you do about HHKBs and such, which have no RHS modifiers?
<cwillu_at_work> ... you change it in /etc/default/grub
 * twb rails at change.  ALL change.
<twb> cwillu_at_work: which is great unless you want to get to grub because something is wrong with the boot process
<cwillu_at_work> twb, silly, you should have fixed that before your boot process failed
<twb> I'm starting to think I should install an ubuntu desktop on a scratch laptop, just so I can have experience dealing with these kinds of things before I run into them on production servers.
<MTecknology> I'm getting a crap load of these - Jun 17 16:42:33 incipio kernel: [25879.080753] [UFW BLOCK] IN=eth0 OUT= MAC=52:54:00:63:d5:dc:54:42:49:02:8c:85:08:00 SRC=10.41.0.194 DST=10.41.0.5 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=8990 DF PROTO=TCP SPT=65170 DPT=80 WINDOW=16227 RES=0x00 ACK FIN URGP=0
<cwillu_at_work> I'm trying to find the word to express the particular mixture of amusement, dismay and arrogance I'm feeling in response to that :)
<MTecknology> Port 80 from any to any is allowed into that server...
<twb> I wish vendors wouldn't try to make the look and feel *completely different* with every point release
<twb> (That's not a criticism of Ubuntu, but the industry in general.)
<MTecknology> twb: indeed
<twb> Like how Finder.app has a completely different nonstandard toolbar every damn time.
<cwillu_at_work> twb, you really should have a test server of some sort to do testing on
<cwillu_at_work> production servers generally aren't the place to try things for the first time
<twb> cwillu_at_work: I do, but they're VMs
<jdstrand> MTecknology: is is probably being denied because that packet isn't part of an existing connection (ie you were doing something, then rebooted, then the webserver sent some packets)
<jdstrand> s/ie/eg/
<twb> And the production servers are a customer-owned hodge-podge, so I can't easily just dedicate one of 30 identical production machines to be my test machine.
<MTecknology> jdstrand: ooooh - that makes a lot of sense - thanks :)
<cwillu_at_work> so, get a cheap laptop to do your testing on :p
<twb> Yeah, I have a 701 sitting at home
<twb> Not that it would've found the RAID nonsense that I was running into on #ubuntu-server
<cwillu_at_work> you can use a raid on a single device, kinda sorta
<twb> True
<cwillu_at_work> it's hard to substitute actual experience on the hardware though :/
<cwillu_at_work> my usual trick is to spend time figuring stuff out for people in the troubleshooting channels
<cwillu_at_work> that way I get the benefit of experience without the panic of having my own stuff broken :)
<twb> Yeah, I do that, too.
<twb> I don't think too many lucid users are doing stuff with e.g. ten-year-old SCSI DDS drives, though.
<twb> I didn't have to make that work, thankfully, but I had to transplant to 2GiB (yes, two GIG) PATA drive into another host to a new motherboard so that the lucid desktop CD wouldn't bork trying to load a framebuffer
<cwillu_at_work> twb, oh, you know how to pull up the real failsafe vesa x on the live cd?
<cwillu_at_work> hit options, then escape, and then change the boot args to single;  then when the recovery menu comes up, choose failsafe x
<cwillu_at_work> the safe-x option in the actually boot menu doesn't do that
<twb> What I want is for "textonly" to work when I append it to the boot: prompt
<twb> I get mixed up between the various forks of casper
<cwillu_at_work> "single" will give you that
<cwillu_at_work> one curses menu, and then you can pull up a normal root prompt
<twb> Hum, I thought that was gone
<cwillu_at_work> nope
<twb> cwillu_at_work: erm, single *on the live CD*, before install?
<cwillu_at_work> yes
<twb> Huh.
<cwillu_at_work> just did it yesterday on a laptop that would hardlock
<twb> When I did a netinst of lucid just now, I noticed that it has come full-circle and is installing and forcing me to configure an MTA (prior to tasksel), just like Debian did way back in 2006
<twb> I accidentally booted it without priority=low, so I assume it's the default behaviour
<nube> need to create a file server for over 10 users of which I have found windows 7 is not a good solution. I prefer linux to any windows software, but I need to know what issues i might run into using a linux machine to manage file shareing for XP and Win 7 users
<nube> limitations to samba?
<Danawar> I dont know any as of yet
<twb> Danawar: it doesn't do AD very well yet
<twb> i.e. you probably can't make it the master server of your hundred/thousand-seat AD-centric Microsoft-centric network
<Danawar> What other software is there that can do Active Directory apart from windows server?
<twb> There isn't any
<Danawar> ahh i see
<Danawar> is any one working on any?
<Danawar> because i think that would be a very cool addition to linux
<twb> nube: if you just want a place to dump files and you have a "hard shell, gooey insides" approach to network security, it'll be fine.
<twb> Danawar: yes, the samba people are working on it
<Danawar> ideal cant wait :D
<nube> twb, i have 10 users at the moment that need to work off of one file server because i can't trust them to grab the files they are working on, put them on their local machine, and then when done put them back on the file server
<nube> twb, there will be more users and win 7 has a 10 connection limit
<nube> twb, thus now that my network has grown the win 7 machine that is sharing all the files used my users fails
<nube> twb, I think that an ubuntu server edition machine should be plenty sufficent for the purpose, but I need to research the possible issues before attempting to implement that option
<twb> nube: samba will be fine for that
<nube> the only need is for all my users to work off of files on one machine...
<twb> nube: do you have a scratch machine you can use as a test?
<twb> If you do, just spend an hour installing ubuntu-server on it and trying to get samba up and running.
<nube> twb, yes that was my intention.. use it for awhile and see if any issues arise
<twb> If it doesn't work, you've only lost an hour.  If it does, you have something concrete you can test with.
<nube> i agree... just have to sell the idea to my boss
<nube> windows server OS seems like a waste of money and super overkill for the need
<twb> It will bit you on the arse if you don't have a "go to" guy who can give you Linux support for it
<nube> twb, at least their is plenty of documentation available for *nix...espcially ubuntu whereas a win machine is about worthless as far as docs go
<twb> Shrug.
<twb> A large part of it is experience and knowing who to ask and where to look.
<twb> There's a SCO 5 (i.e. unix) host sitting on the desk here, and if it had ACTUALLY had bootstrap errors as the customer reported, I would have NO CLUE how to debug, let alone fix, it.
<nube> twb, always been able to implement it at home... have mac os X, win 7 and ubuntu working fine on one network, ssh x11 forwarding, all that good stuff
<smoser> SpamapS, do you have a WIP that i could sneak a peak at ? on uec-run-instances
<twb> And I wouldn't be much better with, say, freebsd or slackware.
<nube> twb, any decently spec'd standard desktop machine should be sufficient for hardware correct?
<twb> Depends what you mean by desktpo
<twb> But for ten users, even a Pentium III would suffice
<nube> twb, 64bit dual core processor, 4 gig ram, msi platinum MB, terabyte hardrive, 650W powersupply (overkill)
<rgreening> ScottK: hey. I'm working on packaging a web package called racksmith (http://racksmith.net). Looking for a) someone to review my package and b) possibly some assistance. Are you able or interested or point me to someone who may be interested?
<ScottK> Looking
<twb> rgreening: official or third-party/ppa packaging?
<nube> twb, i meant ti power supply was overkill... other spec's plenty sufficient?
<twb> nube: yeah, sure.
<twb> nube: assuming it's not a slow (45,000?) laptop disk.
<rgreening> twb: looking to get it into Maverick w/ future backport to Lucid.
<twb> Interesting tool.
<cwillu_at_work> demo looks broken here;  entries in a rack display over the menu, while the racks themselves don't
<twb> cwillu_at_work: looks OK in w3m-el, which is a nice change for a new-fangled web app :-)
<cwillu_at_work> it's also painfully slow :p
<ScottK> rgreening: It's made of php and mysql, so I'm really not the person.
<twb> nube: I meant 5400rpm (bad) vs. 7200rpm (good).
<ScottK> rgreening: I suspect zul might be a good person to review it once you have something.
<nube> twb, have to check but i doubt i spec'd anything under 7200..
<rgreening> ScottK: thanks. It's a real pomising project and there's very few packages like it or close to it.
<twb> nube: I mean, a ten-seat NAS could be handled by an 200MHz ARM with 32MB RAM.
<nube> twb, should be simple.. install the OS, copy the files to new machine, share folder, get users to to start working off the that shared folder, right?
<twb> cwillu_at_work: BTW, for comparison, syslinux allows any shift, alt, caps or scroll lock to trigger the "gimme the bootloader menu"
<twb> nube: yep
<nube> twb, is their any reason to use the ubuntu-server edition over the ubuntu desktop version as all it is being used for is sharing files?
<nube> twb, not using it as a web server or database server or any other of these common server requirements
<cwillu_at_work> twb, scrolllock on would be a good one actually;  you should file a feature request though
<twb> nube: yes; it'll give you more appropriate install defaults without you needing to futz anything.
<twb> nube: during install you'll be prompted about which services you want -- you should probably tick "file sharing" and "ssh / remote access", or whatever they're called
<twb> cwillu_at_work: which package provides that functionality?  grub-pc?
<cwillu_at_work> twb, any of the grub2 packages share the same source packages;  grub-pc should work
<twb> OK.  I meant grub-pc as opposed to one of the other bits that's involved in bootstrapping.
<twb> cwillu_at_work: according to the changelog, either shift key will work in grub2
<twb> Silly question: does "splash" turn plymouth on/off as it did usplash?
<cwillu_at_work> twb, believe so, yes
 * twb makes note to check that
<cwillu_at_work> actually, make that an unqualified yes
<Danawar> whats 'plymouth' ?
<cwillu_at_work> Danawar, boot splash provider
<twb> Danawar: the purple thing before the purple gnome thing
<cwillu_at_work> twb, note also the existence of "plymouth-log", and that "splash" without "quiet" should allow you to see most entries as well as interact with the console
<Danawar> The plymouth program allows you to change what the ubuntu loading screen looks like?
<cwillu_at_work> yes
<Danawar> And when set to quite shows you a long list of command that are being run or just a black screen?
<twb> cwillu_at_work: at the end of the day, it's mainly about me wanting bootstrapping to be as dumb and predictable and reliable as possible.
<twb> cwillu_at_work: so while I can understand the need for grub2 "modules" and os-prober and plymouth, I'm apprehensive about them being too clever, too early.
<twb> s/apprehensive/paranoid/
<cwillu_at_work> note that plymouth was been in use for a few years now
<cwillu_at_work> just new to ubuntu
<twb> Yeah, well.
<twb> Xenix was used for years, but that didn't make it any good
<twb> My gear usually isn't Ubuntu's core market, either.
<twb> servers of arbitary vintage, routers, diskless PXE workstations, etc.
<cwillu_at_work> let me rephrase:  we took flack for not using it and instead inventing our own :p
<twb> cwillu_at_work: you mean usplash?
<cwillu_at_work> and xsplash
<twb> Well, but I could trivially disable usplash in 8.04, so I didn't care.
<cwillu_at_work> well, you can trivially disable plymouth too
<twb> I have yet to confirm that with my own eyes :-)
<cwillu_at_work> cat /etc/init/plymouth.conf
<cwillu_at_work> actually, that's a lie, the check is in plymouth itself
<twb> cwillu_at_work: that's irrelevant, because if the root filesystem is mounted, I'm pretty much home free
<twb> It certainly has to at least be *installed*, because upstart Depends: mountall Depends: plymouth.
<twb> So I have (presumably unused) plymouth code installed on this router, which doesn't have any kind of video output at all.
<cwillu_at_work> where do you see that?
<cwillu_at_work> upstart doesn't depend on plymouth here
<twb> cwillu_at_work: via mountall
<cwillu_at_work> hmm, they should have made that a recommends:
<twb> Oh, cool.  "apt-cache show foo" now has a Supported: 5y field
 * cwillu_at_work suggests twb file another bug :)
<twb> That is so much easier than that old python script
<twb> cwillu_at_work: fyi, "aptitude why plymouth mountall"
<cwillu_at_work> yes, I saw
<twb> I figured more people need to know about "aptitude why" ;-)
<cwillu_at_work> aptitude why twb
<twb> That won't work on your system
<twb> Huh.  It doesn't work on mine, either, despite it being installed.
<twb> "Unable to find a reason to install twb."
<rgreening> zul: if you have a moment, I have some questions regarding packaging a php/mysql app and inserting via maintainer scripts some sql into the db...
<zul> rgreening: sure
<rgreening> zul: so the package I am working on it racksmith from http://racksmith.net. It has an install.php, but doesn't setup the db ahead of time, so I was going to use dbconfig to manage everything instead of using the installer.
<zul> ok thats fine
<rgreening> I have the sql required in install.sql, but the installer has a couple of extra dynamic bits to be inserted.
<rgreening> can I call mysql via maintainer scripts to insert those bits and got any example I can look at?
<rgreening> e.g.: "INSERT INTO `config` (`name`, `value`) VALUES('install_date', '".date("Ymd")."'),('version', '".$systemVersion."'),('ldap_auth', '0'),('ldap_server', ''),('buildingCanvasX', ''),('buildingCanvasY', ''),('ldap_basedn', ''),('ldaps_enabled', '0'),('ldap_prefix', ''),('ldap_group', '');"
<rgreening> this is the PHP code for some extra bit being inserted.
<rgreening> the install date is dynamic for example.
<rgreening> thoughts zul?
<zul> rgreening: sure i would like at how packages like phpmyadmin do it as well
<rgreening> zul: phpmyadmin doesn't insert any sql via maintainer scripts
<zul> rgreening: it was just an example but yeah what you said should be fine
<rgreening> zul: so, would this go in the postinst script only? The sql insert for above?
<zul> rgreening: yes
<rgreening> ok. I'll try it. ty zul.
<rgreening> zul: Can I ping you to review the package one I upload to review?
<zul> rgreening: if i have time yes
<rgreening> awesome. ty zul
<failover> Hi, i create a ubuntu guest, the network is using bridge, the ip is 10.10.1.1, i can access resources on network 10.10.2.x but can't ping these hosts, i got an error: "From 10.10.2.4 icmp_seq=1 Destination Host Unreachable"
<failover> Any ideas ?
<hggdh> failover: filters active on ICMP?
<failover> hggdh, yeap, my bad!
<hggdh> failover: welcome, and glad this was a simple thing ;-)
<failover> :)
<failover> mee too!
<failover> and thanks for the help
<uvirtbot> New bug: #596010 in ntp (main) "ntpd sementation fault using NMEA driver" [Undecided,New] https://launchpad.net/bugs/596010
<SpamapS> smoser: sorry I just now got your message.. I'll push a branch up now
<smoser> SpamapS, I'll  let it slide this once
<smoser> :)
<smoser> i'm just curious. no hurry
<SpamapS> smoser: suer. Is the EC2PRE environment variable something that is standardized across more than just cloud-utils ?
<smoser> not standard anywhere.
<smoser> we just want to provide some easy way to use euca- rather than ec2- or <insert-here>-
<SpamapS> Ah.. I like it.. seems like there should be a .cloudrc ;)
<smoser> yeah. theres that too.
<smoser> i stumbled upon mr.awsome recently, which looks pretty interesting
<Psi-Jack> Hmm. I have just setup an Ubuntu 10.04 LTS Server with libvirt for kvm. And I have a guest OS up and running connected to my br0 physical network bridge, but when I try to ping from the guest OS to any IP outside of the physical server it's in, I get nothing. I've flushed the firewall out to make sure that wasn't causing it, and it's still happening and I'm not sure why.
<zul> smoser: mr.awesome is another of my aliases
<Psi-Jack> The guest can ping the host's IP itself, but not beyond.
<smoser> yeah, but you dont spell it as cloud-cool as he does
<smoser> mr AWSome
<zul> heh
<zul> Daviey: are you still around
<mathiaz> smoser: mr AWSome <- nice - I like that :)
<SpamapS> smoser: lp:~clint-fewbar/+junk/uec-run-instances
<SpamapS> smoser: yeah mr.awsome lookw pretty cool... it might be useful to support it as an alternative to ec2-run-instances since it can do some cool setup tricks
<hggdh> jdstrand: thank you for the comment on bug 596010, I did not know about it (and just learned a bit more)
<uvirtbot> Launchpad bug 596010 in ntp "ntpd sementation fault using NMEA driver" [Low,Incomplete] https://launchpad.net/bugs/596010
<pmatulis> does anybody use IPSec on servers anymore?
<hallyn> jdstrand: kirkland: libvirt 0.8.1 in maverick succeeded in doing save/loadvm, fwiw.  pretty quickly, given it was nested inside kvm :)
<hallyn> \0/
<jdstrand> nice!
<hallyn> jdstrand: so thx
<jdstrand> sure thing :)
<kirkland> hallyn: neat!
<jdstrand> hallyn: will you be updating that bug then?
<kirkland> hallyn: i look forward to your recipe in the wiki for that;  that's something i need to do more of
<kirkland> Daviey: hiya
<hallyn> jdstrand: i'm going to wait until i can test a bit more (with some hw help from kirkland :)
<kirkland> Daviey: i'm curious if you've made any progress with groovy
<jdstrand> cool
<hallyn> kirkland: uh, which recipe?  for save/restore?
<kirkland> hallyn: jdstrand: should be today
<kirkland> hallyn: yeah, all things snapshotting, in general
<hallyn> alrighty
<hallyn> on my todo :)
<jdstrand> fyi, the qrt test-libvirt.py does do save/restore, but obviously not in a way that would trigger the bug
<SpamapS> anybody know the ec2 ami ID for our official lucid images? or better yet, do we maintain a page showing that?
<jdstrand> hallyn: it would be cool if you could add a test to qrt, if feasible
<kirkland> Daviey: i'm hoping the /usr/share/groovy/embeddable/groovy-all-1.7.0.jar  suggestion from nurmi helps?
<kirkland> SpamapS: yeah, smoser has a page
<kirkland> SpamapS: one sec
<SpamapS> ahh google doth provide
<SpamapS> http://uec-images.ubuntu.com/releases/10.04/release/
<kirkland> SpamapS: http://uec-images.ubuntu.com/lucid/current/
<kirkland> SpamapS: ack
<smoser> SpamapS, right . there is that.
<smoser> if you want to be fancy, there is
<smoser> http://uec-images.ubuntu.com/query
<smoser> which is more programatic abble
<SpamapS> would be cool if uec-run-instances just did that query for you
<SpamapS> --relese lucid --arch i386 --root instance
<hallyn> jdstrand: are you talking about bug 524447?
<uvirtbot> Launchpad bug 524447 in qemu-kvm "virsh save is very slow" [Wishlist,Confirmed] https://launchpad.net/bugs/524447
<hallyn> jdstrand: if so, i don't see how you can do save/restore so as to "not hit the bug".  unless yo usave/restore a 500k image...
<jdstrand> hallyn: I wasn't doing timing in qrt. I was more just saying that if you have other save/restore tests, please add them
<hallyn> ok (and you probably are doing a small image :) i don't have an automated test at this point.  i'll have to take a look at the qrt and see if i can tewak the existing test to detect the bug
<smoser> SpamapS, yes, it would indeed be cool
<jdstrand> so I guess the current test would trigger it, but it is a pretty small image
<smoser> SpamapS, difficulty there, though
<smoser> right now, we're
<jdstrand> hallyn: the save/restore test is in scripts/libvirt/libvirt-apparmor.sh (to save you some time)
<smoser> a.) UEC/EC2 agnostic, by just fronting tools, we know nothing about --region. we just assume its right
<rgreening> zul: racksmith has jquery and jquery-ui included with the source, is that an issue, or do I need to patch to pull them out and use the system packages? Thoughts?
<smoser> b.) there is no published data like that ofr UEC
<hallyn> jdstrand: kthx
<smoser> but, i really would like to do that
<smoser> err... rather i'd like to have that support, it would be cool/
<smoser> kirkland, ping
<zul> rgreening: system packages please
<kirkland> smoser: yo
<kirkland> ccheney: any progress on that euca bug?
<smoser> what do you want cloud-config-byobu to look like
<rgreening> zul: ok, I'll speak with upstream and see how easy it is to pull out.
<SpamapS> smoser: for uec it would be pretty easy for it to publish such a list by default though.
<smoser> is the only knob that you'd want to set 'enable by default' ?
<ccheney> kirkland, just caught up with my large email backlog and started working on updating the kernel now (back from lunch)
<smoser> SpamapS, i dont think i follow
<smoser> SpamapS, the issue with UEC is that those magic numbers differ for everyone's cloud
<SpamapS> smoser: right, so we'd have to query their cloud.. and just say "if you want this to work, you must fill in these optional metadata fields"
<SpamapS> smoser: long term, not short. :)
<SpamapS> smoser: I get a little pie in the sky sometimes... :-P
<smoser> right. yeah., and to be consistent that query mechanism from AWS
<smoser> the thing that is doable *now* is naming convention
<smoser> describe-images ... parse output... client side decide
<smoser> heavy though and yucky
<smoser> :)
<Psi-Jack> Okay, I'm seriously loosing my mind here.
<smoser> but, our image names are consistently named, so it can be done.
<smoser> but describe-images without an ami id pulls > 1M of data on us-east-1
<SpamapS> smoser: yeah thats no fun, it has to be a different metadata source
<Psi-Jack> Apparently my networking issue was with my bonding. Which is really odd, cause this would be the first time that ever failed.
<smoser> kirkland, ^^
<kirkland> smoser: hmm, what's cloud-config-byobu?
<smoser> for cloud-config syntax (in cloud-init). so you can do something like
<smoser> --user-data "#cloud-config\nbyobu: on-by-default"
<ccheney> kirkland, should i see this with lucid with just using the maverick kernel? or should i do a full maverick install for testing?
<kirkland> ccheney: i think full maverick install would be most accurate
<ccheney> kirkland, ok will do
<kirkland> ccheney: reproduce the problem there
<kirkland> ccheney: then replace just maverick's kernel with lucids; reboot; should fix problem
<kirkland> ccheney: then it's a binary search of the kernels between
<ccheney> yea :)
<SpamapS> hmm.. is Amazon going to get mad at me for starting/terminating instances constantly? Maybe I should setup a euca here at home...
<wack47> I currently have an ubuntu 9.04 kernel 2.62.28-19 server that loses network connection 4-6 times a week and the networking service has to be restarted to get connection back and I cant seem to figure out why
<smoser> SpamapS, why would they get mad ?
<smoser> err... wait. i mean... here , let me help you.
<smoser> I'll charge you $0.03 cents for every instance you start up on my cloud
<smoser> even if you shut it down immediately you pay for an hour.  I think they're happy with that.
<SpamapS> haha
<SpamapS> good point
<uvirtbot> New bug: #596034 in apache2 (main) "Please merge apache2 2.2.15-5 (main) from debian unstable (main)" [Wishlist,Fix released] https://launchpad.net/bugs/596034
<SpamapS> Client.PendingVerification: This account is currently being reviewed by our team and verified as a valid new account. Please contact aws-verification@amazon.com if you have questions.
<SpamapS> see
<SpamapS> they got mad at me
<Ichat> [q] when, trying to upgrade   hardy to  10.04 -  the installer failed,  saying that it cant work out for me,  something with a missing package for LVM2
<smoser> wait , what ?
<smoser> wow. how many instancess had you started ?
<SpamapS> smoser: 3
<SpamapS> well
<SpamapS> I had 3 running
<smoser> yeah, thats strange.
<SpamapS> I had started 8 total in the last hour
<smoser> way to little for them to care
<jo-erlend> I had a power outage here today. Actually, I had two power outages in 15 minutes. I have /boot on a software raid1 and / on a raid5. Now, it doesn't boot, or at least, it takes a very long time. I only see a blinking cursor. Should I be worried?
<smoser> when i run the image tests, i run 15 or so per ami per region
<SpamapS> smoser: agreed. I've run 8 before too
<smoser> it costs about $40
<SpamapS> 3 weeks ago I had about 10 going for some puppet/elastic load balancer tests
<smoser> thats very strange.
<Ichat> [i] my system is set up: on   4  hdd's  (part 1  (4x mirrored  8gb = (lvm)  root )   -   part2    (4x  1gb =  4gb swap)       part 3  =  4x  0,99TB  raid 5    /home
<SpamapS> Though then I used the console to spawn..
<SpamapS> smoser: maybe they don't like my newly created key/cert
<SpamapS> anyway I have some errands to run anyway
<SpamapS> damnit I was so close. >:
<jo-erlend> Ichat, I've never seen the installer say "I can't work out for you. Something with a missing package for LVM2".
<Ichat> jo-erlend    its not a clear error message -   but ill try to get it as acurate as possible...
<jo-erlend> never hurts.
<smoser> SpamapS, well, push what you have.
<smoser> kirkland, alright, so lets say i wanted to eanble byobu by default.
<smoser> how would i do such a thing for a single user
<smoser> how would i do such a thing for the system ?
<SpamapS> smoser: ok pushed.. ttyl
<smoser> maybe Daviey knows that ?
<Ichat> step   1  inserting the disk  (ok)      2   part manager  (formatting as    ext3  (seems fine).         3    installing linux base    -    neard the end the installer says  (failed to install -   (not failed to install   %name%.deb  -   or   package corrupt .... nope just  failed to install ....
<smoser> or any other byobu fan boys
<kirkland> smoser: sorry
<kirkland> smoser: there are two ways:
<Ichat> in a dif terminall window  (f3)    i find some   errors about   cant install package  lvm2    not availible
<smoser> i figured if i said "byoubu" enough times you'd come :)
<kirkland> smoser: a) each user can: byobu-launcher-install
<kirkland> smoser: b) or globally: dpkg-reconfigure byobu
<kirkland> smoser: does tht help?
<smoser> sure. hang on just a minute
<uvirtbot> New bug: #596041 in squid (main) "/var/tmp is not cleared after squid restart" [Undecided,New] https://launchpad.net/bugs/596041
<smoser> kirkland, http://paste.ubuntu.com/451732/
<smoser> so, the goal will be that:
<smoser> euca-run-instances --user-data="#cloud-config\nbyoubu_by_default: user" emi-abceefg
<smoser> would do what you would think
<smoser> euca-run-instances --user-data="#cloud-config\nbyoubu_by_default: system" emi-abceefg
<smoser> for all users
<Ichat> so is there no mdadm for 10.04  amd64  server  (could that be it? )
<jo-erlend> of course there is.
<wack47> I currently have an ubuntu 9.04 kernel 2.62.28-19 server that loses network connection 4-6 times a week and the networking service has to be restarted to get connection back and I cant seem to figure out why
<Ichat> so why is my install complainting about it not there (cant give the exact eng version of the error but it says some about it being not avail ...  i used  hardy to create the lvm volumes   and the raid devices.  they are on...
<ccheney> kirkland, should installing the maverick nc not automatically detect the controller?
 * ccheney wonders if he needs to reboot his controller again or something
<ccheney> kirkland, ping! :)
<ccheney> gah its not running the webserver :-\
<ccheney> thats probably why it can't find it
 * ccheney wonders if MaxClients = 1 is the problem
<MetaJake> anyone recommend good Offline reading for learning "Ubuntu-Server"?
<Ichat> MetaJake:  -   a few yah,   but id have to look up the author first...
<Ichat> http://www.bol.com/nl/p/engelse-boeken/ubuntu-certified-professional-study-guide/1001004006009485/index.html
<MetaJake> very new to ubuntu. but my goal is to learn server architecture for the sake of deploying Python driven websites.
<Ichat> sorry about the nl  link  but the title is   En
<MetaJake> lchat, gracias
<ScottK> MetaJake: The Ubuntu Server Guide is also available as a PDF.
<ScottK> There's a link in /topic that I think will get you to it.
<hggdh> smoser: when you run the tests on EC2, do you ever have instances that fail to start?
<steffan> MetaJake: https://help.ubuntu.com/10.04/serverguide/C/serverguide.pdf
<smoser> hggdh, occasionally.
<smoser> i attribute it to one of 2 things:
<smoser> a.) our kernel
<smoser> b.) amazon's fault
<MetaJake> steggan, scottk thank you
<smoser> rarely do i have a real strong feeling that it is 'b.'
<smoser> but sometimes i think their system just falls over
<MetaJake> anyone here deploy python driven sites such as Django or Pylons on servers they have built via Ubuntu-Server?
 * ccheney found out how to solve his problem after calling kirkland :)
<MetaJake> I'm sorry if thats a... too detailed question. I'm new to all this.
<MetaJake> steggan = steffan : \
<Pici> !tab
<ubottu> You can use your <tab> key for autocompletion of nicknames in IRC, as well as for completion of filenames and programs on the command line.
<MetaJake> ubottu: thanks for reminding me ! :)
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<MetaJake> XD
<holmser> I just set up my postfix/courier server, and it is all working except for the ssl/tls login.  anyone know of a good tut that covers ssl setup?
<holmser> I've been googling for a couple days now and I can't seem to find one
<smoser> kirkland, the above syntax is supported by cloud-init 0.5.12, which will appear shortly in an archive near you.
 * smoser heads out for the day
<jmedina> holmser: everything you need is in the postfix howto
<jmedina> postfix oficial documentation
<holmser> I followed this tut to get my server set up: http://holmser.net/i
<jmedina> holmser: for courier afaik you need to concatenate a dh helman + publick key
<jmedina> holmser: do you already have the certificates?
<holmser> I believe so... I'm double checking right now
<holmser> I know I set up certificates in the tut
<holmser> I'm still learning the whole mail server thing
<jmedina> I have my own howto:
<jmedina> http://tuxjm.net/docs/temporales/02Instalacion_y_Configuracion_de_Postfix_Dovecot_Mysql_con_PostfixAdmin_sobre_Ubuntu_Server_9.10.txt
<jmedina> it is in spanish
<jmedina> check the section ==Configurar parametros SSL/TLS para el cliente y servidor SMTP==
<jmedina> they are all the requiered parameters for postfix
<uvirtbot> New bug: #596064 in samba (main) "nmbd fails to start on boot - problem with upstart " [Undecided,New] https://launchpad.net/bugs/596064
<jmedina> if you want to create your own Certificate Authority check next chapter ==CreaciÃ³n de Autoridad Certificadora SSL/TLS==
<jmedina> I hope next week I finish the full howto
<jmedina> I already have the content, I jus need to translate it to docbook
<jmedina> it is about 100 pages about mail servers...
<holmser> ok, I just rechecked the tut I followed, and I set up certificates
<holmser> just to be clear, when I check my email, I am only dealing with courier, correct?
<jmedina> holmser: yeap
<jmedina> if you use pop3 or imap you deal with courier
<holmser> postfix handles the sending and receiving of mail, and courier handles my logins?
<jmedina> well postfix is a Mail Transport Agent
<jmedina> its function is transporting messages via SMTP
<jmedina> postfix uses smtpd service to listen in the TCP/25 port
<jmedina> and smtp (client) service for sending mail out to other domains
<jmedina> postfix by itself doesnt manage logins/authentiatoion
<holmser> ok, so I should really be looking for courier ssl/tls tuts
<jmedina> well if you want to use a secure channel for sending mails you need to add ssl/tls to the smtpd service in postfix
<jmedina> if not you are going to send your user and password in plain over the wire
<jmedina> the same for pop3/imap
<holmser> well right now I have postfix set up to deliver mail through gmail through ssl
<jmedina> holmser: by the way Im not sure if courier is 5 years supported
<jmedina> last time I checked it was in multiver repository
<holmser> 5 years supported?
<jmedina> holmser: yeap, for the Long term Support for 10.04 server...
<jmedina> well time to launch
<jmedina> dovecot is faster, secure and more flexible than courier, and is the recommended option for ubuntu
<jmedina> with courier I think you are on your own
<jmedina> I migrated most of my servers to dovecot, and they all rocks
<Ichat> jmedina:  -  only one tiny flaw :S
<Ichat> ebox  (ubuntu's  favority webbased  managment suite (for  sbs like services)  -  still runs courier
<Ichat> not that i agree with them  or even the slow development of ebox ....  but its still ubuntu's (first bet -  as theres still to few support for webmin /usermin    -  specially for sbs- likes
<guntbert> Ichat: please when mentioning webmin remember that it is not supported and may break your system severely, as it cannot deal with some config files in ubuntu/debian
<guntbert> Ichat: otoh: do you have an ubuntu system with ebox? are you content with that?
<ccheney> so i got past the groovy bug but now it seems my nc isn't showing up it says i can run 0/0
<hggdh> ccheney: is it really up?
<ccheney> hggdh, hmm i think so, not completely sure
<ccheney> i'm going to shut it down and bring it back up and see if it works
<hggdh> try ssh-ing there and checking; also verify KVM is loaded
<ccheney> hggdh, i didn't see anything that stuck out in /var/log/eucalyptus, but not sure what is wrong
<hggdh> so eucalyptus-nc is running... what does euca_conf --list-nodes say?
<ccheney> euca_conf doesn't like me
 * ccheney looks to see if he did something wrong in the howto
<hggdh> euca_conf likes nobody ;-)
<hggdh> try (on the CC) sudo euca_conf --discover-nodes
<holmser> I want to test my spam filter.  Where can I post my email address to make sure that I get a ton of spam?
<ccheney> hggdh, well it claims it can't get credentials
<ccheney> hggdh, http://pastebin.ubuntu.com/451768/
<hggdh> ccheney: oh, you must run it as root
<ccheney> hggdh, oh ok
<ccheney> hggdh, discover-nodes says:
<ccheney> INFO: We expect all nodes to have eucalyptus installed in //var/lib/eucalyptus/keys for key synchronization.
<ccheney> so it seems like either i botched up my maverick install or there are problems with registering on it using automated method
<hggdh> seems like the keys did not get propagated
<ccheney> yea, going to try the package install instructions to see if that works for registering the node
<ccheney> should there be a eucalyptus-nc-publication on the cloud controller in the 2 system setup?
<ccheney> or is that to just run on the nc?
<hggdh> the problem is that there is not really a way of propagating the euca keys without manual intervention of some sort
<hggdh> at least, none that I know of
<ccheney> hggdh, kvm is not running on the nc btw
<ccheney> hggdh, i tried running: sudo -u eucalyptus ssh-copy-id -i ~eucalyptus/.ssh/id_rsa.pub eucalyptus@<IP_OF_NODE>  which did not help
<ccheney> it did seem to do something but didn't help make the node show up
<hggdh> ccheney: run kvm-ok -- what does it say?
<ccheney> hggdh, says its good
<ccheney> hggdh, this is the same two boxes i have been previously using on lucid and did maverick reinstall for them to test the kernel bug
<ccheney> maybe i should just pull the old a1 image down instead of using my synced current iso, it may have less trouble :-\
<hggdh> ccheney: the euca keys are stored under /var/lib/eucalyptus/.ssh
<hggdh> hah, you already did iy
<hggdh> it
<hggdh> ccheney: er. Shouldn't the target be ~/.ssh/authorised_keys?
<hggdh> dammit. authorized_keys. This s and z thing catches me every time :-(
<ccheney> yea its there 4 times now, heh
<ccheney> i'm going to give up trying to debug that issue and just download alpha 1 and see if it works
<ccheney> if that does then we know something else bad is happening with current
<ccheney> heh i just noticed there is a high bug about node reg
<goldins> I'm running UEC on 10.04 and when I run euca_conf --list-nodes it returns a blank line. How do I fix it?
<hggdh> goldins: this sounds like your node(s) did not register
<goldins> hggdh: I tried running euca_conf --register_nodes and it seemed to work fine, but it still returns a blank line
<goldins> Trying rsync to sync keys with "165.112.92.216"...done.
<hggdh> goldins: ssh into there, check if (1) eucalyptus is running; (2) run 'kvm-ok' and verify all is fine
<goldins> hggdh: how do I tell if eucalyptus is running?
<hggdh> ps aux | grep eucalyptus
<goldins> well that returns apache's threads and avahi's publish thread
<goldins> is that all it takes for euca to be running?
<Ichat> guntbert:  its not bad if it works
<goldins> incidentally, kvm-ok says that kvm is disabled in my bios
<Ichat> witch is not allways sadly to say
<Ichat> i got new info on my boot problem...
<guntbert> Ichat: up till now I tried it twice and removed it immediately from the machine - I want a manager software that works directly on the config files of the system and not on it own ones - thats why I was asking
<Ichat> i build a new set of  faikraids    1   4x 6gb  raid 1  = /root       4x  1gb   raid 10 - swap     and  the rest in raid 5..    here is the deal i get the same error bunt...
<Ichat> guntbert - i understand yah,   - thats its real drawback - that and the slow development of it
<goldins> I would say that this is a bug, as it warns you while installing the CC that you must have VT turned on but doesn't warn you when installing the NCs
<Ichat> the error i get ;s       mdadm does not have a valid installeble candidate   it may be outdated or for a diferent system  -      even though its required by a diferent package......      base-setup  error   code 100
<ccheney> hggdh, i think my install might have gotten messed up due to the groovy bug and installing groovy may not have been enough to salvage it, in the process of installing the a1 version now
<DUEDAHL> is it possible to control the bandwith on my ubuntu-gateway's NICs? so fx. dmz gets 10mbps/10mbps and LAN gets 40mbps/40mbps?
<jmedina> sure
<jmedina> DUEDAHL: sure
<DUEDAHL> how? :)
<jmedina> you mean local traffic?
<jmedina> or internet?
<DUEDAHL> internet
<jmedina> damn I only get 2mbps XDDD
<DUEDAHL> haha :D
<jmedina> Im jelous I wont tell you
<jmedina> XD
<DUEDAHL> :D
<jmedina> well it not that easy
<jmedina> you can use tc for that
<jmedina> I gess you already have iptables
<DUEDAHL> yep
<jmedina> I prefer shorewall for easy traffic shapping
<jmedina> with new kernels you can get egress and ingress traffic shapping
<jmedina> if you you can use tc command by hand
<jmedina> DUEDAHL: what do you use for your firewall ruleset?
<DUEDAHL> commandline
<DUEDAHL> i think im gonna try tc..
<DUEDAHL> is shorewall gui?
<jmedina> nop
<jmedina> it its file based
<DUEDAHL> ok
<jmedina> you write rules and then shorewall will create iptables, ip, and tc rules
<hggdh> goldins: if kvm is disable on your node... are you usaing kvm for the virtualisaiton?
<DUEDAHL> ok cool
<hggdh> ccheney: yes, start fresh, probably a good idea
<Rigorm0rtis> Hello, I am having a problem with Ubuntu 10.04 server. When I transfer a  large over the network to the server hard locks during the transfer. This happens over ssh, and samba. The destination directory is an ext4 2tb hardware raid10 array. When I create a large file locally on the machine it does not crash. Memtest reports no errors after 3 passes. Does anyone have any ideas? I have a few...
<Rigorm0rtis> ...logs. I was able to set up a netconsole, and saw the output of a kernel oops (http://paste.ubuntu.com/451797/) on my logging machine. I also grabbed all of the other logs off of the machine after rebooting it.
<hggdh> Rigorm0rtis: good! Now, please open a bug on this -- make sure you add in the OOPS text in toto you captured
<Rigorm0rtis> hggdh: Where do I open the bug?
<hggdh> on https://bugs.launchpad.net; you must have an account there
<Rigorm0rtis> I have an account. How do I create a bug report?
<hggdh> probably a good idea is to run 'ubuntu-bug -f --save=<whateverNameYouWant> linux' on the server, and save & move the resulting crash file to a desktop, where you can then
<hggdh> move to a desktop and run 'ubuntu-bug -c <whateverNameYouWant>'
<hggdh> Rigorm0rtis: then manually attach your OOPS log (from the serial console)
<ccheney> hggdh, ok reinstall fixed it :)
<ccheney> so current maverick seems to have issues probably due to groovy that aren't fixed by just installing the old version from the ppa
 * ccheney now gets to testing the kernel issue
<Rigorm0rtis> So, is that ubuntu-bug program a part of the bug sumbission system?
<kirkland> ccheney: hey
<ccheney> kirkland, hi
<kirkland> ccheney: Daviey confirmed that updating that symlink allows maverick's euca to start
<kirkland> ccheney: i just forwarded you a mail
<ccheney> kirkland, ok, i tried installing the current maverick and then using the groovy from ppa but it refused to ever let me register the node, i am not sure why though
<ccheney> kirkland, so i reinstalled back to alpha 1 and that worked for me
<ccheney> upgrading from alpha 1 iso install to current might work though with the change listed in the email
<hggdh> Rigorm0rtis: yes, it is the best way to report -- in your case, it will collect a lot of data (logs, etc) that will help triage
<Rigorm0rtis> hggdh: Okay, sounds good. I'm assuming at some point it will give me a chance to attach that netconsole output?
<hggdh> Rigorm0rtis: after the bug is filed, you will have to manually add it in, as an attachment
<Daviey> ccheney: fresh maverick install, sudo ln -sf /usr/share/java/groovy-all.jar /usr/share/eucalyptus/
<Daviey> groovy.jar
<Daviey> (line break fail)
<ccheney> Daviey, ok, will try that out later after doing the kernel testing
<Daviey> ccheney: you rock.
<ccheney> Daviey, on the kernel issue did you just need to revert the kernel on the nc or both?
<Rigorm0rtis> hggdh: All right, I think I'm getting it now. Unfortunately, I won't be able to access the troublesome box until Monday. Thanks for you help.
<Daviey> ccheney: just the main cloud
<Daviey> you don't even need an nc to test tbh
<ccheney> Daviey, ah ok
<Daviey> jiboumans: Ping
<jiboumans> Daviey: pong
<DBeets> What's the "Install minimal virtual machine" mode entail?
<DBeets> I'm trying google but my google-fu is apparently weak...
<ccheney> ok this is weird
<ccheney> i installed 2.6.33 and now it won't give me console access anymore, just ssh
<Daviey> ccheney: i think that is a known bug
<ccheney> lol
 * Daviey is starting to dislike maverick
<Daviey> ccheney: it's nearly middnight here.. so i'm going... have a splendid weekend.
<ccheney> what do you hit to actually have grub show the menu? i thought it was hold down shift but that doesn't seem to work
<Daviey> ccheney: Oh, could you mail me your findings, when you knock off..
<ccheney> Daviey, have a good weekend :)
<ccheney> ok
<Daviey> ccheney: i thought ANY key :/
<Daviey> \o
<ccheney> hmm ok, it seems to hate me :)
<hggdh> ccheney: try ESC
<ccheney> hggdh, ok, i tried shift again and it worked, i found out i had to hold it down after it showed the grub loading message for a few seconds it seems
<Ichat> what the *#$%% is wrong with ubuntu server 10.04 x64 .... it just seams like they trashed softraid rather than to 'improve'  it
<JackTO> Hi All, I have a question.. I'm new to Apache, and I have a web template that purchased, am I better installing it into the default dir /var/www directly in this folder or better creating a sub folder for every website I want to host (if I can do that?, but I don't want users to have to type the subdirectory when they come to my domain)
<Ichat> i fully zerrowed my 4 disks to exactly start all over again with new disks,  and still the installer give me unclear  unsolvable ???? -  mystery  error messages about mdadm being wrong
#ubuntu-server 2010-06-19
<Ichat> jackTO -  if your that new to apache and all -  you might want to 'look'  for a 'of the shelve '  solution for your webhosting needs,    i.e.   isp-config
<Ichat> or webmin/usermin
<Ichat> i.e. those will also manager your 'domain  issues for you    like   domains   and sub.domains and all
<JackTO> isthere any performance gain of havin files in root vs virtual host, i'm using webmin
<Ichat> nope - cuze vhosts  are running on there own child processes....
<Ichat> as if they are seperate programms in sort
<JackTO> so its cleaner having every site in its own serpearte directory
<Ichat> yep
<JackTO> cool thanks
<Ichat> yw
 * ccheney is close to knowing which kernel broke it
<ccheney> Daviey, 2.6.33 seems to be the culprit
<hggdh> kirkland: stretching out the run-instances lowers the amount of failures
<ccheney> Daviey, strike that, i am not sure why i thought 33 failed, it seems to work now, i might have been looking at the wrong kernel
<JackTO> hi all, I'm trying to run an php script on my newly consigured 10.04 server running LAMP, but when I try to access the php page from a browser, i get a blank white screen..any idea of what going on?  is there any way to make sure php is running?  is it setup by default?
<ccheney> argh!
<ccheney> upgrading to current maverick and creating the symlink still leaves it not seeing any NCs for me :-\
 * ccheney goes off to find dinner
<JackTO> if i messed up apache by deleting the default virtual host, is there an easy way to reinstall apache fresh with the orig files
<jmarsden> JackTO: sudo apt-get purge apache2 && sudo apt-get install apache2     # should work fine?
<chewbranca> I'm following this guide http://cssoss.wordpress.com/2010/05/10/eucalyptus-beginner%E2%80%99s-guide-%E2%80%93-uec-edition-chapter-4-%E2%80%93-image%C2%A0management/ to build a custom EMI image, I've got the OS installed and I can connect in with vnc through the node, but I can't connect to the instance itself, its sitting on a different subnet and I can't get to it, any ideas on how to connect in?
<kaushal> hi
<kaushal> is it a good place to discuss about tcpdump ?
<Jack-in-Box> anyone know what this ioCube crap does?   my php script apparently won't work unless I install it...   and I did, but it still doesn't run...
<Jack-in-Box> ioncube
<jmarsden> It's a PHP obfuscator/encoder thing for commercial PHP ... not much use of that in Ubuntu.  Your PHp scriupt, if you wrote it, does not need ioncube.
<Jack-in-Box> well, i bought some php software to run a social network site at work, but it has an installer that requires it...  well maybe the whole software requires it i dunno..but the install.php just comes up as a blank page
<Jack-in-Box> i tried to install it, and created a test.php that shows its there, but i don't think its working
<jmarsden> Jack-in-Box: Then you are stuck unless you can make it work, or find open source social network software to replace it...
<Jack-in-Box> is ubuntu compatible with ioncube?
<jmarsden> I have no idea.  ioncube does not seem to be in the Ubuntu repositories, so it is not well known/well supported by the Ubuntu community, as far as I can see.
<Jack-in-Box> fair enough...
<Jack-in-Box> ya hard to find stuff on it....
<Jack-in-Box> what is the advantage of a developer using it?
<jmarsden> They can prevent others from reading/copying their (closed source) code.  So they can sell it.  As far as I know, that's all.
<Jack-in-Box> ahh, that makes sense, the author was very concerned about that...  lol
<Jack-in-Box> hate closed source code!!!!
<jmarsden> Ubuntu is much more about open source software... look harder for open source tools that will do what you need.
<Jack-in-Box> i agree
<unewbie> i can't connect to my kvm guest os, the host and guest are hardy server
<Error404NotFound> I am about to create a script that will create/delete, enable/disable vhost from a reverse proxy box. This script will be only accessed by my web application residing on another box. What language should i use? and how should app-box access the script?
<Error404NotFound> I am very concerned about security, so i can't write in php as i will have to allow system(), and such functions.
<SpamapS> Error404NotFound: how are you going to create/delete enable/disable the vhost?
<Error404NotFound> SpamapS, by creating a file in /etc/apache2/sites-available
<SpamapS> Error404NotFound: I'd create a different dir than sites-available .. just to keep the dynamic stuff seperate.
<Error404NotFound> SpamapS, ok, and? question is what language to use, how to call this script for my app-box (using a cakephp built app) and how to supply paramters, all over a secure channel.
<SpamapS> Error404NotFound: you should also have the script running on a different instance of apache on an unknown, different port.
<SpamapS> Error404NotFound: then you can use PHP if you want... just lock it down so only the reverse proxy can do it.
<Error404NotFound> SpamapS, should this script be actually available on web?
<SpamapS> Error404NotFound: I'd say definitely not. ;)
<Error404NotFound> SpamapS, yes, then why use a different apache? i mean isn't there any other method to call script from another box and supply paramters?
<SpamapS> Error404NotFound: you can run the different apache as a different user, that way only *that* apache can write to the configs of the public one.
<SpamapS> Error404NotFound: yes, you could just use ssh. :)
<Error404NotFound> I am thinking about running a IP based restricted nginx vhost on 8899 (or random) port to host that script. But again, should it really be in PHP?
<Error404NotFound> If i use same PHP with nginx and Apache, the function disallow applied in /etc/php5/php.ini will be applicable to both, right?
<Error404NotFound> yes, the one used with nginx will be fastcgi one, so its php.ini will be different, /etc/php5/cgi/php.ini
<Error404NotFound> Now question is should be it be in PHP? if i use PHP i would need system() only once to reload apache.
<SpamapS> Error404NotFound: again, you could just as easily do this w/ ssh
<Error404NotFound> SpamapS, ssh is not an option :'( I need to look for a php-ssh library
<SpamapS> Error404NotFound: you have php on your reverse proxy too?
<Error404NotFound> SpamapS, my app-box is as Cloud Site on Rackspace so i can't modify packages in the operating systems.
<Error404NotFound> SpamapS, no, but if i write the script in php, i will need to install it.
<SpamapS> Error404NotFound: how often are these virtualhosts going to be added?
<Error404NotFound> SpamapS, quite often, launching a lot of new service/product every now and then...
<uvirtbot> New bug: #595855 in apache2 (main) "proxying SSL throws errors" [Undecided,New] https://launchpad.net/bugs/595855
<madneon> hello, ldap on 10.04 anyone?
<madneon> did anyone manage to install openldap on 10.04?
<tdn> Can I use Ubuntu server as a sound server, so that I can stream sound from programs like mplayer on the clients and then stream the sound to the server, who will then output the sound via its sound card?
<Psi-Jack> I understand that OpenVZ support was removed in Ubuntu but was going to be replaced with LXC. Is this the case with Ubuntu 10.04 that LXC is fully available to run?
<jo-erlend_> tasksel just did something quite insane. I run "sudo tasksel remove mail-server" and it installed lots and lots of stuff, including phpmyadmin. Why is that?
<jo-erlend_> it _removed_ lots of stuff, I meant.
<jo-erlend_> why would it remove seahorse, for instance?
<RoyK> jo-erlend_: I guess it removed the stuff depending on mail-server
<Error404NotFound> how can i configure apache reverse proxy so that it loads some files from its docroot instead of the proxy box? like robots.txt?
<zermann> Hi, i'm installing ubuntu 10.04 server on a western digital hard disk with 4k sectors. I have to manually align partition?
<kamaze> sup
<kamaze> following: After upgrading to Lucid, the ram usage of my server nearly doubled
<kamaze> is there a way to track down the cause?
<kamaze> i mean, from 500MiB to 1 GiB within 3,5 GiB avail Ram... it doesn't really matter, but it annoys me
<guntbert> kamaze: how did you measure the ram usage?
<kamaze> guntbert: monitored it using Munin
<kamaze> Already upgraded mid May, since then, 100% increase
<kamaze> http://dl.dropbox.com/u/3710383/memory-year.png
<kamaze> @ guntbert
<guntbert> kamaze: I've never used munin, so I cannot tell - but maybe just what it regards as "apps" has changed?
<kamaze> Can't belive that
<kamaze> because free -m normally says the same
<kamaze> +/- buffers
<GeorgeJ> Hello, I'm having a problem with my 10.04 ubuntu-server instalation. Theer has been a power outtage recently and my software raid array seems to have faulted. The booting process is now stuck at fsck, it says my root partition is clean, then it stucks. I've tried booting with fastboot, fsck still runs, I also can't seems to be able to enter recovery mode. I think the problem is mountall tries to mount the fault raid array from fstab. How can I bypass 
<madneon> GeorgeJ: maybe the raid is syncing in the back...
<GeorgeJ> Yes, it most probably is, I could try to fix it, but I can't get into any console :(
<madneon> wll I mean, maybe wait a little longer, see whats happends than
<GeorgeJ> The system is stuck like this for about 3 hours
<GeorgeJ> No progress bar, no nothing, fsck confirms that my root partition is okay, then hangs
<Jack-in-Box> hi all...   one of my servers that I just colocated i running very slow - bandwidth wise..  is there any command line util that can do a real bandwidth test, and check the config to make sure everything is in order?
<RoyK> Jack-in-Box: an rsync of a file from one site to the other should normally work well
<RoyK> there are more advanced ways to do this, with netcat etc, but rsync will probably suffice
<Jack-in-Box> mmmmm... wil it tell me the speed per second?
<RoyK> Jack-in-Box: that'll be quite easy to figure out if you do something like dd if=/dev/urandom of=somefile bs=1M count=128, transfer the file, and devide 128 megs by n seconds
<RoyK> time rsync ....
<Jack-in-Box> true...
<Jack-in-Box> looking at iperf
<Zelest_> not sure if this is the right place to ask.. I've asked in #kvm as well, but seeing it involves libvirtd, I'm not sure where to ask.. but I've been running several kvm instances under Ubuntu and I seem to have horrible performance after I upgraded to 10.04 .. I suspected it was ksmd at first and disabled it without any difference.. any ideas what might cause my huge CPU load?
<Zelest_> I used to run 8 virtual machines in 9.10 with close to 0 load avg.. now I have a contant load avg of 1-1.5 while running 6 machines.
<RoyK> Zelest_: I think #ubuntu-virt is the politically correct place to ask
<Zelest_> Aah
<ScottK> Asking here is fine, but the odds of finding an actual answer may be higher in #ubuntu-virt
<ne7work> hello all, how can i install only gnome not ubuntu-desktop on my ubuntu 9.04 server?
<remix_tj> ne7work: install the gnome packages
<remix_tj> maybe the only gnome packet has all the needed dependencies
<ne7work> and what I need to install sudo apt-get install what?
<remix_tj> sudo aptitude install gnome
<ne7work> only gnome?
<ne7work> remix_tj,
<ne7work> here?
<remix_tj> yes
<ne7work> not gnome-desktop-enviorment?
<remix_tj> !info gnome
<ubottu> gnome (source: meta-gnome2): The GNOME Desktop Environment, with extra components. In component universe, is optional. Version 1:2.28+1ubuntu3 (lucid), package size 16 kB, installed size 56 kB
<remix_tj> i think this is the correct package
<remix_tj> !info gnome-desktop-environment
<ubottu> gnome-desktop-environment (source: meta-gnome2): The GNOME Desktop Environment. In component universe, is optional. Version 1:2.28+1ubuntu3 (lucid), package size 2 kB, installed size 44 kB
<ne7work> what is the different
<remix_tj> ne7work: nothing, it's the same pkg
<ne7work> gnome is with extra components?
<remix_tj> yes, that's the difference :-)
<ne7work> and what is extra components?
<uvirtbot> New bug: #596312 in bacula (main) "dbconfig-common doesn't prompt for password when using software center" [Undecided,New] https://launchpad.net/bugs/596312
<Chriz> Hi
<Chriz> how can I force remove flashplugin-installer? http://pastebin.com/MQNJyZga
<ruben23> hi guys any application i can used to deploy a network install a linux destop  with same image and haradware specs like around 100 PC
<ruben23> this is ubntu-desktop
<Chriz> Can I make a raid without using the boot cd?
<madneon> yes
<madneon> look at mdadm
<jeremyn> any suggestions on what to use to host my own openid server on ubuntu? i've read the most about phpmyid but it's not in the repos. the only Canonical-supported package for "openid" is python-openid, which looks more like a library than an application.
<jeremyn> though, python-openid does apparently come with a standalone server as an example
<larsemil> ruben23: i would make an image and just dd it to the drives. works most of the times. alternate would be some kind of PXE
<ruben23> larsemil:what are the tools i can used for imaging..?
<larsemil> ruben23: dd
<ruben23> larsemil: any guide or how to, do do it with dd.
<uvirtbot> New bug: #596332 in apache2 (main) "package apache2.2-common 2.2.14-5ubuntu8 failed to install/upgrade: el subproceso script post-installation instalado devolviÃ³ el cÃ³digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/596332
<Psi-Jack> Curious. Anyone know how I could mount a specific partition that's stored within an LVM volume? This is a KVM LVM disk image and I'm trying to mount a specific partition that's within the volume itself.
<guntbert> Psi-Jack: what is a "partition within a LVM volume"?
<Psi-Jack> guntbert: Exactly that.
<Psi-Jack> A partition table that's in an LVM Logical Volume
<guntbert> Psi-Jack: I don't partition my LVM volumes - thats why I asked?
<Psi-Jack> guntbert: Like I said, this is a KVM disk volume, so the installation of a Linux inside the VM did the partitioning itself.
<cjohnston> was there no meeting this past week?
<guntbert> Psi-Jack: sorry, I don't get it - but I obviously cannot help - so just ignore me :-)
<cjohnston> Daviey: ping
<Daviey> cjohnston: \o
<cjohnston> was there a meeting this week?
<Daviey> cjohnston: yes, i thought you were there :S
<cjohnston> nope.. wasnt there..
<cjohnston> trying to find the logs for UWN.. but i dont see them
<Daviey> cjohnston: I'm middway through prepairing the meeting logs
<cjohnston> the other cj may have been there..
<cjohnston> ok.. cool thanks
<Daviey> ah, yes - sorry
<resno> i just installed vmware and the management site isnt showing up. when i read the source, it mentions issues with my browser not reading xml
<Daviey> cjohnston: What is the deadline for UWN?
<cjohnston> normally posted sunday afternoon est.. we are checking the links right now and it wasnt working.. :-)
<Daviey> cjohnston: I'll have the meeting logs published within 2 hours of now, is thta ok?
<cjohnston> awesomeness
<cjohnston> thanks alot
<Daviey> cjohnston: np
<cjohnston> :-)
<Daviey> cjohnston: You could include my "awesomeness" in UWN if you chose to :P
<cjohnston> headline, Daviey is full of awesomeness
<cjohnston> lol
<Daviey> \o/ :)
<resno> should i got to vmware server chat for help?
<ruben23> hi guys anyidea whats the difference betwwen OPenVZ with KVM..
<bogeyd6> resno, depends, i am very versed in vmware server
<resno> i recently installed vmware server on my ubuntu server. when i try to access the site at *:8222, it directs to *.8333/ui/ then stops. and nothing furher happens.
<resno> i have already added the exeception for the self signed certificate
<resno> bogeyd6: ^
<bogeyd6> oh
<bogeyd6> its a bug in vmware server
<bogeyd6> you simply need to clear the firefox cache or use IE
<bogeyd6> resno ^
<resno> bogeyd6: tried ie, no such luck
<bogeyd6> you get the error loading page in the bottom?
<bogeyd6> clear the IE cache
<bogeyd6> files and cookies
<bogeyd6> i promise it will work
<bogeyd6> UNLESS  you failed in building any of the vmware modules
<resno> ok, let me try it
 * resno looks for option in IE
<bogeyd6> tools -> delete browsing history
<bogeyd6> or tools -> options, on general tab
<resno> ok, trying it now
<bogeyd6> close the browser when its done clearing
<bogeyd6> then try again
<resno> ok, im waiting for it now
<resno> bogeyd6: is chrominum any better? ie has ben "connecting" forever
<resno> i finally got a logo in ff, but thats about it
<resno> logo=favicon
<resno> bogeyd6: three browsers later. i got a login screen :)
<bogeyd6> resno, awesome
<bogeyd6> you should have been using vmware server 1
<bogeyd6> vmware server 2 sucks because the ie addon or firefox plugin makes the browser crash
<resno> i followd the tutorial from https://help.ubuntu.com/community/VMware/Server
<resno> heh, looks ill have to keep the windows machine around after all :)
<resno> thanks bogeyd6
<BiggFREE> Hi
<malchias> I am attempting to setup SSL.   I've modified the default-ssl vhost container with <Virtualhost :433>, ports.conf with Listen 443, and done a force-reload and restart but apache2ctl -S only shows :80.   Oh, I also did a a2enmod ssl.   What am I missing?
<malchias> apache2ctl -t says syntax ok, and it restarts ok serving http fine, but not https (using a self signed cert)
<malchias> doh, apparently I have to a2ensite default-ssl
<cloakable> :P
<uvirtbot> New bug: #596363 in bind9 (main) "db.root needs update for i.root-servers.net AAAA record" [Undecided,New] https://launchpad.net/bugs/596363
<Akiraa> Is there a tutorial on how to get KVM virtualization going on Ubuntu server 10.14 LTS (Lucid)? I tried following this: http://www.ideyatech.com/2010/05/virtualization-with-ubuntu-1004-lucid-lynx  my problem is in the comment section
<electrofreak> hi
<electrofreak> just setup ubuntu-server 10.04 and setup samba... it wont show up on my windows computers. (I have to use the server's IP to connect to shares). Any ideas?
<malchias> any firewalls?
<sebsebseb> apparantly the server edition is basically just the desktop version, but without a gui, so maybe this is all you need
<sebsebseb> !samba
<ubottu> Samba is the way to cooperate with Windows environments. Links with more info: https://wiki.ubuntu.com/MountWindowsSharesPermanently and https://help.ubuntu.com/10.04/serverguide/C/windows-networking.html - Samba can be administered via the web with SWAT.
<electrofreak> malchias: no.... unless the latest ubuntu-server has a firewall by default?
<sebsebseb> right back to #ubuntu
<electrofreak> sebsebseb: heh. does it really mater where I ask? samba is the same for desktop and server....
<sebsebseb> electrofreak: yes I was thinking  that
<sebsebseb> pretty much straight away, after I told you to come here
<malchias> electrofreak: I mean, there are multiple acl/fw points to check:  your windows boxes, the router, any intelligent switches, etc
<electrofreak> I just wonder if there is something I'm missing. in the past, I've never had this problem with samba
<electrofreak> malchias: well, I see other windows boxes on my box...
<malchias> narrow it down to why it's failing.  Can it connect, is there a message, etc
<electrofreak> malchias: yes, I can connect if I use \\<ip> ... it just isn't seen in the network neighborhood thing
<malchias> by default windows has a firewall, and 445,135 are open... I don't know samba, but make sure it's allowed (disable the windows firewall and see if you can connect)
<electrofreak> malchias: wait....
<electrofreak> malchias: I think I just fixed it... ugh. stupid differences between old and new ubuntu....
<malchias> cool, what's the fix?
<electrofreak> malchias: it used to be if I just ran /etc/init.d/samba restart, both smbd and nmbd would restart
<electrofreak> but now that isn't there
<malchias> I see, cool
<electrofreak> so.... I just manually started nmbd and it showed up right away
<electrofreak> why'd they switch to this Upstart stuff?
 * malchias is a noob - here to learn, doesn't know :)
<jmarsden> electrofreak: upstart allows parallel startup of services... much faster boot times in some circumstances...
<electrofreak> jmarsden: ah. ok. that is one thing I liked..... this thing now boots up in almost seconds.
<jmarsden> Faster boots are very important for netbook users, for example... it was a major goal for this release...
<electrofreak> I like that they made setting up RAIDs in the install super simple now...
<electrofreak> last time I full installed was 8.04 LTS.... lots has changed since then
<jmarsden> Yes, 8.04 was a long time ago :)
<electrofreak> jmarsden: yea... I had upgraded my 8.04 to 10.04... but then last night had an unexpected "eff" moment with 'rm'... and my back-up was basically useless (and a month old, anyway)... so I hadn't intended to reinstall, but ended up having to
<electrofreak> jmarsden: I think it's a good thing, tho. cleans up lots of cruft and such
<jmarsden> rsnapshot (and some spare disk space) can really help with those kinds of mistakes... on my desktop here I have hourly backups of /etc and the parts of /home I care about, and then daily, then weekly, then monthly... all automated... :)
<electrofreak> jmarsden: well, I actually had /etc and /hom and /var, so nothing critical was lost....
<electrofreak> I honestly don't even know what the problem was... all files were there, like I could see and read everything from a livecd....
<electrofreak> but, for some reason trying to chroot to it or boot from it, wasn't working. things like /bin/bash claimed they weren't there.
<electrofreak> I think the FS was somehow messed up, but I don't know how or why
<Akiraa> Has anyone configured KVM on Ubuntu server 10.04 (Lucid) ?
<ruben23> hi anyone have idea how to kickout a users login on my server using ssh..?
<malchias> ps -aux | grep pts
<malchias> kill -9 <theirpid>
<malchias> perhaps there is a more eloquent method though
<amstan> killall -u username
<malchias> that will kill all services logged in or running as that user name
<bogeyd6> resno, why do you need to keep the windows machine around?
<ne7work> hello all
<electrofreak> ne7work: hi
<ne7work> i have problem with nvidia driver on ubuntu server 9.04 with sudo apt-get install gnome
<ne7work> and i don't have sound
<ne7work> i have one error when i try sh ./nvidia-..
<electrofreak> ne7work: what's the error?
<ne7work> miss binitus
<ne7work> or what is this..
<ne7work> i don't remember
<ne7work> i go to see ?
<ne7work> electrofreak, binutils
<ne7work> li kyv package
<ne7work> electrofreak, echo?
<electrofreak> ne7work: did you install binutils? sudo apt-get install binutils
<ne7work> and now?
<jmarsden> ne7work: Why are you trying to load nvidia drivers on a Ubuntu Server... Ubuntu server has no GUI anyway, by design....
<ne7work> i install only gnome..
<ne7work> and I need this ubuntu for listen music, skype, web server, hlds and counter-strike
<jmarsden> On a server?  Hmmm.  Then you should install Ubuntu desktop, not Ubuntu server :)
<electrofreak> ne7work: do you need it for server things?
<Ichat> hi can anyone help me to 'finally'  get ubuntu  10.04 setup with  software raid  (i tried  x64 but it seems to  have error with mdadm  failing / wrong (or old? ) version   - missing or other error  with  an error at the end of the 'base- installer
<ne7work> i write sudo apt-get install gnome on ubuntu server 9.04
<ne7work> this is more fast than ubuntu desktop
<jmarsden> ne7work: It will be much easier to install Ubuntu Desktop if you actually want a desktop machine.
<ne7work> i need this two..
<ne7work> desktop/server ..
<ne7work> because that i install gnome only
<ne7work> not ubuntu-desktop
<Ichat> ne7work  -try ubuntu light edition
<ne7work> i go to try now with binutils
<electrofreak> ne7work: if I needed it for such things.... I would install desktop and just install the server packages I required on the desktop version...
<Ichat> its better for your needs and still is geared to desktop use
<electrofreak> well... binutills should be installed already, heh
<electrofreak> I'm confused as to why he has to leave to install these things...
<ne7work> what is the light edition?
<ne7work> and how to install kernel-sources?
<electrofreak> ne7work: netbook edition?
<electrofreak> ne7work: you can apt-get the kernel sources
<ne7work> why netbook?
<ne7work> what i need to write
<ne7work> to apt-get
<ne7work> ...
<ne7work> kernel?
<electrofreak> ne7work: you asked what the light edition is.... netbook is pretty darned light
<electrofreak> apt-get install linux-source
<electrofreak> apt-get install linux-source-<version>
<ne7work> what version i need?
<ne7work> witch
<ne7work> wich
<electrofreak> ne7work: are you using 10.04?
<ne7work> 9.04
<ne7work> sec.
<ne7work> i go to try again to install nvidia..
#ubuntu-server 2010-06-20
<electrofreak> ne7work: I believe 'apt-get install linux-source' will figure out what version you need.
<ne7work> i need kernel-source
<ne7work> nvidia installer says me this..
<ne7work> i install linux-source
<ne7work> how to install kernel-source?
<electrofreak> ne7work: I believe 'apt-get install linux-source' will figure out what version you have right now
<malchias> does uname -r help?
<ne7work> electrofreak, how to see?
<ne7work> with upgrade?
<ne7work> one moment
<ne7work> ..
<ne7work> electrofreak, this is for linux-source 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
<electrofreak> ne7work: what is the output of 'uname -r'?
<ne7work> electrofreak, 2.6.28-19-server
<electrofreak> try apt-get install linux-server-2.6.28-19-server
<malchias> you can use `uname -r` in cases like that too
<ne7work> E: Couldn't find package linux-server-2.6.28-19-server
<electrofreak> try apt-get install linux-server-2.6.28
<electrofreak> er
<electrofreak> try apt-get install linux-source-2.6.28
<ne7work> 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
<electrofreak> try apt-get install linux-source-2.6.28
<ne7work> The following packages were automatically installed and are no longer required:
<ne7work>   dvd+rw-tools libao2 cdrdao portmap
<electrofreak> try apt-get install linux-source-2.6.28-19-server
<malchias> linux-source-`uname -r` ?
<ne7work> E: Couldn't find package linux-source-2.6.28-19-server
<ne7work> ne7work@ne7work:~$ linux-source-`uname -r`
<ne7work> bash: linux-source-2.6.28-19-server: command not found
<ne7work> ne7work@ne7work:~$
<malchias> linux-headers-`uname -r`, lol, you have to type apt-get install :)
<ne7work> linux-headers-`uname -r`
<ne7work> ne7work@ne7work:~$ linux-headers-`uname -r`
<ne7work> bash: linux-headers-2.6.28-19-server: command not found
<malchias> ne7work: consider what you are typing
<electrofreak> sudo apt-get install linux-headers-`uname -r`
<ne7work> electrofreak, this work
<ne7work> and now?
<electrofreak> try the nvidia stuff again
<electrofreak> probably need build-essentials, too
<ne7work> i'm bulgarian
<ne7work> what is build-essentials
<ne7work> my english is not so good
<ne7work> i need and creative x-fi titanium drivers :X
<electrofreak> build-essentials allows your computer to compile programs
<electrofreak> try 'sudo apt-get install build-essentials', then try the nvidia stuff again
<ne7work> well okay
<ne7work> :)
<ne7work> E: Couldn't find package build-essentials
<jmarsden> nvidia, creative x-fi titanium, etc really have NOTHING to with Ubuntu Server.  Please use #ubuntu for desktop support.
<jmarsden> And that package name is build-essential
<jmarsden> No 's'
<electrofreak> heh, opps
<electrofreak> try 'sudo apt-get install build-essential', then try the nvidia stuff again
<ne7work> jmarsden, i install sudo apt-get install gnome on my ubuntu server 9.04 not ubuntu-desktop
<ne7work> and i try to install drivers and..
<jmarsden> ne7work: You are doing something desktop related.  Using server as a GUI desktop is not recommended.  Use #ubutnu for desktop-related support.
<ne7work> i hate ubuntu desktop edition
<ne7work> :S
<electrofreak> why?
<ne7work> .. not good for hlds server
<jmarsden> You are more or less recreating it, sort of, here, and getting confused as you go.  Rethink.
<electrofreak> hlds should work just fine....
<ne7work> yes but on ubuntu 9.04 desktop edition..
<ne7work> without players cpu is 24..
<ne7work> on slackware 13.0 with 5 players cpu is under 1
<ne7work> ..
<jmarsden> Then find out why.  Instead of doing strange things with a GUI on a server.
<ne7work> i have only one PC
<jmarsden> So run Desktop Edition, and figure out the issue with hlds or whatever else you want to run on it.
<ne7work> on ubuntu desktop edition hlds run very sucks
<ne7work> and cpu on hlds is 24..
<jmarsden> Find out *why*, do not just keep repeating "it sucks" nonsense.
<ne7work> on win 7 and slackware 13.0 cpu is 0..
<ne7work> when play 0 players..
<ne7work> i need to try server edition without ubuntu-desktop :X
<ne7work> ..
<electrofreak> I have a feeling X would have nothing to do with that...
<jmarsden> ne7work: Great, then do that.  and use it as a server.  Only.  With no GUI.
<jmarsden> Server edition does not need nvidia drivers, and it does not need a Creative X-fi card.
<ne7work> i have only one PC how to play counter-strike without graphic enviorment?
<ne7work> i need for server and for desktop too..
<ne7work> ubuntu desktop is not good for me..
<jmarsden> Nor us Ubuntu server, because it has no GUI, and adding one is not recommended unless you are experienced with it, which you do not seem to be...
<ne7work> what is GUI?
<ne7work> desktop enviorment or what?
<electrofreak> ne7work: try debian.
<jmarsden> This homemade mix of desktop GUI and server will not always behave the way you seem to want.  GUI == Graphical User Interface.
<electrofreak> GUI - Graphical User Interface
<ne7work> electrofreak, i don't know how to install from netinst cd with pppoeconf how to configure pppoe connection for netinst install?
<jmarsden> ne7work: ask in #debian
<electrofreak> ne7work: I honestly have no idea... never used PPPoE.
<Ichat> pppoe = i did
<Ichat> quite a while ago though
<electrofreak> I can't imagine it being too difficult.... I think debian's installer should ask you for all the necessary info, which I'm sure you can enter if you could for ubuntu's installer
<Ichat> true
<Ichat> most of the time you only need    username  and pasword
<electrofreak> yea, that was my understanding... only looked at it a few times
<ne7work> well
<ne7work> i try before
<ne7work> and i try with graphical install and no where ask me
<ne7work> ..
<ne7work> :S
<Ichat> but -  to be honnest i dont think there is more about it than that,  -  noticing that hes not seeming to be wanting any 'good'  advice or help,  but rather just only what he wants to hear? -    ne7work -   1 pick your  flavor that suites you   (xubuntu - or ubuntulight  if you dont want the gnome-desktop bloat...     2  either go for   expert mode install  (or  change your  inet settings...
<Ichat> ...after your install completes
<Ichat> in the grafical setup / or on your desktop  / (config panel - it will show you a network settings  option   (change it from dinamic to  pppoe  and it will ask you the right info
<Ichat> the system may also  ask you for MTU's  and stuff -  i temper with them - you should NOT ever have to do so, (unless the person from your isp tells you to )
<ruben23> hi, on my host i already have put this-->http://pastebin.com/YSi3X5Yz  ---> but still i cant access uisng this http://Router.3trglobal.com/index.html
<ruben23> any idea
<ne7work> electrofreak, i go try install nvidia drivers
<electrofreak> ruben23: that is your local IP.... do you just want to access your local machine's webserver?
<electrofreak> ruben23: or are you trying to access it from another machine?
<electrofreak> ruben23: because that wont work
<ruben23> electrofreak:this is for my local machine server
<ruben23> my local client can access it
<electrofreak> ruben23: ok, who can't access it?
<ruben23> the outside, WAN
<ruben23> but what if i want to WAN able to access it is it possible..?
<electrofreak> ruben23: Router.3trglobal.com doesn't associate to an IP from my end.... is it setup through your DNS?
<electrofreak> running Router.3trglobal.com doesn't return an IP
<electrofreak> sorry, 'ping Router.3trglobal.com'
<ruben23> http://pastebin.com/1HuQep3x
<ruben23> that ip i didnt know
<ruben23> what should i do with this..? be able accessible to local and internet
<electrofreak> you need to setup the domain name. where did you get the domain 3trglobal.com from?
<electrofreak> do you own that domain?
<ruben23> i just made it up myself , its the hostname of my server..
<Ichat> rubuntu never use an  FQDN
<Ichat> instead for local perposes use stuf like    mydomain.lan   (as   .lan is non-existant as a tld
<ruben23> electrofreak:what should i do for my purpose..? should i used FQDN for this server as its host and point it..?
<electrofreak> I dunno exactly what you're trying to do... but you need a domain name that points to your server's IP if you want people to easily access it through the browser...
<electrofreak> does http://<servers_ip>/index.html work for you?
<ruben23> it doesnt
<electrofreak> what is the servers ip?
<electrofreak> ifconfig
<jmarsden> electrofreak: if server is behind a NATing router/firewall, that will not work.  Instead use     wget -O- -q http://whatismyip.org
<electrofreak> jmarsden: well, yea... I was trying to determine if he even has an outside IP
<jmarsden> OK... but how will ipconfig determine that??  Anyway, you are the one helping... I'm just saying, that's not a valid way to find your Internet public IP.  BTW, since he is connected to IRC, he *must* have a public IP.  Very few people have IPv6 *only* connections!!
<electrofreak> was gonna see if it was just a 192.168, 10..... or whatever... he still hasn't replied anyway
<ruben23> what you want..? local ip or public ip..?
<ruben23> the main goal only for this is be able to see the monitoring log of a file pointed to my server hostname..
<electrofreak> both, I suppose.... if you are behind a NAT.... you need port 80 forwarded to your server if you want the webserver to work
<ruben23> which is Router.3trglobal.com
<ruben23> but even locally i cant open it
<ruben23> do i need to open that..?
<electrofreak> do you have a webserver installed?
<jmarsden> ruben23:  On the server itself, if you do     wget http://127.0.0.1/index.html        what happens?
<ruben23> just a blank page, white page
<electrofreak> ruben23: does 'curl http://127.0.01' show the HTML code you would expect?
<electrofreak> sorry....
<electrofreak> ruben23: does 'curl http://127.0.0.1' show the HTML code you would expect?
<ruben23> i cant see it
<ruben23> blank only
<ruben23> electrofreak:what you think..?
<resno> bogeyd6-: i dont really want to keep windows around, but vmware wont work in other browsers, so i dont have much of an option
<electrofreak> ruben23: did you install apache or other webserver?
<electrofreak> does your server have a public IP?
<ruben23> electrofreak: i installed webserver and i used public ip also
<electrofreak> but that public IP doesn't work from the outside so people can view your website?
<bogeyd6-> resno, vmware server 1 uses a vmware client and not a browser, or you could use this
<bogeyd6-> !kvm | resno
<ubottu> resno: kvm is the preferred virtualization approach in Ubuntu. For more information see https://help.ubuntu.com/community/KVM
<rsousa> hi, has anyone installed 10.04 Server on a supermcro (H8DMT) via KVM on the IPMI board?
 * rsousa gets the installers screen all messed up :(
<uvirtbot> New bug: #596429 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.41-3ubuntu12.1 failed to install/upgrade: Package is in a very bad inconsistent state - you should  reinstall it before attempting a removal." [Undecided,New] https://launchpad.net/bugs/596429
<ideaman> what is everyone using to manage large scale deployments of ubuntu server?
<ScottK> I think puppet is the preferred solution.
<sarthor> HI. i want to configure ubuntu-server 10.04 as a hotspot server, do any one about tutorial or howto on the Intenret, i did search, but am not lucky to get the nicer link.
<newbie> hello
<newbie> i need help with iptables
<newbie> anyone here ?
<newbie> hello
<newbie> wise
<newbie> u here
<newbie> ?
<awanti_> Hi
<halvors1> I can't connect to my email server, i get this message: An error  occurred while sending mail: Unable to authenticate against the SMTP  server mail.skymia.net. It does not support authentication (SMTP AUTH) but  you have chosen to use authentication. Remove the option  "Use name and password" for this server or contact your service  provider.
<halvors1> When use the package dovecot-postfix how should i connect? Using STARTTLS, None or TLS/SSL?
<jmarsden> halvors1: Do what the error message says; thsi is anout SMTP AUTH, not TLS settings.
<jmarsden> You should use whatever that mailserver supports :)
<halvors1> So i have to use TLS?
<jmarsden> Not necessarily, no.
<jmarsden> You should use whatever that mailserver supports :)
<halvors1> Yes but i cant send mail useing none of them, no work....
<jmarsden> Then "contact your service provider", if that mail server does not work ...
<halvors1> i am the service provider ;)
<halvors1> Sending message failed.
<halvors1> Could not send  message using SMTP server mail.skymia.net of unknown cause. Make sure the  SMTP server settings are correct and try again or contact your system  administrator.
<halvors1> I get this when using STARTTLS
<jmarsden> You run mail.skymia.net?  Then you should know whether it uses TLS or STARTTLS etc.  You own it!
<halvors1> Sending message failed.
<halvors1> Could not send  the message because the connection to the SMTP server mail.skymia.net  failed. The server may be unavailable or refuse SMTP connections. Make sure the  SMTP server settings are correct and try again or contact your system  administrator
<halvors1> And this for TLS/SSL
<jmarsden> How exactly are you testing this mailserver?
<halvors1> I am a noob,m i am testing now, i only installed the package dovecot-postfix
<halvors1> ??
<halvors1> Trying to connect...
<halvors1> From Mozilla Thunderbird
<jmarsden> With what?  telnet?
<jmarsden> Ah.  Why not test it with something lower level, so you can see what it is doing?
<halvors1> But i want to send email from Email-Client not Telnet ;)
<jmarsden> Indeed.  But test it first!  BTW, I cannot even connect to port 25 on mail.skymia.netr from here at all...
<halvors1> ok
<jmarsden> Is your mailserver really on the public Internet?
<halvors1> Can you do it for me or?
<halvors1> I have tryed to setup this emailserver for 2 years...
<jmarsden> Only if I can see it... is it actually on the Internet -- is TCP port 25 of mail.skymia.net open?
<halvors1> I use port forwarding in my router...
<jmarsden> Are you 100% sure that is working?  BTW, if you are at home on a dynamic IP address, you will have some issues running a mailserver...
<halvors1> Port 25 is set to "Any"
<halvors1> Should i use TCP instead?
<halvors1> I have static IP to my home ;)
<jmarsden> I think you have postfix set to listen only on localhost, then?
<halvors1> How edit that?
<halvors1> in main.cf
<halvors1> i can post the main.cf at pastebin ok?
<jmarsden> What does   netstat -ntl | grep :25    say?
<halvors1> will test
<halvors1> http://pastebin.com/PctiQZkX
<halvors1> 502 5.5.2 Error: command not recognized
<halvors1> also netstat -ntl | grep :25
<halvors1> jmarsden: What does that mean?
<jmarsden> Huh?  No... at the shell command prompt on the server, do    netstat -ntl | grep 25
<jmarsden> Do    netstat -ntl | grep :25
<halvors1> i need to take a screenshot ;)
<jmarsden> Why?  Use pastebinit
<jmarsden> You should get one line of output...
<jmarsden> Huh?  No... at the shell command prompt on the server, do    netstat -ntl | grep 25 | pastebinit   if you can not cut and paste one line into IRC.
<halvors1> http://halvors.skymia.net/Skjermdump.png
<halvors1> i cant copy from putty...
<jmarsden> Why not?
<halvors1> so here is the screenshot.
<jmarsden> OK, screenshot says that you are listening on port 25 on all IP addresses, so your port forwarding must be wrong.
<halvors1> but i am on the local network...
<jmarsden> Yes, but I am not, so I can't test anything if your port forwarding is broken...
<halvors1> Here is my port forward for the server. http://halvors.skymia.net/Skjermdump-1.png
<halvors1> Someting wrong?
<jmarsden> I don't know... there are no IP addresses in there... it does not say what local IP it will forward port 25 to...
<halvors1> 10.0.0.2
<halvors1> is the ip..
<halvors1> http://halvors.skymia.net/Skjermdump-2.png (ss1 = 10.0.0.2) i add it to the servers profile...
<jmarsden> Well, all I can say is that both telnet and nmap show your port 25 on mail.skymia.net (84.49.231.146) as being blocked.
<halvors1> ok
<halvors1> so should i try to set it to 25 tcp
<halvors1> so can you test again with it?
<jmarsden> OK...
<jmarsden> Still the same, nmap says:    25/tcp filtered smtp
<halvors1> I have now edited it to 25 TCP
<jmarsden> Your port 110 is open just fine, by the way.
<jmarsden> No change to port 25.
<halvors1> ok
<halvors1> maybe the ISP is blocking it?
<halvors1> are the 110 port fine?
<halvors1> and what is 465 port
<halvors1> ?
<jmarsden> Possible, but a bit unlikely.  Yes, I can see dovecot running on port 110.  465 is smtp over SSL...
<halvors1> ok
<halvors1> can you try that?
<jmarsden> That's closed, nothing is listening on it, apparently.
<halvors1> hmm. It could be postfix?
<halvors1> Bot 25 and 465 is open in my router...
<jmarsden> netstat -ntl | grep :465
<halvors1> now only port 25 is open in my router, does it work now?
<jmarsden> No, now everything looks filtered
<halvors1> When trying netstat -ntl | grep :465 i did not get anyting...
<jmarsden> Then postfix is not listening on that port.
<jmarsden> Did you configure it to do so?
<halvors1> http://pastebin.com/PctiQZkX
<halvors1> here is my config file...
<halvors1> i only installed the dovecot-postfix package...
<jmarsden> I can't work that way... if you don't know how to configure postfix and the default config does not work for you, you are stuck.  You need to learn more about postfix and email servers in general, or fix the port 25 issue, and then come back to this.
<halvors1> ok
<halvors1> But here one say to me that i only need to install dovecot-postfix...
<halvors1> Its it right?
<jmarsden> And that is generally true, the defaylts usually work.
<halvors1> So then it shoul dwork...
<jmarsden> But for you they are not working, or you do not know how to test them, or both, and I can't test because of the port 25 issue...
<jmarsden> Yes, it should.
<halvors1> ok
<halvors1> thanks, will try to contact my ISP and ask them about the port 25..
<halvors1> bye
<jmarsden> OK.  Bye.
<halvors1> And thanks for help ;)
<uvirtbot> New bug: #596479 in clamav (main) "clamav-freshclam: fais if log folder doesn't exist" [Undecided,New] https://launchpad.net/bugs/596479
<uvirtbot> New bug: #596492 in ntp (main) "ntpq: write to localhost failed: Operation not permitted with no firewall enabled" [Undecided,New] https://launchpad.net/bugs/596492
<uvirtbot> New bug: #596497 in samba (main) "package samba-common 2:3.4.0-3ubuntu5.6 failed to install/upgrade: subprocess installed post-installation script returned error exit status 128" [Undecided,New] https://launchpad.net/bugs/596497
<RoyK> bug #596479 was rather stupid :Ã¾
<uvirtbot> Launchpad bug 596479 in clamav "clamav-freshclam: fais if log folder doesn't exist" [Undecided,New] https://launchpad.net/bugs/596479
<kim0> Hi folks, can ubuntu-server install over LVM, or do I need alternate ?
<jpds> kim0: I think both can.
<kim0> great .. let's drop alternate then :)
<resno> bogeyd6-: i cant use kvm as my cpu doesnt support virtualization
<bogeyd6-> resno, kk
<bogeyd6-> resno, then i suggest you use vmware server 1
<resno> i dont see the install download on the vmware site
<bogeyd6-> you can download it by going to the server download area then clicking on looking for version 1
<bogeyd6-> resno, http://downloads.vmware.com/d/info/datacenter_downloads/vmware_server/1_0
<resno> bogeyd6-: thanks.
<bogeyd6-> basically you use a vmware client instead of a website to view the machine
<bogeyd6-> i shelled out for workstation
<bogeyd6-> but i use it for work so you know.......
<resno> will having that run increase my cpu usage?
<resno> i installed it on a development server and it spiked the cpu usage
<resno> is that usual and expected?
<bogeyd6-> wat?
<bogeyd6-> workstation?
<resno> i installed vmware 2 on my test server, and as i worked with the web client, the machines load avgs went through the roof
<bogeyd6-> it is normal for a large cpu spike (espcially on older systems) if you leave the guest running in the background. my suggest would be to "pause it". For vmware server 2 just using the web front end will cause cpu usage.
<bogeyd6-> what processor are you using?
<resno> i will be using a p4.
<bogeyd6-> ah :(
<resno> the test was a p3 :(
<bogeyd6-> you gonna get a cpu spike just typing in the terminal :P
<bogeyd6-> but vmware server 1 is exactly what you want, trust me on that. Vbox works but it requires lots of finagling where as vmware works, and then make sure you install the vmware tools on the windows guest.
<resno> is there a ubunutu vmware tools?
<bogeyd6-> yup
<bogeyd6-> sudo apt-get install open-vmware-tools
<bogeyd6-> er
<bogeyd6-> sudo apt-get install open-vm-tools
<resno> thanks, do you think i should pause the guest os on the p4?
<resno> i believe i have a 1gb of ram
<bogeyd6-> if you are using linucks and windows is your guest, yes. If it is Windows and Ubuntu is the guest then no
<resno> it will be ubutnu and centos as the guest
<resno> ubuntu server
<bogeyd6-> you are fine then
<resno> im playing with pbx and asterisk :)
<bogeyd6-> i hope you dont expect much with a machine like that
<resno> what should i not expect?
<bogeyd6-> our asterisk systems run dual quad cores with 32gb of ram. using a ZFS iscsi lan and they have some issues on high load
<bogeyd6-> ubuntu server of cos
<resno> i only plan to run one line, and it will hardly be used. its a backup for our mobile phones
<bogeyd6-> cool
<resno> thanks bogeyd6- ill try it out and cross my fingers :)
<resno> if i upgraded, what do you think i should go to? as in cpu
<bogeyd6-> wat, ideally? or on a budget. cuz personally im fond of the HP dl385's
<resno> heh, run a full sized server for my home
<bogeyd6-> i figured it was for a small business
<resno> nope, its for a small home. just me and the wife.. at the moment
<bogeyd6-> then your p4 is fine
 * resno dances the jig
<bogeyd6-> turn it into a unified voicemail system would be awesome
<bogeyd6-> get your voicemails emailed to you
<resno> that would be pretty awesome..
<bogeyd6-> http://www.voip-info.org/wiki/view/Asterisk+config+voicemail.conf
<bogeyd6-> !asterisk
<bogeyd6-> !voip
<ubottu> VoIP is Voice over IP. The default VoIP client for Ubuntu is !Ekiga. There is also an xmpp voice component in !Empathy. Kubuntu Clients include Kphone and Twinkle. Proprietary Clients include !Skype and Gizmo5. VoIP server applications include Asterisk and Yate ( both in repositories ), FreePBX, and SipX.
<resno> do you have a server running at home or no?
<bogeyd6-> nope i vpn into my work and just use my unified number google voice number
<bogeyd6-> 9/10 calls i get through my ubuntu laptop
<bogeyd6-> the other 1 i typically answer on my cell phone if i had to guess
<resno> bogeyd6-: one other question, im running the centos install on my desktin in virtualbox, its running quite high on my machine.
<resno> desktop
<bogeyd6-> graphical or command line?
<resno> command line
<bogeyd6-> dunno
<bogeyd6-> never used it
<resno> does ubuntu support pbx in a flash?
<bogeyd6-> resno, asterisk is in the repo and you can turn on backports, however i have never used the repo version so I can not speak to how much setup has to go on
<resno> ok, in that case ill just stay where i am. the cpu avg have settled down.
<RoyK> resno: asterisk will help you get a pbx up and running quite quickly, but asterisk isn't really built for stability - http://karlsbakk.net/fun/asterisk_architecture.jpg - http://karlsbakk.net/fun/asterisk-installation.wav
<bogeyd6-> the load avg?
<RoyK> I've worked with asterisk for some years, and I'm pretty glad I'm not using it anymore
<bogeyd6-> RoyK, and the alternative?
<RoyK> freeswitch
<bogeyd6-> bah
<resno> certaintly seems less popular
<RoyK> freeswitch was started as a separate project by asterisk developers that tried to fix elementary design flaws, but was stopped by Digium
<RoyK> the asterisk code is a pita
<RoyK> and since it's dual licensed, it can't link with gpl, so all code must be written from scratch and given to Digium
<bogeyd6-> cool story bro
<bogeyd6-> im sorry to be negative royk
<RoyK> heh - I'm the one being negative to asterisk :)
<bogeyd6-> but this really sounds like a bunch of butthurt developers who ragequit digium
<RoyK> bogeyd6-: I've worked with asterisk in rather large setups and I've done my part of debugging/fixing
<RoyK> the code is REALLY a mess
<bogeyd6-> im in a 745 phone setup
<bogeyd6-> 746 if you count the maintenance line
<RoyK> and reporting bugs is hard - even obvious bugs can be closed with notaproblem
<RoyK> bogeyd6-: if it's better now, that's good
<RoyK> but I somehow think I won't be using it much
<bogeyd6-> no worries
<RoyK> the RTP stack in asterisk doesn't scale at all, It hung the server at 200 bridged calls
<RoyK> hard hang
<bogeyd6-> i can introduce you to 5 people in IRC right now who would go on and on about how ubuntu server is not a server os
<resno> bogeyd6-: only 5?
<bogeyd6-> lol :P
<RoyK> I've heard that as well, but I beleive in free speech
<RoyK> or free religion
<bogeyd6-> visit #centos and toll the bejesus out of em by saying "I switch from CentOS to Ubuntu"
<bogeyd6-> toll = troll
<RoyK> I'm at #opensolaris a lot, and there are a few in there that hate everything that is linux
<bogeyd6-> you know we never made the switch from Solaris to OpenSolaris
<RoyK> we're using osol for some rather large storage servers - couple of 50TB setups
<RoyK> zfs rocks
<bogeyd6-> nice
<RoyK> bogeyd6-: just don't misunderstand me - if asterisk works well for you, good, but for the ITSP I worked, it had several flaws
<bogeyd6-> every time my two step sons go anywhere, they go to together and it makes me suspicious
<bogeyd6-> normally i dont notice but today im outside smoking up some pork butts and ribs for fathers day
<resno> what are you thinking?
<bogeyd6-> RoyK, in that pic you sent are you meant to read it left to right
<RoyK> bogeyd6-: I'm not sure it's meant reading :)
<bogeyd6-> dang my smoker today just wont go below 250
<RoyK> smoker?
<bogeyd6-> RoyK, literally  a metal box i build a fire in with wood and cook pork for hours on end
<RoyK> oh, to _smoke_ pork?
<Ichat> is there anyone with some experience  setting up a  print-server  in hardy with a  samsung clp310   (either with the samsung of the foo2  driver???
<datz> how is memory usage calculated on login?
<datz> seems to be inaccurate
<resno> if i get red text and flashing lights during boot, i can imagine the machine is unhappy
<datz> +1
<RoyK> datz: see the 'free' output - it says something about what is used by whom
<RoyK> mostly, memory is used by cache
<datz> RoyK: that's how I calculated what I thought it should be
<RoyK> datz: and does it still use a lot of memory?
<datz> RoyK: not too much.
<datz>              total       used       free     shared    buffers     cached
<datz> Mem:           243        234          9          0         90         64
<datz> -/+ buffers/cache:         79        164
<datz> Swap:          710          5        705
<datz> says no swap used, and 43% or memory used
<datz> swap is used, and looks more like 63% of mem used
<resno> is there a way recovery system to bring amachine back from death?
<jpds> #define death
<resno> caps lock and num lock are flashing and im getting a call trace on the screen
<jpds> Sounds like kernel panic?
<resno> i dont see any mention of kernel panic
<bogeyd6-> datz, it depends, its usually total system memory - mb vidya - other shared = total shown
 * resno is not an expert
<resno> jpds: actually is does say panic occured
<resno> bogeyd6-: vmware 2 blew up on me :(
<jpds> resno: Try booting into an old kernel?
<datz> bogeyd6-: ok thanks
<resno> jpds: how do i go about doing that? live cd?
<jpds> resno: Is this a Lucid machine?
<resno> lucid is 10.04 lts right?
<jpds> resno: Yes; after POST hold down the Shift key and GRUB should appear with kernel versions.
<MrZhi> hey, if sshd is configured to use PAM, can I still restrict access to SSH by using "AllowGroups <GroupName>" in sshd_config?
<resno> jpds: ok, im there im in recovery menu. any suggestions?
<jpds> resno: How many kernels do you see?
<resno> jpds: 2 - 2.6.32-22-generic-pae and its recovery mode. and 2.6.31-17-generic-pae and its recovery mode
<jpds> resno: Try booting into 2.6.31?
<resno> jpds: ok, its back up. how do i fix it?
<jpds> resno: Something in the newer kernel upsets your system.
<jpds> resno: What kind of machine is it?
<resno> jpds: i installed vmware server 2 thats what upset it :(
<jpds> Hmm, don't have VMWare experience, sorry.
<resno> im curious, ive booted into another kernel. so should everything work? or will only certain things work prior to the kernel update?
<resno> jpds: thanks for you help. my machine is smiling again
<jpds> No problem.
<resno> bogeyd6-: how should i go about installing vmware 1 on the server?
<bogeyd6-> which server version
<resno> bogeyd6-: vmware server 1, the one you linked me to
<resno> bogeyd6-: 1.0.10-203137
<bogeyd6-> uhm
<bogeyd6-> resno,  10.04 or 8.04
<bogeyd6-> cuz im saying 8.04
<resno> oh, 10.04
<bogeyd6-> 10.04 http://ubuntuforums.org/showthread.php?p=9482044#post9482044
<resno> why is this never as easy as i hoped it be
<bogeyd6-> resno, if linucks was easy everyone would use it
<peturi> Hi, my server is currently running Debian Etch. I only have access to it via ssh, is it possible for me to remotely dump debian from it and install Ubuntu server edition?  i guess i'll need to use some kind of an install script" where i have defined all the options (keyboard,country,users etc) .. i don't want to "format" the partition, just delete everything except /home
<Jordan_U> !install | peturi
<ubottu> peturi: Ubuntu can be installed in lots of ways. Please see https://help.ubuntu.com/community/Installation for documentation. Problems during install? See https://wiki.ubuntu.com/CommonProblemsInstall - Don't want to use a CD? See http://tinyurl.com/3exghs - See also !automate
<JackTO> hi all, i sthere an easy wany to change the root password?  and then to switch it bad, i need to change it about 3 times, but i don't want to mess anything up
<JackTO> back*
<JackTO> typos!
<steffan> JackTO: er, you need to change the root password?
<wilcojr> anyone here can help with NFS+MYSQL on 10.04
<wilcojr> it hangs and totally unstable
<martin-> you run your db over nfs?
<wilcojr> yes
<wilcojr> we have a 10 Gig ethernet network
<wilcojr> NetAPp 3140 filer
<wilcojr> we get awesome performance
<wilcojr> around 3gig/sec NFS access :)
<wilcojr> i can copyu files over and over to the NFS
<wilcojr> but MYSQL when configured to the same path
<wilcojr> hangs at boot
<martin-> what about seeking?
<wilcojr> i changed the datadir in my.cnf to point to my NFS mount
<wilcojr> 10.26.0.11:/vol/mysql_db_data on /mnt/mysql_data type nfs (rw,bg,hard,nointr,rsize=32768,wsize=32768,tcp,nfsvers=3,timeo=660,actimeo=0,addr=10.26.0.11)
<wilcojr> thats my mount
<wilcojr> it works flawlessly
<wilcojr> copying files from the mysql servers to this mount point
<wilcojr> however when i change the datadir in my.cnf to point to this mount
<wilcojr> it hangs!
<wilcojr> mysql simply hangs
<wilcojr> does not start
<wilcojr> and respwns some weird shit in ps
<wilcojr> if i do status i get:
<wilcojr> mysql respawn/post-start, (post-start) process 1527
<wilcojr> if i look at process 1527
<wilcojr> root      1527     1  0 19:24 ?        00:00:00 /bin/sh -e /proc/self/fd/8
<wilcojr> if i try to kill
<wilcojr> it will respawn
<wilcojr> and respawn
<wilcojr> im exhusted
<martin-> why can't you run mysql on the other server?
<wilcojr> nono
<martin-> running a db over nfs seems like a bad idea, no matter how much bandwidth you have
<wilcojr> all mysql servers are virutalized and write thier database to centerlized NFS storage on our netapp
<wilcojr> martin - we run oracleRAC 11.2G on NFS
<wilcojr> works like a charm
<wilcojr> each VM has a dedicated NFS network card
<wilcojr> traffic goes directly to the netapp
<wilcojr> no firewalls/filters
<wilcojr> how can i debug this guys
<wilcojr> if i type mysqld --debug
<wilcojr> nothing happens
<wilcojr> what is this ? root      1527     1  0 19:24 ?        00:00:00 /bin/sh -e /proc/self/fd/8 - is it some kind of file disrecptor ?
<onetrouble> I am doing this: apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E9EEF4A1. But getting: Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv-keys E9EEF4A1 gpg: requesting key E9EEF4A1 from hkp server keyserver.ubun
<onetrouble> Can someone help me please?
<jmarsden> onetrouble: Your command looks fine, and works perfectly for me here.
<onetrouble> jmarsden: =(. what could it be. running 10.04 rackspace cloud servers. restart the server?
<lukehasnoname> Is UEC being operated by any large-scale hosting company?
<lukehasnoname> Sry, somehow hit the disconnect button in xchat
<MrZhi> hehe
<MrZhi> San Antonio.. has Rackspace, which I believe runs UEC
<ScottK> MrZhi: Rackspace cloud doesn't use UEC.
<MrZhi> no I think they use internally
<ScottK> They use Ubuntu, but not UEC AFAIK.  They're cloud stuff is their own solution.
<MrZhi> hrmm, musta misunderstood my source
<Danawar1> Whats better for servers centos or ubuntu?
<ScottK> There's Rackspace "traditional" and Rackspace Cloud and they are organizationally pretty seperate.  It may be that the traditional part of Rackspace is using it.
<ScottK> Danawar1: Surely you wouldn't expect anyone to say anything but Ubuntu here?
<MrZhi> Centos is just rebranded Fedora bloatware :D
<lukehasnoname> A guy at work was trashing Ubuntu and Debian for, among other things, keeping all the NIC configuration in one file
<lukehasnoname> MrZhi, do you live in San Antonio? Or did you see that I do from my IP?
<MrZhi> lukehasnoname, I'm in Austin
<MrZhi> but yeah, recognized the satx
<lukehasnoname> Ya, I work for another huge IT shop in SATX. It's not their external business, but they rely heavily on IT. I'm not sure how much Linux is in the environment... we have mainframe, RHEL, Solaris, AIX and Server 2003 with XP desktops -_-
<ScottK> Danawar1: One of the real advantages of Debian/Ubuntu over Red Hat/Centos is the breadth of the official archives.  I don't know anyone seriously using RH/Centos that doesn't have to hunt down and use third party repos.  In Debian/Ubuntu that usually isn't necessary.
<Danawar1> ScottK: I was just after an opinion as I have no experience of centos, I'm sure every OS has its advantages as well as its drawbacks.
<Danawar1> ScottK: I see =]
<ScottK> RH/Centos is kind of like IBM in the 70s.  Very reliable and you'll never get in trouble for suggesting it, but not necessarily the best.
<ScottK> Also because the RHEL release cycle is slow, RH/Centos tend to have much older versions.
<MrZhi> RHEL isn't worth dammit if you're IT. Install a module into the kernel and you may have voided your support
<ScottK> I think the fact that Ubuntu uses Apparmor and not SELinux for it's standard MAC tool is an advantage.
<MrZhi> true
<lukehasnoname> ScottK, From my limited research on the topic, AppArmor and SELinx achieve the same effect while AA is much easier to use
<MrZhi> It takes quite a bit of time to get SELinux under control
<ScottK> In theory SELinux is "better", but I've yet to run into RH/Centos sysadmin that didn't disable SELinux about the first thing.
<MrZhi> ScottK: SOOOOO true
<ScottK> lukehasnoname: To a first order affect, they are "the same".  A properly confgured SELinux system is, in fact, more secure than a system with Apparmor, but I've never seen one of those in the wild.
<lukehasnoname> MrZhi, you'll know where I work when you read Computerworld's Top 100 places to work in IT tomorrow
<lukehasnoname> let's just say you could knock off a few zeros for me
<qman__> they're both mandatory access control, but apparmor is permissive by default
<qman__> if there is no configuration for a program, apparmor does nothing
<qman__> where SELinux is restrictive by default, and doesn't let programs do things they're not allowed to
<qman__> it's a total pain though
<qman__> it also helps that ubuntu has apparmor sensibly configured out of the box
<qman__> a stock redhat/fedora system with SELinux on spews errors
<lukehasnoname> Unusable security measures are not useful for most people
<qman__> apparmor still protects against someone gaining access through a running service, like bind, and messing up other parts of your system
<qman__> which is the most valuable part
<Danawar1> Hey #server how do i find out the host name of a system through terminal?
<Danawar1> Ohh i believe when it says danawar@danawar it means my username is danawar and the host name is danawar to?
<cloakable> yes
<cloakable> Danawar1: what form are you looking for? bare hostname or fqdn?
<Danawar1> hostname
<Danawar1> i do not have a FQDN =[
<Danawar1> just setting up a webserver for  my first time :D
<Jack-in-Box> hi all, anyone here use the ioncube loader?   I tried it with both PHP 5.3 and also tried downgrading to 5.2 on ubuntu server 10.04, 64bit without any luck, all I get is blank white page??   anyone have this issue?
<cloakable> I don't use it... my server is loaded with all GPL software.
#ubuntu-server 2011-06-13
<kieppie1> hi guys. I have a sort query. I have a list of IP's I'd like to sort in sequence, but 192.168.0.100 preceeds .10 preceeds .1
<kieppie1> what argument can I use to put them in order?
<WinstonSmith> kieppie1: try -g
<WinstonSmith> or -n
<kieppie1> did try numeric. found an eventual solution: sort -t . -k 1,1n -k 2,2n -k 3,3n -k 4,4n
<kieppie1> thanks anyway
<WinstonSmith> np
<speakman> I'm getting lots of MCE's and reboots (primarly at night). But how to collect them? 'mcelog' doesn't seem to log anything anywhere.
<LinSkyrate> whats best vmware server 2 or virtualbox on ubuntu 8.04 Hardy?
<greppy> LinSkyrate: that's going to depend on your goals, I prefer virtualbox personally
<LinSkyrate> greppy: oki.. just downloaded it.. i wil give it a run
<LinSkyrate> greppy: how can i install virt box with dependencies? i use dpkg -i but that fails on deps
<greppy> LinSkyrate: use apt-get install instead of dpkg, that will grab the dependancies.  or you can try 'sudo apt-get -f install' to see if it will fix what it needs
<LinSkyrate> greppy: jupp.. but i need to set the repo for hardy
<greppy> why not use lucid?
<greppy> LinSkyrate: why not use 10.04 aka lucid?
<LinSkyrate> because im running other things that demands 8.04
<greppy> ouch :(
<LinSkyrate> but what package is this in : libxcursor1 (and a lot of others that are missing?
<LinSkyrate> i get this error: Avhenger av: libxcursor1 (> 1.1.2) men skal ikke installeres Avhenger av: libxrandr2 (>= 2:1.2.0) men skal ikke installeres Avhenger av: python2.5 (>= 2.5) men skal ikke installeres Anbefaler: libhal1 (>= 0.5) men skal ikke installeres Anbefaler: libpulse0 men skal ikke installeres Anbefaler: libsdl-ttf2.0-0 men skal ikke installeres Anbefaler: pdf-viewer
<greppy> no idea what the errors mean ( since I only read english ) bt I think it is complaining about versions not being available
<LinSkyrate> greppy: the version is ok but miss all that installed to go on
<LinSkyrate> do i need ubuntu-desktop installed?
<greppy> you might
<EricJ> if my norwegian is correct, something depends on libxcursor1, but that it cant be installed.
<greppy> my box with virtualbox running on it is in another building right now, so I can't really check.
<LinSkyrate> EricJ: it just says that it needs this installed but i have not done so
<RoyK> LinSkyrate: run LANG=C apt-get ...
<EricJ> LinSkyrate: so if you just try to explicitly install those dependencies?
<LinSkyrate> EricJ: jupp
<LinSkyrate> im installing ubuntu-desktop to see if it contains all that
<EricJ> Oh dear.
<LinSkyrate> he he
<RoyK> LinSkyrate: erm - that probably won't help
<RoyK> LinSkyrate: which version is this?
<LinSkyrate> RoyK: 8.04 Hardy
<RoyK> oh
<RoyK> could you try Lucid?
<LinSkyrate> RoyK: i need that version for a stable Ulteo
<RoyK> what's an ulteo?
<LinSkyrate> Ulteo is VDI
<LinSkyrate> Virtual Desktop via web
<RoyK> then you're probably talking about a desktop installation, right? if so, strictly speaking, this is the wrong channel...
<LinSkyrate> im going to make a simulation for some money people, and they need to see some eyecandy to put the money on the table for my projects
<RoyK> I wonder why they still stick with 8.04, though
<RoyK> it's not getting newer, and the eyecandy will be better with Lucid
<LinSkyrate> they have a 3.0 version, but thats to new and buggy
<LinSkyrate> can i do a command line upgrade to Lucid?
<LinSkyrate> im sitting remote for this server
<RoyK> do-release-upgrade
<LinSkyrate> RoyK: ??
<LinSkyrate> just that?
<RoyK> check /etc/update-manager/release-upgrades first
<RoyK> that should be set to Prompt=lts
<RoyK> and yes, just that :)
<LinSkyrate> will it not get me up to 11.04 then?
<RoyK> it'll take you to the next LTS, meaning 10.04 Lucid
<RoyK> or if Prompt=normal, it'll take you to the next release, 8.10
<LinSkyrate> RoyK: will do that, but must finish ubuntu-desktop install first as i already started that
<LinSkyrate> RoyK: its says No new release found?
<LinSkyrate> i changed to lts
<RoyK> erm...
<LinSkyrate> RoyK: should i put anything else there than lts?
<RoyK> can you doublecheck the version? lsb_release -a
<RoyK> no, lts is fine
<LinSkyrate> RoyK: shit.. this release are in 11.04 for some reason
<RoyK> heh
<RoyK> I've seen some rather messy dependency issues in 11.04
<LinSkyrate> RoyK: can i downgrade do Lucid?
<RoyK> reinstall
<LinSkyrate> to
<LinSkyrate> Ã¦sj
<RoyK> jau
<LinSkyrate> thats shitty its a remote server
<RoyK> didn't you say it was running Hardy?
<RoyK> it doesn't upgrade all on its own...
<LinSkyrate> must have mixed the cds
<LinSkyrate> because this should be 8.04
<LinSkyrate> did a plain server install yesterday
<RoyK> I thought you were talking about some virtual installation?
<LinSkyrate> nope
<LinSkyrate> thats inside
<RoyK> ok
<LinSkyrate> its not virtual.. its a controlpanel for virtual desktops
<RoyK> ok
<RoyK> and you don't have something like a BMC/IPMI/ILO/ILOM/ALOM in the machine so you can control it remotely?
<LinSkyrate> nope... :(
 * RoyK likes SuperMicro's IPMI - supports installing a server from local ISO images :)
<RoyK> took me 20 minutes to install four Lucid servers at once (a quad thing - four mobos in 2U)
<LinSkyrate> dont have that in this machine
<LinSkyrate> still get the missing libs when installing virtbox 4
<Daviey> RoyK: Using ext4?
<RoyK> yeah
<RoyK> why?
<Daviey> RoyK: previously ext4 has suffered from slow installation, due to the fsync's between every operation.
<RoyK> Daviey: dunno about that
<lynxman> ping Daviey
<RoyK> lol - seems the guy working on fsck for btrfs works for oracle
<lynxman> RoyK: hah :)
<uvirtbot> New bug: #796551 in openssh (main) "package openssh-server 1:5.8p1-1ubuntu3 failed to install/upgrade: Unterprozess neues pre-installation-Skript gab den Fehlerwert 1 zurÃ¼ck" [Undecided,New] https://launchpad.net/bugs/796551
<uvirtbot> New bug: #796552 in mysql-5.1 (main) "package mysql-server-5.1 5.1.54-1ubuntu4 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/796552
<foo-nix> I apt-getted roundcube, and noticed that index.ph in /usr/share/roundcube is owned by root (which is the the indexfile /var/lib/roundcube/index.php (docroot) links to). Why isn' t this www-data?
<foo-nix> *index.php and the same goes for .htaccess
<foo-nix> the reason I ask this is that I get a "SoftException in Application.cpp:296: UID of script "/var/lib/roundcube/index.php" is smaller than min_uid"
<foo-nix> which is of course true if the owner (and group) are root
<lynxman> foo-nix: that looks like a packaging issue
<lynxman> foo-nix: I don't see it on the bug report https://bugs.launchpad.net/ubuntu/+source/roundcube
<lynxman> foo-nix: you would like to fill a bug for it? :)
<foo-nix> lynxman, sure, but I have no experience with ww-related packages
<foo-nix> i.e. which install roundcube, squirelmail, phpmyadmin, etc
<sommer> morning, and happy Monday
<lynxman> foo-nix: ooh I see
<lynxman> foo-nix: well your guess is right, it should be www-data, I'll try to reproduce the problem later and see if I have the same issue as you
<foo-nix> lynxman, unfortunately, after chmodding I have the same problem, I will restart apache now
<foo-nix> although I wouldn't understand why :P
<lynxman> foo-nix: hmm what story do the logs say?
<foo-nix> oh, same error
<foo-nix> SoftException in Application.cpp:296: UID of script "/var/lib/roundcube/index.php" is smaller than min_uid
<lynxman> foo-nix: /var/lib/roundcube...
<lynxman> foo-nix: then you're talking also about the index.php in /usr/share/roundcube
<foo-nix> yeah
<lynxman> foo-nix: is there anything in /var/lib/roundcube? there should be right?
<foo-nix> the index.php is linked there
<lynxman> foo-nix: is the link made by root?
<foo-nix> lynxman, I think so, I don't really know how linking works with userrights
<foo-nix> wait
<foo-nix> http://imagebin.org/158053
<foo-nix> lynxman, that's a listing
<lynxman> foo-nix: okay but that's the one in /usr/share/roundcube
<lynxman> foo-nix: what's the content of /var/lib/roundcube
<foo-nix> lynxman, wait, I just chmodded the files to www-data
<foo-nix> initially most of them were roor:root owned
<foo-nix> *root:root
<lynxman> foo-nix: if they were there must be a reason behind it...
<foo-nix> lynxman, I think so, but then why do I get this error?
<foo-nix> and why wouyld an index.php be owned by root?
<lynxman> foo-nix: must be something else related
<lynxman> foo-nix: I would need to dedicate some time to try to reproduce it
<foo-nix> lynxman, I don't know much about how to configure www-packages and where ubuntu puts stuff
<lynxman> foo-nix: I would recommend you though, uninstall the package "apt-get purge packagename"
<lynxman> foo-nix: and then install it again, don't chown anything
<lynxman> foo-nix: copy/paste the problem into Google, see if someone else had it as well
<foo-nix> lynxman, yes, I find it disturbing to do so, either :)
<lynxman> foo-nix: since I'm sure there's something else involved, never installed roundcube myself so... :)
<foo-nix> lynxman, others also have it, but they don' t state the owners of the files and moreover none installed from portage
<foo-nix> lynxman, thank you very much
<foo-nix> I have guests arriving in a bit more than 30 minutes
<lynxman> foo-nix: no problem, let me know how the purge and reinstall goes
<lynxman> foo-nix: oops, hurry up then ;)
<lynxman> hehe
<foo-nix> so I will be less availiable
<foo-nix> lynxman, but if you would like to have some info, feel free to e-mail me at herbert@fmf.nl
<foo-nix> I typically respond quite fast.
<lynxman> foo-nix: cool :)
<foo-nix> indeed :)
<nandemonai> foo-nix: http://www.crazysquirrel.com/computing/debian/servers/ubuntu-mail-server.jspx
<nandemonai> Down in the roundcube section.
<nandemonai> ;)
<nandemonai> Might help, sounds related.
<foo-nix> "Sounds like a good idea but unfortunately the packaging of RoundCube (and I'm guessing a lot of other stuff) hasn't caught up with the change yet. When I installed RoundCube it with Aptitude it, of course, went in owned by root."
<foo-nix> thanx
<SpamapS> There should be nothing wrong with a web app being owned by root. Did I miss something?
<SpamapS> Oh, suphp.. or "the worst idea ever" ;)
<foo-nix> SpamapS, suphp runs these scrips ar the file owner
<foo-nix> SpamapS, it sounds uite secure if you ask me.
<foo-nix> *quite
<foo-nix> SpamapS, this allows for a website to own it' s own file
<foo-nix> makeing sure the one site can' t fiddle or piggy-back on the other site (' s security issue)
<patdk-wk> hmm, you want to run roundcube per user?
<SpamapS> shared hosting is a fail
<patdk-wk> why not run it per server, and be done
<SpamapS> We have KVM to solve this problem for us now.
<foo-nix> Are you suggesting to install a new server each time you setup a new site? Or some virtualserver configuration? That' s complete overkill
<patdk-wk> I would put shared hosting on a different box, than the email server
<SpamapS> yes
<SpamapS> foo-nix: its a single command. :)
<foo-nix> SpamapS, rm -rf ~/  is also a single command
<foo-nix> SpamapS, I like the idea of virtual machines
<foo-nix> SpamapS, but I also like the idea of not having too much of them.
<SpamapS> foo-nix: w/ appropriate config management you can manage thousands of them at once.
<SpamapS> They're as easy to manage as processes now, and without all of the hacks that we built around isolating processes from eachother over the last 20 years.
<foo-nix> SpamapS, sure, but that doesn' t make virtualhosts bad
<SpamapS> no, it makes virtualhosts obsolete. obsolete still has value.
<SpamapS> just like ipv6 should, some day, make nat obsolete. :)
<foo-nix> SpamapS, anyhow, the server of my university does it the vhost way :)
<SpamapS> I would say that suphp/suexec should have options for refusing to run as root.
<foo-nix> I'm not going to allow php scripts to run as root from a http-request
<SpamapS> foo-nix: we're actually working on a system for making deploying and managing a service like roundcube as easy as 'apt-get install roundcube' ..
<zul> gday
<SpamapS> foo-nix: http://ensemble.ubuntu.com/
<foo-nix> this stuff is cool, although it is too bad that the first lecture on clod computing I attended was so bad
<SpamapS> hahaha clod computing
<foo-nix> *cloud
<SpamapS> I think we should call it clod. :)
<foo-nix> I hurt my back working out a few days ago, and now typing and even sitting at a desk is agony :P
<SpamapS> foo-nix: cloud is just the easy way to do it now. We'll be making it work w/ local vms and containers too.
<SpamapS> foo-nix: maybe try a standing desk
<foo-nix> cloud => let others fix it for you :)
<foo-nix> SpamapS, thanx :)
<raubvogel> How do you start/stop the heimdal kerberos?
<SpamapS> foo-nix: one could say that about server co-location too.. I mean.. its not like you're running your own MAP on the net, right?
<foo-nix> SpamapS, what is a MAP?
<foo-nix> sorry, I dont know :P
<foo-nix> and disambiguation is hard with map :P
<Daviey> Hey... Does anyone have a windows 2003 server? :)
<SpamapS> foo-nix: I meant MAE ;)
<patdk-wk> I could :)
<Daviey> patdk-wk: really?
<patdk-wk> ya, about 70 or so
<Daviey> patdk-wk: Are you running an ntp server?
<patdk-wk> yep
<Daviey> patdk-wk: fancy presenting it to me, want to test something? :)
<patdk-wk> heh?
<foo-nix> :P I don' t know MAE either, is it some kind of bussiness word for network?
<SpamapS> foo-nix: http://www.linktionary.com/m/mae.html
<patdk-wk> they are all joined into AD
<Daviey> patdk-wk: seriously, want to reproduce a bug. :)
<patdk-wk> sure, but I can't give you rdp access
<foo-nix> SpamapS, ah, now I get it, sorry
<Daviey> patdk-wk: No, i just want to access your ntpd from UDP.
<Daviey> (as a consumer)
<patdk-wk> my ntp? or ntp on win2003?
<zul> Daviey: the montreal people should have access to win23k box
<patdk-wk> I run my ntp servers in linux
<foo-nix> well, co-location meaning the server is on a different location then the bussines/users?
<Daviey> patdk-wk: wise :)
<Daviey> zul: good thinking
<SpamapS> foo-nix: yes. that is the norm for pretty much all web properties that aren't google/amazon size.
<foo-nix> there' s chrome laptop coming which operates in the cloud
<SpamapS> Heh.. ChromeOS has its roots in Ubuntu.
<zul> SpamapS, you didnt know that?
<SpamapS> zul: I was noting it for foo-nix
<zul> SpamapS, ok maybe im not quite awake yet
<foo-nix> SpamapS, ok, why?
<SpamapS> foo-nix: why what?
<smoser> Daviey, do you have an updated version of http://pb.daviey.com/Cy6D/ ? or is one easy to produce ?
<offy> When I boot up 11.04 Server, I get "Screen can not display, not recommended resolution". Is there a way I can change the resolution of my server?
<Daviey> smoser: yes!
<Daviey> smoser: http://people.canonical.com/~davewalker/delta.txt (updates every 4 hours).  Also now includes packages ~ubuntu-server is subscribed to and the packageset.
<zul> Daviey: every 4 hours the info gets stale ;)
<zul> Daviey: also can you blacklist some of the packages on your script
<Daviey> zul: wel i thought more frequent might be a waste of time.
<zul> Daviey: yeah i was pulling your leg
<Daviey> zul: Yes, could blacklist some.. But the fact they are in the packageset and subscribed to should mean we need to care about them
<zul> Daviey: well im thinking about cups since its more desktopy
<Daviey> zul: hah, and gimp is totally server centric :)
<zul> Daviey: well yes i need gimp to my network diagrams ;)
<katol> hello, how do I guarantee a certain order in sites-enabled? I'm using name based vhosts and I need one of the hosts to work as catch all
<Daviey> katol, use numbers as prefixes.
<Daviey> they are ordered in an alphanumeric order.
<katol> Daviey: oh ok, is that considered a good practice?
<katol> and just to be sure, there is not other way to define a catch all without overriding the other vhosts from the configuration itself, right?
<patdk-wk> heh?
<patdk-wk> using apache?
<patdk-wk> the catchall is defined using default
<patdk-wk> not via order
<katol> patdk-lap: yes apache, default as in _default_ ? I think that does not work for name based vhosts, only IP/port based
<katol> oops
<katol> i meant patdk-wk
<patdk-wk> ah it doesn't, hmm
<katol> oh well, I'll just use the number prefixes
<katol> thank you Daviey and patdk-wk  ;)
<zul> smoser: ping
<smoser> here
<zul> smoser: can i trade patch pilot days with you
<smoser> patch pilot days and cash
<smoser> what is your day?
<zul> tomorrow :(
<Daviey> zul, you don't need to 'swap', just change to a day that suites.
<zul> Daviey: k
<smoser> why did Daviey feel he needed to stop zul from buying my patch pilot day
<smoser> :-(
<Daviey> smoser, lol
<RoAkSoAx> lol
<lynxman> smoser: I see you've just retired the day from ebay...
<jamespage> Daviey: did you chair last weeks server meet?
<Daviey> jamespage, i did indeed.
<jamespage> marvellous - that means its me in the seat for tommorow....
<Daviey> jamespage, splendid
<jamespage> however sprinting so will try to swap with RoAkSoAx: how about it?
<Daviey> RoAkSoAx, ?
<jamespage> Daviey: hmm - did I miss the email that said we don't need to writing up meeting minutes anymore?
 * Daviey also offers out chairing to anyone else.. it is open to community contributors aswell :)
<Daviey> jamespage, no..
<Daviey> jamespage, zul is doing week before last at the moment.  Then i'll do last weeks.
 * jamespage pokes Daviey with a stick some more
<jamespage> :-)
<Daviey> jamespage, sarcasm doesn't become you :)
<RoAkSoAx> Daviey: ???
<Daviey> RoAkSoAx, jamespage asked if you could take his chair spot tomorrow.
<RoAkSoAx> Daviey: yeah just read
<RoAkSoAx> jamespage: sure
<jamespage> Daviey: must be all those java library forks I've been reviewing today :-)
<Daviey> jamespage, you signed up for it :P
<jamespage> RoAkSoAx: excellent - thankyou
<jamespage> yeah - its just been a bit grinding today ;-)
<RoAkSoAx> jamespage: ;)
<SpamapS> jamespage: can you point me in the direction of documentation to write/create/try out automated tests?
<jamespage> SpamapS: yeah sure - lemme just dig something out
<jamespage> where do you want todo it? in the cloud or in kvm images?
<SpamapS> kvm, its a lot of boot testing..
<jamespage> Right - so I'd recommend you branch lp:ubuntu-server-iso-testing
<jamespage> thats the framework that currently tests our ISO images across server, desktop and alternate
<SpamapS> cool
<SpamapS> README? man page?
<irc2gowebchat> ok
<irc2gowebchat> "hello"
<RoyK> 10 PRINTÂ "HELLOÂ #UBUNTU+SERVERÃ
<RoyK> s/.$/\"/
<jamespage> SpamapS: just reminding myself
<irc2gowebchat> :D
<jamespage> SpamapS: docs/README does give you a bit of insight but its more geared towards running the existing tests
 * jamespage takes an action to add some developer documentation for writing test-cases
 * jamespage also takes an action to make the templates directory configurable from the command line
<jamespage> good job I'm at the QA automation sprint for the next two days - might actually find time
<SpamapS> jamespage: I'll give it a whack and see what I come up with. :)
<jamespage> SpamapS: ack - the run-test.py script and the templates directory should be most interesting
 * jamespage thinks that it may need a little refactoring to support SpamapS requirements
<SpamapS> jamespage: the only requirement I'll have is that I can reboot 2 or 3 times
<jamespage> SpamapS: a limitation of the current framework
<jamespage> I think you will need to specialise the templates/run_test  - this is the script that gets injected into the vm
<jamespage> it only deals with boot -> run tests -> shutdown at the moment
<SpamapS> jamespage: well technically I'm not shutting down until after a few reboots. :)
<jamespage> SpamapS: yeah - so that should deal with the 'testing complete' monitoring (which is when the vm shuts itself down)
<jamespage> you will need to adapt the way the test's are executed to deal with reboots
<jMCg> Hey folks, I now have: http://ubuntu.esotericsystems.at/ with my rebuilds of OpenLDAP (with OpenSSL support) -- how do I make this a full blown repo? with pool/dist/blah directories?
<RoAkSoAx> kirkland: ping?
<smoser> is there a way to see a list of changelog entries with your name in it?
<smoser> (ie, for developer application)
<RoAkSoAx> smoser: yes
<RoAkSoAx> smoser: lp:~andreserl/+junk/search_uploads --> originally created by Daviey
<smoser> hm..
<smoser> i dont like using things that Daviey wrote
<RoAkSoAx> smoser: lol... i tried to improve it though xD
<Lcawte> Hi... I've setup ntop, and finally got it working with my connection, but now all my attempts to access my websites fails... lewiscawte.info for exampl
<zul> Does this look sane to people: http://people.canonical.com/~chucks/libxen-libvirt.patch
<Lcawte> Anyone have any idea why this is happening
<Daviey> smoser: i'm not proud of that... and it's damm slow.
<Daviey> Sadly, the LP api doesn't extend to doing what you want.
<Daviey> smoser: if you want to fix, LP #610491 - that would fix your requirement :)
<uvirtbot> Launchpad bug 610491 in launchpad "[API] Please expose getPublishedSources(package_creator,package_signer)" [Low,Triaged] https://launchpad.net/bugs/610491
<Daviey> (Although doesn't extend to [YUR NAME] entries in changelog.)
<Daviey> smoser: Talking of which, what is a CoC friendly way of nack'ing and applciation?
<Daviey> *an
<zul> Daviey: "sod off" :)
 * RoAkSoAx goes to lunch
<slyboots> Hi :)
<slyboots> Ah, okay my server appears to have crashed several tiems now, I've left it running on the console mode and I now have a big page of text but what Im curious is how to I. use this information
<slyboots> It looks like a kernel stack-trace? I think..
<slyboots> Oh and Caps and Scroll-lock are blinking on the keyboard
<slyboots> Incase thats somehow relevent
<zul> slyboots, take a picture of it and submit a bug
<slyboots> well, I sort of need to get the system backup now.. and my boss is going to want to know what caused the crash
<slyboots> So, Is there any sort of general advice that would be helpful in this situation in prehaps preventing it gain rather than "Yea it just crashed"
<patdk-wk> well, unless you know how to read that info, there is nothing we can really do to help you
<uvirtbot> New bug: #796750 in apache2 (main) "apache2 startup fails with missing log directory" [Undecided,New] https://launchpad.net/bugs/796750
<patdk-wk> but if it's kernel stuff, you have a very limited set of issues
<slyboots> I .. *think* its a kernel issue
<patdk-wk> hardware failing, kernel driver failing, a kern param ran out of stack/mem/...
<slyboots> Its taking down the entire system so..
<patdk-wk> well, I dunno how you want someone over irc to tell you what it is
<slyboots> :P
<patdk-wk> this is when serial console with serial logger is nice
<CrazyGir> WinstonSmith: last
<CrazyGir> oops, sorry
<CrazyGir> I just spent a little time googling and searching apt but did not find the answer I was looking for.. how does one add the standard man pages to ubuntu-server
<SpamapS> CrazyGir: sudo apt-get install man-db
<SpamapS> which should be on the default install.. but still.
<CrazyGir> hrm
<CrazyGir> thank you :)
<JanC> also depends on what you mean by "standard man pages"
<JanC> e.g. if you need the manpages for the POSIX standard, there is 'manpages-posix' (I find those occasionally useful)
<slyboots> Hm..
<slyboots> Is there a way to test if a serial console is waiting
<slyboots> Uh.. working even x.x
<slyboots> I added grub_terminal=serial to the defaults file, ran grub install.. but Im not getting anything on the terminal
<Dynamit> hello i was now i need to setup virtual host i use webmin but forgot how to setup so it work 100% i have setup 2 virtual host now, but one answer for all call's
<CrazyGir> JanC: by standard, I mean manpages should be on any system you go to
<CrazyGir> those manpages ;)
<CrazyGir> I can barely wrap my head around ubuntu separating them into a package
<JanC> CrazyGir: embeded systems often remove all manpages  ;)
<JanC> and AFAIK Ubuntu doesn't separate all manpages in one package?
<CrazyGir> sure, and embedded systems often build from scratch
<CrazyGir> and I don't know one/more packages
<CrazyGir> I'm just a BSD guy and looking at this like wtf
<JanC> 'man-db' contains teh man command & infrastructure
<JanC> not the manpages
<JanC> manpages should be in their respective packages
<CrazyGir> how do you mean respective packages?
<JanC> the manpage for bash is in the bash package, etc.?
<CrazyGir> like if I am lookingfor into on the syntax for net interfaces..
<CrazyGir> sure, but the core system?
<JanC> ah, programming manpages?
<JanC> or about the kernel?
<JanC> maybe you want 'manpages-dev'
<CrazyGir> ..only in ubuntu
<JanC> and/or 'glibc-doc'
<CrazyGir> ><
<CrazyGir> is there a package that will bring it all down?
<CrazyGir> :P
<JanC> I think the BSD people are more "anal" about manpages   ;)
<CrazyGir> in what sense?
<CrazyGir> I'm a BSD guy and never had an issue with manpages in Open/Free
<JanC> e.g. I remember a BSD sysadmin patching the "hier" manpage to reflect the local machine   ;)
<CrazyGir> they're there. period.
 * CrazyGir shrug dunno about that..
<JanC> or maybe that was just him  ;)
<CrazyGir> yea, probably :)
<JanC> butstill, IMO utilities that come from the BSDs often have better & more up-to-date manpages
<CrazyGir> oh yea, for the most page, documentation in linux is atrocious
<JanC> IIRC he told me patching something in FreeBSD is only allowed if you also fix the manpage (if that's needed)
<CrazyGir> yea, the OpenBSD devs consider a bug in doc on the same page with security bugs
<CrazyGir> which I would agree with
<CrazyGir> as they're telling you the wrong thing
<JanC> CrazyGir: I don't know any meta package that pulls in every possibly useful documentation though
<CrazyGir> yea
<CrazyGir> so for typical system docs, manpages-dev?
<CrazyGir> or 'manpages'?
<JanC> they contain other sections in the man system (see the package description)
<RoAkSoAx> no/win 17
<RoAkSoAx> arggggghh
<JanC> I think manpages should be installed by default?
<JanC> and manpages-dev should be installed when you install a build system
<JanC> (as no compilers etc. are installed by default)
<CrazyGir> k, I need to get networking fixed in this VM, then I should be able to confirm
<CrazyGir> speaking of compilers..
<CrazyGir> :P
<JanC> compiler packages are on the CD  ;)
<Dynamit> never mind my ? i have fix it
<JanC> but maybe you used the mini ISO?
<plm> Hi all
<plm> people, why ubuntu recommend to install ubuntu server when try to download it?
<plm> sorry
<JanC> plm: what do you mean?
<plm> people, why ubuntu *64 bits* recommend to install ubuntu server when try to download it?
<plm> are 64 more stable than 32?
<JanC> you mean why ubuntu-server is 64-bit by default?
<plm> sorry for my confuse sentence agaim
<plm> JanC: yes
<CrazyGir> most servers have tons of ram
<JanC> most server hardware is 64-bit nowadays
<CrazyGir> like 32GB is common
<JanC> but if you want 32-bits, it's available too (e.g. for small VMs)
<plm> JanC: how I know if my server is 32 or 64? just see in setup if is adm64 emt64?
<JanC> plm: what sort of server is this?
<plm> my is EM64T in setup
<plm> JanC: is a mounted server..
<JanC> eh?
<plm> yes
<plm> setup show EM64T
<RoyK> CrazyGir: 32GB is a bit above normal
<JanC> I mean, what sort of hardware are you using, how much RAM, etc. ?
<JanC> RoyK: I suppose that depends on what you are doing with your servers  ;)
<plm> JanC: intel core 2 duo, 3GB ram
<RoyK> plm: just install from the amd64 iso
<JanC> plm: that CPU supports 64-bit, but you don't really need it
<RoyK> JanC: I have a few boxes with 64GB - but it depends of use
<plm> 64 or 32? :-)
<RoyK> or just 4
<plm> or need I think : if is more than 4gb, use 64, else 32
<slyboots> Hm.. Im confused by this
<JanC> plm: what are you going to do with it?
<RoyK> most webservers will live happily with just 4GB
<plm> JanC: postgresql database server
<slyboots> Im trying to log all information related to this kernel crash over Serial..
<slyboots> Now I know the serial cable works ( by starting a getty session on ttyS0) but the instructions I have for logging dont seem to work
<JanC> I don't think postgres is (much) faster with 64-it, so maybe better use the 32-bit version then (that uses less memory)
<slyboots> Or at least, they are for logging into a system over serial
<JanC> 64-bit
<CrazyGir> what is the proper way to _fully_ restart networking (such that all devices reinit/request dhcp if needed/etc)?
<slyboots> They all list adding Grub_console=serial to the grub-defaults file
<CrazyGir> service networking stop/start doesn't really do that
<plm> JanC: ok, I will use 32-bit
<plm> JanC: but i don't have problems too if use 64-bit right?
<plm> JanC: my question is really when use 32 or 64...
<plm> if just RAM more 4GB is the case
<JanC> both will work
<JanC> make sure you use the PAE 32-bit kernel though (it's about 0.05% slower, but offers better security)
<JanC> or maybe 0.005% slower, I don't know exactly, but isn't really important  ;)
<JanC> the PAE kernel can also use > 4 GiB RAM with 32-bits, if you ever upgrade it
<slyboots> Anyone any idea?
<CrazyGir> slyboots: serial consoles are a pain in linux :(
<JanC> CrazyGir: restarting "networking" should work?
<plm> JanC: for now I will install 10.4 32-bit, because I already using a old 7.4 (feisty) 32-bit. And when I will get a "real" server with 10GB ram I will install ubuntu 64-bit and does dump/import data :-)
<CrazyGir> JanC: like service networking restart?
<CrazyGir> have you tried that? :P
<JanC> CrazyGir: I have done that in the past  ;)
<JanC> not going to mess up my local networking now halfway a download  :p
<plm> what is url for choice manually ubuntu mirros to download ISO?
<plm> http://www.ubuntu.com/download/server/download is automatic
<plm> found : https://launchpad.net/ubuntu/+cdmirrors :-)
<CrazyGir> JanC: you cant' anymore
<CrazyGir> JanC: Restart: unknown instance
<JanC> eh
<CrazyGir> or am I wrong here?
<JanC> "sudo status networking" says "unknown instance"?
<SpamapS> JanC: networking isn't the service you want
<SpamapS> JanC: are all of your network interfaces configured in /etc/network/interfaces ?
<JanC> SpamapS: it's CrazyGir who has the problem
<SpamapS> yeah I was reading backwards
<SpamapS> CrazyGir: whats the issue?
<JanC> I guess network-manager is managing the network then?
<adam_g> zul: ppa:gandelman-a/puppet-module-rsyslog  there are some test manifests you can run/apply in /etc/puppet/modules/rsyslog/tests
<SpamapS> well the 'networking' upstart task is just a thing to run 'ifup -a' .. its not actually managing "networking"
<zul> adam_g: cool ill have a look tonight
<JanC> I thought it triggered the other network stuff too, but maybe that's not true anymore  âº
<plm> people, I would like to use postgresql 9.0, but 10.4 LTS has just 8.4.. what you sugest?
<plm> postgresql 8.4 is old..
<lynxman> plm: I think there's a PPA with 9.0 for Lucid
<lynxman> plm: I used one at least :)
<plm> lynxman: but is stable..?
<lynxman> plm: as stable as 9.0 can be
<plm> lynxman: and secure.. and one apt-get -f dist-upgrade will not break the system?
<lynxman> plm: I used it in a prod enviroment, but of course your mileage can vary
<plm> lynxman: using this PPA, one apt-get -f dist-upgrade will not break the system?
<lynxman> plm: it didn't on mine, but again... use at your own risk, I'm not a certifier of any kind ;)
<tdelam> Can anyone recommend a program I can use to watch a user who is logged via SSH in realtime? I want to set up a few apache things and I need to show him what I am doing and explain it while I do that on the phone.
<tdelam> I know in freebsd there was a watch tty thing, i just cant find an equiv for UBuntu
<plm> lynxman: right, I know, just getting information :-) curious.. if the advantage of LTS is just a long support.. so is install 10.4 with PPA postgresql 9 is the sabe of install 11.4 with default 9.0 postgresql :-) not?
<plm> *same
<lynxman> tdelam: you can share a byobu session with the other user if you both login under the same user
<lynxman> plm: Except that the rest of your OS will reach end of life sooner than the LTS
<tdelam> lynxman: oh?
<lynxman> plm: and the postgres 9.0 ppa is community based, so clearly no support on that one
<tdelam> oh wait, byobu is?
<lynxman> tdelam: byobu is a newer "screen"
<tdelam> It's not a GUI thing?
<lynxman> tdelam: it'll setup a virtual TTY that both users can write and see at the same time
<lynxman> tdelam: nope
<tdelam> interesting, I'll try it out on my server first.
<lynxman> tdelam: https://help.ubuntu.com/10.04/serverguide/C/byobu.html
<plm> lynxman: right, so in this case use 11.4 with default 9.0 is better.. because I have oficial support of ubuntu for postgresql
<tdelam> thanks lynxman
<kirkland> lynxman: tdelam: even better: https://help.ubuntu.com/community/Byobu
<lynxman> plm: I wouldn't risk it if I were you, unless you plan to replace that server in less than 2 years
<lynxman> kirkland: oh thanks :)
<lynxman> plm: so yes you wouldn't get support for the private PPA but on the other hand you'll get support from the PostgreSQL community anyway
<lynxman> plm: so it's not very risque
<plm> lynxman: right, but for example, using 10.4 with PPA postgres 9.0. in 2012 are there a ubgfix of 9.0... this PPA will receive this update like as another package?
<tdelam> wow, byobu is awesome
<tdelam> so simple
<lynxman> tdelam: it's very nice :)
<JanC> tdelam: byoby is a very fancy config for screen  ;)
<lynxman> plm: if the community maintainer does, yes, and they're very good
<tdelam> ya, tested it out, logged in from work to my server then logged into some other server i have and tried it
<tdelam> it's exactly what I need
<lynxman> plm: worst case scenario you can build your own postgres packages for 9.0
<plm> lynxman: right, I will use 10.4 with PPA :-)
<lynxman> plm: it's the safest choice for a prod server :)
<tdelam> should work if the user has putty right?
 * tdelam doesn't see why not but stranger things happened with windows users
<plm> lynxman: thanks :-)
<lynxman> tdelam: yes, should work like a charm, you can resize the byobu window to fit the user with the smallest terminal
<lynxman> plm: no problem ;)
<tdelam> i love this and it's only 3 mins of usage
<JanC> IMO for PPAs, you always need to check out who is maintaining it  ;)
<JanC> and maybe contact them
<lynxman> JanC: good point
<JanC> e.g. I know the cherokee PPA is maintained very well & very actively
<JanC> with new packages 1-2 days after every official release
<lynxman> Martin Pitt maintains his own PostgreSQL PPA http://www.piware.de/2010/09/postgresql-9-0-final-released/
<lynxman> that's the one I used
<JanC> Martin Pitt is one of the main Ubuntu developers
<lynxman> JanC: sactly, so I reckon it'll be in good shape
<JanC> so that should be okay, although a company could ask him if he plans to maintain it for the next X years of course  ;)
<lynxman> JanC: yeah but PostgreSQL is not affiliated to any company, well maybe except 2nd Quadrant, but it's a community driven corp
<JanC> well, Canonical can guarantee security updates to a PPA or backport for example
<JanC> but you'll have to pay for that maybe  ;)
<lynxman> JanC: heh
<LinSkyrate> hi,, i get java error3 when opening my website... is this a port problem?
<LinSkyrate> apache2 and ubuntu 8.04
<RoAkSoAx> kirkland: ping
<kirkland> RoAkSoAx: pong
<RoAkSoAx> kirkland: howdy!! Have a second to discuss powernap stuff ?
<lynxman> ping Daviey
<kirkland> RoAkSoAx: sure, wassup
<RoAkSoAx> kirkland: so I'm working on the client/server thing already
<RoAkSoAx> kirkland: and first looking into auto-registration for client machines
<RoAkSoAx> with powerwaked
<RoAkSoAx> so that powerwaked will know all the hostnames/mac/ip's of the clients if they register
<RoAkSoAx> kirkland: now, since you guys worked on that for eucalyptus
<RoAkSoAx> kirkland: I was wonderingf what's the best way to go here. either 1. Embbed python code for avahi, both on client and server or 2. do as separate components with powerwaked-client-listener and powernap-client-publisher or similar
<RoAkSoAx> kirkland: and the publisher only uses avahi-publish rather than embbed the code in powernap's daemon
<RoAkSoAx> 1. will involve checking the config file for "AUTO_PUBLISH=y" if y, then publish, otherwise, do not
<kirkland> RoAkSoAx: hmm
<RoAkSoAx> kirkland: and 2. will involve publishing using just an upstart script
<kirkland> RoAkSoAx: you gotta be real careful here, from a security perspective
<kirkland> RoAkSoAx: imagine that you're running powernap on your laptop (as I am)
<kirkland> RoAkSoAx: and you go to UDS
<kirkland> RoAkSoAx: and your laptop is broadcasting that it's a powernap client, hello, i'm ready to be managed ...
<kirkland> RoAkSoAx: and then someone decides that Andres' machine needs to go to sleep :-)
<kirkland> RoAkSoAx: i think I'd prefer an approach closer to ssh-copy-id / ssh-import-id
<kirkland> RoAkSoAx: rather than autoregistration
<kirkland> RoAkSoAx: for autoregistration, you should use orchestra + puppet/ensemble
<kirkland> RoAkSoAx: where what you're really doing is federating clients to a server
<kirkland> RoAkSoAx: that shouldn't be unique to powernap, IMHO
<kirkland> RoAkSoAx: especially while we're working on other infrastructure in the Platform/Server to do this in a general way
<kirkland> SpamapS: congrads on getting ensemble into the NEW queue ;-)
<RoAkSoAx> kirkland: right, yeah I was planning on using avahi to do something like what was done with UEC for auto-registration features, such as: MachineA publishes itself to the network sending its IP, MAC and Hostname. Then powerwaked server obtains that info, and checks the local database if it's already there or not, if not, then just register it by adding the info to the powerwake cache
<kirkland> RoAkSoAx: sorry, i'm not a big fan of that part of UEC's design/implementation
<kirkland> RoAkSoAx: i'd hate to see it repeated for powernap :-(
<RoAkSoAx> kirkland: yeah I guess if using with puppet/ensemble the idea would simply be to interact with some powerwaked API to tell it "Register this machine if it is not already registered"
<RoAkSoAx> kirkland: yeah I'm also not really fun of broadcasting that info and would rather do a real client/server approach where the client know's who the server is, and tries to register when daemon is started
<RoAkSoAx> s/fun/fan
<RoAkSoAx> kirkland: what about the usage of rabbitmq
<kirkland> RoAkSoAx: what about it?
<RoAkSoAx> kirkland: I mean, use rabbitmq to do registration, notification to the server, stuff like that
<RoAkSoAx> kirkland: for i.e. if powernap-client is "managed" then whenever it changes of state, powernap-client sends messages to the server, or noties that's gonna execute and action, or has recover from an action and stuff like that
<Eitan> hey anybody have some expereince with dl380 g4 servers?
<SpamapS> Eitan: what kind of experience? I used to use them quite a bit but only with centos.
<SpamapS> kirkland: thanks. :) Hopefully an archive admin is as congratulatory as you. ;)
<kirkland> SpamapS: hah!
<uvirtbot> New bug: #796854 in euca2ools (main) "euca-bundle-vol fails on when running tune_cmd" [Undecided,New] https://launchpad.net/bugs/796854
#ubuntu-server 2011-06-14
<kirkland> SpamapS: around?
<SpamapS> kirkland: here now, whats up?
<kirkland> SpamapS: hey man, working on my formula
<kirkland> SpamapS: i was wondering if I could build straight off of any of the php caching/acceletors
<kirkland> SpamapS: i mean, wondering if you had formulae for any of that yet
<SpamapS> you mean like apc?
<SpamapS> Anything that happens on one box is mostly handled by packaging policy already.. just throw it into an apt-get line and you're probably done.
<kirkland> SpamapS: yeah, that's what i was going to do, unless there was a more ensemble-like way of handling it
<SpamapS> no, thats sort of one of my favorite things actually. :)
<SpamapS> All the hard work people have done to make things work on one box really makes formulas *dead* easy to write.
<SpamapS> I do feel that we should make more use of debconf when possible.
<kirkland> SpamapS: cool
<kirkland> SpamapS: looking at the wordpress start script, it's empty
<kirkland> SpamapS: but the wordpress stop script stops apache
<kirkland> SpamapS: sup with that?
<SpamapS> kirkland: stop just gets run when you're destroying the service unit..
<SpamapS> kirkland: start gets run directly after install, and , IMO, is useless.
<kirkland> SpamapS: okay, so i should just dupe wordpress' behavior?
<SpamapS> kirkland: so stop is useful in helping to not show a half-dead service.
<kirkland> SpamapS: cool
<kirkland> SpamapS: one more thing, sort of an aside...
<kirkland> SpamapS: IP=`ifconfig  | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'|head -n 1`
<SpamapS> kirkland: the only diff is, you can have yours up and running as soon as install happens.. you don't have any hard external deps, right?
<kirkland> SpamapS: correct
<kirkland> SpamapS:  i know of at least 7 different places in Ubuntu where we make that sort of determination in various different ways
<kirkland> SpamapS: I'm thinking we should get one good implementation of that function into a base Ubuntu package (or a new package in the default seed)
<SpamapS> kirkland: Inoright? ;)  I am working on pulling that into a "machine info" set of tools until ensemble grows what I want in that area.
<kirkland> Inoright?
<kirkland> SpamapS: what does Inoright mean?
<SpamapS> kirkland: ideally the machine provider will provide that, and other things like external IP/hostname and instance ids that can be used agnostic of EC2 in formulas.
<SpamapS> kirkland: Heh.. I-know-right .. but in 4chan / lolcats speak ;)
<kirkland> SpamapS: hah
<SpamapS> icanhas laugh? ohai
<kirkland> SpamapS: :-)
<kirkland> SpamapS: so i know of that same assignment (by different pipes) in at least eucalyptus, byobu, cobbler, orchestra, and your formulas
<SpamapS> kirkland: Teyo was suggesting that we start a "machine information" utility that would be useful for puppet too.
<kirkland> SpamapS: facter?
<SpamapS> I thought thats what facter was. ;)
 * SpamapS installs now ;)
<SpamapS> kirkland: yeah, wtf, why don't we just use facter?
<kirkland> SpamapS: $ time facter ipaddress_wlan0
<kirkland> 192.168.1.109
<kirkland> real    0m0.837s
<kirkland> SpamapS: that's one reason (speed)
<kirkland> SpamapS: though in some cases, that might not matter
<SpamapS> yeah, spin up ruby, spin up ifconfig..
<kirkland> SpamapS: more importantly, we need to know *which* ip address to choose
<kirkland> SpamapS: i've done a lot of work on trying to logically guess that correctly in eucalyptus and byobu
<kirkland> SpamapS: interface=$(awk 'END {print $1}' /proc/net/route)
<kirkland> SpamapS: ipaddr=$(LC_ALL=C /sbin/ip -4 addr list dev "$interface" scope global)
<SpamapS> in ensemble's case, we actually have a good chance at guessing
<SpamapS> since we can potentially just have them shove *all* of the ips in, and say "pick the best route"
<kirkland> SpamapS: right
<SpamapS> but thats ... complicated stil
<SpamapS> l
<SpamapS> wow.. facter started 109 processes to tell me the ip
<SpamapS> so yeah, just starting over on that isn't a bad idea
<SpamapS> anyway, my train arrives in 9 minutes.. will have to pick this back up tomorrow. Good luck!
<kirkland> SpamapS: k
<kirkland> SpamapS: fyi, ifconfig  | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'|head -n 1 is WRONG on my laptop here
<kirkland> SpamapS: it picks my tap0 interface, for my vpn ip
<SpamapS> kirkland: laptops are *evil* ;)
<kirkland> SpamapS: hah
 * SpamapS disappears
<twb> kirkland: ow
<twb> kirkland: "ip --oneline address"
<twb> If you must awk, awk that instead of ifconfig
<kirkland> twb: agreed, i'm advocating against ifconfig for this
<kirkland> twb: the method I prefer is in the guts of http://paste.ubuntu.com/626255/
<twb> LC_ALL=C good idea, I forgot
<twb> What do you do if there is >1 iface?
<twb> Oh, you're using the default route?
<twb> Good idea
<twb> I was just doing head -1 :-)
<Datz_> Hi, I just performed some updates on my server. But when I restart, it shows that the same updates are still available. I tried to update and upgrade again, but there are no newer updates available
<Datz_> This is what I get when I log in via ssh: http://pastebin.com/k1rgAM1x
<Datz_> it would seem that the old welcome screen is still present
<Datz_> after a new one has been printed first
<Corey> Datz: Is that populated out of /etc/motd?
<Corey> Might take a look there.
<twb> Datz: :>/etc/motd.tail
<twb> Datz: I don't know why that fixes it, but it does
<twb> So.... something in the upgrade from 2.6.32-31 to -32 broke my system.
<Datz> humm, thanks
<Datz> twb: so I should just delete /etc/motd.tail?
<twb> Specifically my LXC chroots didn't start... IIRC mkdir /var/cgroups/foo failed.
<twb> Datz: no, you should run what I told you
<Datz> oh
<Datz> I wasn't familar with that
<Datz> worked great, thanks twb
<zul> jamespage: libpam4j got rejected fyi
<twb> What does java use currently instead of pam? eap?
<Lobo29> Just installed 10.04 on  a server, how can i add gnome desktop ?
<Corey> Lobo29: apt-get install ubuntu-desktop
<Lobo29> Cory; i get -  E: Invalid operation ubuntu-desktop,  tried it with sudo also
<Lobo29> Doh, My bad  :(
<sparticus> Lobo29: are you sure you typed apt-get install ubuntu-desktop
<ScottK> Also once you've done that's it's not supported here anymore.  Support is in #ubuntu.
<Lobo29> just getting to late for me, i left out "install"   should go get sleep
<Lobo29> yikes, 10 mins to install, i will be asleep by the time its done,  TY tho
<arooni> my ubuntu server hard drive space (25G) is now completely full.  how do i track down the culprit (I think its likely logs)
<twb> arooni: du -hx / | sort -hr | less
<twb> If logrotate is working the log space (/var/log) should be negligible
<dougb> can anyone recommend a good cpanel alternative?
<arooni> how do i change the time zone of the server to pst?
<twb> dougb: no
<twb> dougb: I can recommend CRAP alternatives
<arooni> dpkg-reconfigure tzdata
<arooni> got it!Q
<twb> dougb: puppet (or perhaps cfengine or chef) are the right way to manage sites.
<twb> dougb: if you want a wanktackular web interface, you can use ebox or Canonical's proprietary "landscape" solution.  There is also webmin, which we emphatically discourage.
<dougb> ok thanks twb, have you heard of ispconfig before?
<twb> Vaguely
<twb> But really, if you need a UI to administer your system, you are screwed.
<twb> You're better off investing time in learning than in trying to deploy a web UI
<dougb> i have been administrating everything through SSH
<dougb> but I just want to learn and see what is out there
<twb> Fair enough
<WinstonSmith> why do you discourage wbmin?
<WinstonSmith> err webmin even
<WinstonSmith> twb^^
<twb> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<twb> 15:31 <dpkg> Webmin is a lame web-based interface for unsafe system administration for Unix.  Check it out at http://webmin.com/  Remember, dondelelcaro *hates* webmin.  "i'd rather sit on the floor shoving table knives into live electrical outlets than run webmin on an exposed server."  Removed from Debian post-Sarge, see http://bugs.debian.org/343897 .  The Debian package from webmin.com is of poor quality.  See <f
<twb> ree whcp> for alternatives.
<WinstonSmith> are you referring to upstart?
<twb> No
<twb> webmin modules have a tendency to completely rewrite config files, e.g. deleting all comments in them
<twb> webmin will also overwrite itself with newer versions -- even if it was originally installed from their checkinstall .deb
<twb> Which, incidentally, has three critical errors and over a hundred non-critical errors, last time I looked.  That's errors that a script (lintian) can find -- a human would have bigger issues with it.
<WinstonSmith> i do not consider the update function a bug, its a feature. the comment overwriting is bad though IF you're not aware of it
<twb> Some webmin modules also have problems if a human edits a config file directly after webmin has edited it.
<WinstonSmith> but its still the best wanktackular web interface IMHO
<twb> That may well be the case
<WinstonSmith> ebox is really crap. failed 2 times while installing on a testserver had to remove by hand
<twb> I think it's like IDE emulators for Emacs -- anyone that knows enough to write one, knows enough not to need an IDE
<WinstonSmith> true that
<twb> The same applies to "WHCP"s, at dpkg calls them
<twb> So you only get ones written by utter idiots
<twb> What I wanted to do last time this came up, was to write a python-based web UI that read and wrote puppet manifests (pretend puppet manifests are JSON for a minute).
<WinstonSmith> ok thanks for the info. could you suggest a good iptables tutorial?
<twb> Unfortunately I couldn't get funding from $boss
<twb> WinstonSmith: #netfilter for that.
<twb> WinstonSmith: follow  the /topic link to "towards a better ruleset".
 * WinstonSmith is a perl lover
<twb> WinstonSmith: you can also see my example http://cyber.com.au/~twb/doc/iptab
<WinstonSmith> twb: thanks & have a very nice day :)
<twb> Oh, I don't *like* python.  I've given up fighting to keep it off my systems, tho :-(
<WinstonSmith> hehe
<twb> http://cyber.com.au/~twb/doc/grumbling.txt#python
<WinstonSmith> heh me <3 rants
<kirkland> SpamapS: lp:~kirkland/+junk/principia-pictor and lp:~kirkland/+junk/principia-musica
<kirkland> SpamapS: pretty trivial, really
<WinstonSmith> hahahaha i also got *@!? with the bloody vmware browser based console. switched to vbox never looked back
<twb> WinstonSmith: vmware-server 2?
<twb> WinstonSmith: note that vmware-server is vmware's "toy" product, it is to ESXi as MS Access is to MSSQL.  You're not supposed to actually USE it for anything serious.
<WinstonSmith> twb: dont remember the ver. tbh. was like ~4 years ago
<WinstonSmith> twb: i am also a "toy" admin for my server & the servers of a couple of friends and clients ;)
<twb> Of course, I would strongly recommend kvm and libvirt instead, because vbox is owned by oracle, and they are an "enemy of your freedom" (as RMS would say)
<WinstonSmith> yes oracle bad. but now i have over 15 installed VMs. and i dread the work of switching to another infrastructure
 * WinstonSmith is lazy
<twb> It is not that hard, at least if the guests are linux
<WinstonSmith> about half of them
<WinstonSmith> but i am following the kvm discussion. it looks rather nice. maybe one of these days i try that out
<WinstonSmith> hahah and a RH rant too!
 * WinstonSmith chuckles
<twb> It's especially better if you have server guests on a server host.
<twb> vbox caters more for the desktop-in-desktop market
<WinstonSmith> ahhh ok
<WinstonSmith> but i have a couple of headless VMs running in vbox
<twb> Like "I have linux but I need to run <stupid .exe>"
<WinstonSmith> there is wine for that
<WinstonSmith> moar wine!
 * greppy used vbox to run winxp to be able to get audible.com content onto his iPod
<twb> greppy: heh, the oldest mail in my mail archive is me asking them for documentation on their proprietary encoding
<greppy> I ping them every couple of months and ask for linux support :)
 * WinstonSmith uses vbox at clients who bought a 4000â¬ scanner and got a*al-raped by the manufacturer who just said: what drivers for vista/win7? nooo but we have this nice new machine that you can buy
<greppy> for now I have been loving the android app
<twb> I don't want them to release binaries, I want them to document their codec
<greppy> depending on how the DRM is applied, releasing that info could circumvent it.
<twb> proprietary software on linux is even more of a pain than same on windows or OS X, because on linux you have a heterogeneous base system
<WinstonSmith> DRM--
<twb> greppy: not my problem if their crypto is badly designed :P
<greppy> DRM != crypto :)
<twb> DRM relies on crypto
<twb> Sony and friends all failed because they don't understand how to do crypto
<WinstonSmith> sure but <greppy> depending on how the DRM is applied
<twb> I should say: "DRM is a specific application of cryptography"
<WinstonSmith> DRM is crypto applied by the devil ;)
<twb> A TPM, for example, is fundamentally just a ROM with shared secrets baked into it
<greppy> well, sony also failed because they put intentionally broken images onto disks to cause copy software to freak, oh and put a rootkit on an audio cd :(
<twb> greppy: different case,  I was talking PS3
<greppy> ah
<greppy> I have a ps1 that hasn't even been powered on in a year.
<WinstonSmith> greppy: but they got their karma for the rootkit hehe
<greppy> before that my only console was an originaly NES
<WinstonSmith> anyway nice chatting with you guys i am off
 * WinstonSmith goes away to learn more about iptables
<twb> The game industry needs someone to save them from all that proprietary middleware :-(
<dougb> does anyone know if there is a linode IRC chat?
<LinSkyrate> someone know why i get java error3 when opening my site? (apache2 + Ubuntu 8.04) can it be a FW issue? port problem?
<dougb> you were right twb, i should have never installed a control panel :-p
<LinSkyrate> where are the file i have to change to do a do-release-upgrade
<twb> !upgrade
<ubottu> For upgrading, see the instructions at https://help.ubuntu.com/community/UpgradeNotes - see also http://www.ubuntu.com/desktop/get-ubuntu/upgrade
<twb> LinSkyrate: I don't think there's anything
<twb> LinSkyrate: obviously there is if you're bypassing dru to do it by hand
<LinSkyrate> oki.. found it /etc/update-manager/release-upgrades
<CppIsWeird> i have a ubuntu-server hdd that i moved from one box to a completely new setup, and now it doesn't have an eth0 anymore. is there some command i need to run or something i need to do to get it to detect the new ethernet?
<LinSkyrate> hmm.. cant get vmware server to work proper..
<LinSkyrate> dont get login prompt in web
<twb> LinSkyrate: sorry, not our problem.  There is a #vmware
<twb> They are more into ESXi than vmware-server, tho
<twb> CppIsWeird: edit (or delete) /etc/udev/rules.d/*persistent-net.rules, then reboot.  ifaces will be renumbered from zero.  DO NOT delete the nearby net "generator" file.
<CppIsWeird> ok, thanks :D, i was just reading about the persistent-net file. :P
<CppIsWeird> your solution was much simpler :P
<twb> CppIsWeird: I know aaaaaall about that one :-/
<CppIsWeird> lol
<CppIsWeird> hmm, doesnt seem to have solved anything. i rebooted and it created a new one, but no new ethernet interfaces. would any supported ethernet interfaces show up under ifconfig regardless?
<twb> Oh, sorry, I thought you had an eth1 but no eth0
<twb> You're saying you have two physical interfaces, and only one is listed by "ip a" ?
<CppIsWeird> ok, under ip a, eth2 shows up. not under ifconfig. and no, not two adapters, i moved the hdd from one system to a newer completely different system.
<CppIsWeird> well i got eth2 up and working
<twb> ifconfig is legacy crap, don't use it
<twb> It would be better to have only "eth0", but if you're happy to go rename stuff in /etc/network/interfaces and so on, you can have just eth2
<CppIsWeird> im trying to get my gpu's temp over ssh, i found this http://superuser.com/questions/234828/ati-temperature-monitoring but when i use it i get invalid MIT-MAGIC-COOKIE-1 key
<e-DIO-t> !paste
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<e-DIO-t> http://paste.ubuntu.com/626430/ << any idea?!
<e-DIO-t> oi?
<uvirtbot> New bug: #797111 in amavisd-new (main) "package amavisd-new-postfix 1:2.6.5-0ubuntu2 failed to install/upgrade: Unterprozess installiertes post-installation-Skript gab den Fehlerwert 1 zurÃ¼ck" [Undecided,New] https://launchpad.net/bugs/797111
<_johnny> hi. anyone know a thing or two about ircd's? specifically i'm wondering which encoding i'm suppose to use when pushing text to the users (i'm writing an ircd). anyone have an idea? :)
<_johnny> the rfc doesn't seem to advocate, recommend or force any
<WinstonSmith> _johnny: i think there is no spec. but why not ask in #freenode?
<_johnny> WinstonSmith: i've gotten good responses in here, and it's the only place i could think of to ask such a question. is #freenode not a helpchan for freenode itself?
<_johnny> and right. and i could just relay the msg as it comes in from (a) user, but i'm just not sure if that's a "good" way to go, as one user may use utf8, and another latin1 or something. ultimately it should be a client problem, i was just wondering if maybe there was an obvious answer ;)
<WinstonSmith> _johnny: i did not mean to bugger off :), and yes there be gurus here. i am also not sure about #freenode, but i know that they have staff who know about irc from the inside
<_johnny> good point. thanks :)
<WinstonSmith> _johnny: i just remember a discussion we had in #perl not long ago about irc clients and if i remember correctly there is no clear definition of anything in irc
<_johnny> WinstonSmith: in case you/anyone wonders, the answer was simply to pass it along :)
<WinstonSmith> _johnny: heh there you got it :D where did you get the answer?
<pcperini> so, i have no idea where to go to ask this, but here goes: i have several computers on a LAN that i'd like to access via various services (http, ssh, etc.), that oftentimes overlap with one another (thus ruling out static port forwarding). is there some way i can specify the internal address of my desired location? something like 49.285.72.09>10.0.1.5
<tyreza> hello
<tyreza> is there any area to learn about hardware with linux ?
<Bilge> What's the file that generates the /etc/motd because I'm getting a double MOTD for a while now
<greppy> Bilge: delete /etc/motd.tail
<ironicum> hi
<ironicum> shouldn't allow the entry "%sudo   ALL = NOPASSWD: /usr/sbin/synaptic" in /etc/sudoers users of the group "sudo" to start synaptic without password? it still asks everytime for one
<lynxman> ping zul
<Bilge> greppy: that's what I needed, but how did I end up with that tail in the first place?
<greppy> Bilge: a bug in the code that updates the motd, I've run into it a few times.
<greppy> I know how to "fix" it but not what causes it :)
<Bilge> OK :3
<sommer> morning internets
<uvirtbot> New bug: #797196 in setserial (main) "package setserial 2.17-45.3ubuntu1 failed to install/upgrade: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 1" [Undecided,New] https://launchpad.net/bugs/797196
<queso> I have a 10.04 server with a cron job for user root that doesn't appear to be running.  Two questions: Does root's cron jobs log to /var/log/syslog?  Does this bug <https://bugs.launchpad.net/ubuntu/+source/cron/+bug/118168> still affect lucid?  (because root's crontab does not include a newline at the end)  I just want to be sure making this change will enable the jobs to run.
<uvirtbot> Launchpad bug 118168 in cron "Crontab accepts files with no newline before EOL/EOF. Cron ignores file" [Medium,Fix released]
<kirkland> SpamapS: howdy
<ironicum> shouldn't the entry "%sudo   ALL = NOPASSWD: /usr/sbin/synaptic" in /etc/sudoers allow users of the group "sudo" to start synaptic without password? it still asks for one everytime i launch it
<ruben23> hi guys i tried to do start on iptables but i get this error only----> /etc/init.d/iptables start -> -bash: /etc/init.d/iptables: No such file or directory
<kirkland> RoAkSoAx: got my PDU today :-)
<RoAkSoAx> kirkland: cool!! Which one is it?
<RoAkSoAx> kirkland: 5px?
<kirkland> RoAkSoAx: haven't opened it yet, but the box is bigger than I am :-)
<RoAkSoAx> kirkland: hahahaha yeah I almost break my back trying to open/install it xD
<lynxman> ping slangasek
<lynxman> er
<SpamapS> kirkland: here now, haven't had a chance to look at your formula quiet yet.
<SpamapS> quite even
<kirkland> SpamapS: no problem
<kirkland> SpamapS: i have two more in progress
<kirkland> SpamapS: AjaxTerm, as I've documented in https://help.ubuntu.com/community/AjaxTerm
<kirkland> SpamapS: and byobu-classroom (previously known as screenbin)
<kirkland> SpamapS: my question to you ...
<kirkland> SpamapS: is what's the contribution procedures?
<kirkland> SpamapS: ie, i want to give these to principia ... where is that process documented?
<SpamapS> kirkland: I put a contribution procedure up here http://ensemble.ubuntu.com/Principia .. would be good to get some feedback.
<SpamapS> kirkland: the fact that you're finding success and interest in formulas with no relations is very interesting to me.
<SpamapS> kirkland: maybe ensemble can just be an awesome cloud-init de-obfuscator ;)
<kirkland> SpamapS: well, i'm not sure yet what the value is over just using cloud-init
<kirkland> SpamapS: heh, maybe that's it
<kirkland> SpamapS: moreover, I think there's room for either an ensemble command, or a principia-tool
<kirkland> SpamapS: for taking a generic, trivial package installation and making it into a no-relation formula
<kirkland> SpamapS: and you could see Principia with hundreds of auto-generated formulae
<SpamapS> formulate + deploy probably works
<SpamapS> maybe just an option to formulate
<SpamapS> formulate --deployable foo
<kirkland> SpamapS: yeah
<SpamapS> actually formulate produces a deployable formula
<SpamapS> The relations are just inoperable
<kirkland> SpamapS: how do i tell ensemble to use t1.micro's instead of m1.smalls?
<kirkland> SpamapS: to save me some money developing these
<SpamapS> kirkland: edit ~/.ensemble/environments.yaml and add something to the 'sample' object    default-instance-type: m1.small
<SpamapS> or
<SpamapS> t1.micro, or w'ever
<SpamapS> kirkland: Yeah we switched to m1.small because the t1.micro's were behaving as advertised, but very inconsistently.. didn't want users to have a bad default experience.
<kirkland> SpamapS: cool, done
<kirkland> SpamapS: one more thing ... environments.yaml is created with 644 permissions
<kirkland> SpamapS: and the ensemble docs show how to put ec2 keys in that file
<kirkland> SpamapS: i think that file should be 600
<SpamapS> kirkland: https://launchpad.net/ensemble/+filebug    :-D
<SpamapS> kirkland: agreed that it should be 600
<SpamapS> and the dir should probably be 700
<kirkland> SpamapS: doing it now
<kirkland> SpamapS: just looking for validation from you ;-)
<kirkland> SpamapS: done, https://bugs.launchpad.net/ensemble/+bug/797263
<uvirtbot> Launchpad bug 797263 in ensemble "~/.ensemble permissions" [Undecided,New]
<kirkland> SpamapS: what's it take to join Ensemble Composers?
<SpamapS> kirkland: right now, you just have to promise to me that you won't accept formulas that are evil. :)
<SpamapS> kirkland: s/me/~ensemble/ actually
<kirkland> SpamapS: i promise....
<kirkland> SpamapS: so that team is who reviews formulae for principia inclusion
<kirkland> SpamapS: archive admins for principia?
<SpamapS> kirkland: they're basically like ubuntu core dev for principia
<kirkland> SpamapS: k
<SpamapS> yeah I guess even like AA
<kirkland> SpamapS: oh, another thing ...
<kirkland> SpamapS: the sample shell scripts in all of the formulae so far use #!/bin/bash
<SpamapS> anyone who can push to ~ensemble-composers/* can "create" a formula
<kirkland> SpamapS: i changed mine to #!/bin/sh
<kirkland> SpamapS: as that's a little more Ubuntu-like
<kirkland> SpamapS: but i wondered if there was any reason why the initial examples are bin/bash?
<SpamapS> kirkland: I don't know if using dash in this context is all that crucial, but certainly I try to do that.
<SpamapS> kirkland: the cool thing is, you get to pick!
<kirkland> SpamapS: cool
<SpamapS> kirkland: that reason alone may make people who are anti-chef and anti-ensemble happier. :)
<SpamapS> err
<SpamapS> anti-puppet not anti-ensemble
<SpamapS> hehehe
<kirkland> SpamapS: hehe
 * SpamapS has puppet/chef/ensemble/openstack/wtf spinning around in his head...
<ScottK> SpamapS, kirkland, somebody: Is there a explanation of why make a new thing and not use one of the existing systems for this?
 * jpds realizes that he doesn't have 'wtf' installed.
<SpamapS> ScottK: http://fewbar.com/2011/06/so-what-is-ensemble-anyway/
<SpamapS> ScottK: that makes one argument.. basically that chef/puppet cookbooks/modules are not very sharable.
<ScottK> How about FAI?
 * ScottK doesn't have an opinion, just curious.
<SpamapS> ScottK: FAI is nothing like ensemble. :)
<SpamapS> ScottK: FAI would be a closer comparison to Cobbler
<ScottK> Right.
<queso> If a server freezes such that the console is inaccessible, what could that be, or where's the first place to look?  (this is a vmware esxi guest, but esx is running fine, not sure if that's related)
<plm> I add ppa, but not show in sources.list right? where I found ppas added?
<Pici> plm: /etc/apt/sources.list.d/
<plm> Pici: are there some diference using add ppa via add-apt-repos... to add in /etc/apt/sources.list.d/  and just edit sources.list and add line there?
<Pici> plm: No difference.
<SpamapS> queso: I'd look at video .. try removing 'quiet' from the kernel commandline
<m_tadeu> hi everyone....is there another webalizer-like tool?
<SpamapS> m_tadeu: awstats
<SpamapS> m_tadeu: its worth noting that it has had serious security problems in the past. ;)
<m_tadeu> SpamapS: thanx...well if it's soved, no wories:)
<SpamapS> m_tadeu: one time sec problems are normal.. 3 or 4 major problems show a lack of understanding by the developers.
<m_tadeu> SpamapS: but, are those problems still active?
<SpamapS> m_tadeu: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=awstats
<SpamapS> m_tadeu: as I said, its not about the problems we know about, its about the endless stream of problems we don't know about
<m_tadeu> SpamapS:  :)
<RoyK> hm.... anyone that knows if it's possible to start a screen(1) to automatically be backgrounded? I can't find anything in the manual for that
<Ryan_macy> Guys how do you setup your domain to point to a ubuntu mail server?
<Daviey> RoyK: screen -d -m
<patdk-wk> google mx
<Ryan_macy> ok
<patdk-wk> damn so much google junk
<patdk-wk> wikipedia mx :)
<RoyK> Daviey: thanks
<RoAkSoAx> zul: have you played with RabbitMQ?
<RoAkSoAx> zul: and any of the python libraries?
<zul> RoAkSoAx: just a tad :)
<lynxman> RoAkSoAx: It should be okay imho, there's a python ampq implementation
<RoAkSoAx> zul: did you play with pika?
<lynxman> zul: I didn't know you know rabbitmq ;) </sarcasm>
<RoAkSoAx> lynxman: yeah I saw... though I was thinking on packaging pika
<zul> RoAkSoAx: nope
<RoAkSoAx> zul: I guess I'll package it then
<RoAkSoAx> xD
<lynxman> RoAkSoAx: :)
<zul> RoAkSoAx: ok
<RoAkSoAx> zul: what API did you use?
<pmatulis> i forget, is using hostnames in fstab generally not the way to do things?
<lullabud> regarding nfs or...?
<pmatulis> right, network resources
<lullabud> if it's mission critical and all set up with static IP#, use IP#
<lullabud> that way if DNS tanks the rest of your servers don't melt down with it.
<lullabud> or...
<lullabud> well, yeah, that's probably best unless you want to get much more complicated.
<uvirtbot> New bug: #791839 in etckeeper (main) "etckeeper runs bzr without a locale set from cron script" [Undecided,Confirmed] https://launchpad.net/bugs/791839
<RoyK> luite: if it's mission critical, use enough DNS servers
<RoyK> luite: sorry, wrong nick
<luite> :)
<RoyK> pmatulis: see above
<CppIsWeird> one of my vm's is on ubuntu 10.04, i do a do-release-upgrade and it says theres no new releases found. what gives?
<kirkland> SpamapS: okay, 'nother ensemble question
<kirkland> SpamapS: how do i prompt the user running 'ensemble deploy' for input?
<kirkland> SpamapS: can i just do it in the install hook?
<kirkland> SpamapS: i think probably not, because that runs on the target machine
<kirkland> SpamapS: basically, i need the user to choose a password
<uvirtbot> New bug: #797339 in resolvconf "apparmor profile for bind. resolvconf error" [Undecided,New] https://launchpad.net/bugs/797339
<patdk-wk> CppIsWeird, there are no new lts releases yet
<RoyK> CppIsWeird: if you want to upgrade to 10.10/11.04, edit /etc/update-manager/release-upgrades and set Prompt=normal
<CppIsWeird> thanks :)
<RoyK> just keep in mind those aren't LTS releases
<RoyK> so for most servers, you wouldn't want to do that
<RoyK> but then - you may want to anyway :)
<CppIsWeird> im probably needlessly upgrading, but im so noob im hoping upgrading fixes my problem
<RoyK> then don't
<CppIsWeird> too late :P
<RoyK> try to fix the problems instead :)
<RoyK> oh well
<CppIsWeird> i tried, i kept getting dead ends.
<RoyK> a non-lts upgrade will take you to the next release, being 10.10
<CppIsWeird> well about 5 minutes after i asked i ran across do-release-upgrade -d
<CppIsWeird> whats that take me up to?
<RoyK> always the next release, but if on 11.04, it may take you to 11.10 alpha (if that's in the repos)
<CppIsWeird> heh
<RoyK> CppIsWeird: what sort of issues did you have?
<CppIsWeird> apt-get install python-pyopencl, the site said it should exist but it doesnt. everything i looked up involved getting sources and that never works well.
<RoyK> CppIsWeird: can't find that package on lucid
<RoyK> CppIsWeird: from http://wiki.tiker.net/PyOpenCL/Installation/Linux/Ubuntu it seems you need to add some custom repos
<RoyK> (that was first hit on google search for "python-pyopencl lucid")
<CppIsWeird> guess "python-pyopencl package not found" was too noob?
<RoyK> did you add that repository?
<CppIsWeird> cant, its in the process of upgrading
<RoyK> CppIsWeird: seems the package is in maverick and later
<RoyK> CppIsWeird: seems the package is in maverick and later
<RoyK> nice - never heard of opencl before
<CppIsWeird> i hope its awesome, im fooling aroung with it for some ai dev
 * RoyK has some 150 cpu cores chewing data at work
<CppIsWeird> nice
<CppIsWeird> from what i hear, on certain problems, GPU's can be about 10 or more faster than a cpu
<RoyK> the latest addition was a 2U box with 4 mobos, each with two 12-core opterons...
<RoyK> CppIsWeird: or more - depending on the load
<CppIsWeird> nice, i want to play with one of those 12 core opterons
<CppIsWeird> i just got a 6 core i7
<RoyK> 96 cores in 2U is quite nice - each mobo with 24cores and 64GB RAM
<CppIsWeird> oh nice
<RoyK> the downside for GPUs is memory size
<CppIsWeird> take pictures, will pay for geek porn
<CppIsWeird> :P
<RoyK> it's just a boring 2U box
<CppIsWeird> oh they are never boring ;)
<CppIsWeird> look at all the guys with porn addictions, are any tits just another set of tits?
<ironicum> shouldn't the entry "%sudo   ALL = NOPASSWD: /usr/sbin/synaptic" in /etc/sudoers allow users of the group "sudo" to start synaptic without password? it still asks for one everytime i launch it
<CppIsWeird> did you reboot?
<ironicum> yes
<patdk-wk> ironicum, works for me
<CppIsWeird> maybe "%sudo   ALL = (ALL)NOPASSWD: /usr/sbin/synaptic"
<patdk-wk> %admin         ALL=NOPASSWD:/usr/bin/rsync
<patdk-wk> what I use
<RoyK> CppIsWeird: as for one, reboot after changing sudoers won't be needed
<CppIsWeird> oh, i thought it was.
<RoyK> CppIsWeird: reboot is something you do after upgrading a kernel
<RoyK> CppIsWeird: hah - windoze noob
<CppIsWeird> is my windows experience showing through?
<RoyK> :)
<patdk-wk> royk, or when mystery sets in :)
<CppIsWeird> im a software developer and i've been running linux in some form for ~5 years. it still confuses me.
<ironicum> it always asks for a password when i launch it from the kde kicker
<RoyK> CppIsWeird: as for pics for that box, couldn't find any on my phone...
<patdk-wk> oh? from gui?
<CppIsWeird> bummer. :(
<RoyK> CppIsWeird: I installed my first linux box in 1994
<patdk-wk> doesn't that use a totally different kind of sudo program
<ironicum> i changed the command line to sudo synaptic with no success
<RoyK> ironicum: what happens if you try to run it manually as that user?
<ironicum> it starts without asking for a pass
<RoyK> ironicum: and that user is member of the sudo group?
<RoyK> ironicum: IMHO specific user access should be given to a user, not group
<ironicum> id shows me in that group
<ironicum> ok, i'll try
<RoyK> ironicum: log out and in again
<RoyK> group membership is updated by the shell
<RoyK> so if that changes while you're logged in, the shell won't notice
<patdk-wk> royk, see, cppisweird reboot (and again if 1 didn't fix it) might have worked
<CppIsWeird> :P
<RoyK> your mouse moved - windows must be restarted for the change to take effect.....
<CppIsWeird> poppy cott
<CppIsWeird> your mouse moved - linux must be reconfid, recompiled, googled for 10 hours, for the change to take effect.
<RoyK> lol
<RoyK> luckily, the days where distro kernels were rather bad are (hopefully) over
<h4lfl1ng> sup guys :)
<CppIsWeird> my first linux was actually gentoo. :P
<CppIsWeird> some 8 years back or so
<RoyK> had to patch and recompile a driver the other day - the serial card wasn't supported at all, even though the producer claimed so - PCI IDs are still hardcoded...
<RoyK> CppIsWeird: slackware - in 1994 :P
<CppIsWeird> havent touched slackware yet
<RoyK> no reason to do it anyway
<CppIsWeird> lol, really :P
<CppIsWeird> i hopped on the ubuntu train about 3 years ago or so and havent left sense :P
<RoyK> I went from slackware to redhat to debian to ubuntu
<med_out> away
 * slyboots has moved from SUSE, to Slackware to Mandrake, to Redhat to... Uh.. Mandrava? I think..
<slyboots> To Gentoo, to ubuntu
<slyboots> Oh, Debian was before ubuntu
<patdk-wk> ya, I started with slackware in 93-94
<patdk-wk> moved to ubuntu like 3 years ago
<RoyK> Ubuntu: Ancient African word meaning "I'm too tired of compiling Gentoo"
<slyboots> I've often seen people maon about Ubuntu being "My first Linux" since it does a lot of the hard work for you
<slyboots> And.. That seems like such a insane thing to moan about haha..
<slyboots> "Yea it suchs because it makes your life easier"
<CppIsWeird> i actually liked starting out with gentoo
<CppIsWeird> i learned a lot
<CppIsWeird> though i've forgotten most of it cuz im lazy like that :P
<slyboots> Well, Yes. Yes I actually like for my computer to reduce my workload, not incrase it
<slyboots> *increase
<RoyK> me too
<RoyK> and LTS is good for servers
<slyboots> I never got the poitn of Gentoo..
<slyboots> "Hey I cat compile EVERYTHING!".. Why?
<slyboots> "It makes everthing faster!" Does it? I've never seen actual objective benchmarks to prove its any better, or if it is are those speed-gains so great that they agument teh downtime compiling code
<RoyK> slyboots: you may get an increase of 1-2% load if you subtract the load created by compiling everything :)
<slyboots> RoyK: So people say, I've never seen benchmarks
<slyboots> or real-world tests, That would be quite intresting to see
<RoyK> those 1-2% won't account for the time spent compiling it....
<slyboots> and as I said before.. if those gains dont give a noticable boost to agument teh downtime from compiling all that code.. well then
<RoyK> my point
<slyboots> Arch is supposed to be good.. But I like Ubuntu
<RoyK> cpu intensive tasks like data modelling should be compiled from source anyway
<h4lfl1ng> Totally stumpped :/
<slyboots> RoyK: Perhaps, but for something like Firefox or KDE.. who cares
<RoyK> slyboots: yeah
<slyboots> apt-get install firefox-bin :P
<RoyK> I wonder what happens if I apt-get install \* .....
<slyboots> The internet will explode.  So please, dont do it
<slyboots> Not even as a joke
<RoyK> :)
 * RoyK once tried to email *@*.* before he understood how SMTP worked
<h4lfl1ng> Does anyone have an idea why dhcp/dns services on a private network, would not work after restart?
<slyboots> RoyK: hehee..
<RoyK> h4lfl1ng: rebooting the server? are dhcpd/bind running?
<h4lfl1ng> RoyK: I've rebooted the server and restarted the dhcp server
<h4lfl1ng> RoyK: nothing changed..
<RoyK> h4lfl1ng: check the logs
<uvirtbot> New bug: #797336 in cloud-init "byobu-by-default cannot be disabled via cloud-config" [Undecided,New] https://launchpad.net/bugs/797336
<h4lfl1ng> RoyK: where are the logs for the dhcp?
<RoyK> h4lfl1ng: /var/log/syslog iirc
<RoyK> h4lfl1ng: or just check /var/log
<h4lfl1ng> RoyK: i checked the daemon logs..the only thing i see maybe weird is kernewl time sync status change ..ntp
<RoyK> h4lfl1ng: is dhcpd running?
<h4lfl1ng> RoyK: how would i be able to tell if it's running in the logs?
<RoyK> h4lfl1ng: ps axf| grep dhcp
<RoyK> h4lfl1ng: the logs don't have realtime data - ps has
<h4lfl1ng> RoyK: it's running
<RoyK> and no complaints on the config in the logs?
<queso> What PATH is set up by default for root's crontab?  If I look at the process's environ, it includes /usr/local/sbin, but when the crontab attempts to run a script in that directory, it says "command not found".  Do crontab commands not inherit the same PATH from the cron process?
<h4lfl1ng> RoyK: no hint of errors.
<h4lfl1ng> RoyK: it assigns ips to the clients..unknown lease
<ironicum> synaptic starts now without password, the problem was that the kickoff entry linked to synaptic-kde.desktop instead of synaptic.desktop
<h4lfl1ng> RoyK: actually it dooesn't show up in the log
<raubvogel> queso, AFAIK you can specify the path
<queso> raubvogel: like, /usr/local/sbin/mycommand  ?  Or PATH=... ; mycommand ?
<h4lfl1ng> RoyK: in sys log it just says that it wrote 4 leases to leases file
<RoyK> queso: just use the full path
<queso> RoyK: What about commands in scripts, should those specify the full paths to commands, too?
<queso> Apparently you can set PATH= at the top of the crontab.
<raubvogel> queso, if you really want check /etc/default/cron
<raubvogel> In my, say, cron.d files I call scripts to do my bidding by providing the full path
<raubvogel> in the scripts themselves I define the path I want to use and off I go
<raubvogel> Other ideas: http://linuxshellaccount.blogspot.com/2007/10/crontab-and-your-environment.html
<queso> raubvogel: great, thank you
<queso> I'm confused as to why the running cron process includes /usr/local/sbin in its PATH . . yet it still isn't looking in there when running a command.
<RoyK> queso: make a crontab job like "* * * * * echo $PATH > /tmp/path.tmp"
<queso> RoyK: Man that's a good idea :)
<^Mike> Is there a metapackage for servers like ubuntu-desktop? I could have sworn that ubuntu-server existed...
<RoyK> ^Mike: google it
<uvirtbot> RoyK: Error: "Mike:" is not a valid command.
<RoyK> ubuntulo1: stfu
<^Mike> RoyK: I did, why do you think I ended up here? O_o
<stgraber> ^Mike: there are a set of task but no single metapackage
<uvirtbot> stgraber: Error: "Mike:" is not a valid command.
<stgraber> tasksel --list-tasks | grep server
<^Mike> stgraber: How could I get a list of those to choose from?
<RoyK> ^Mike: https://help.ubuntu.com/community/MetaPackages <- first hit on google
<uvirtbot> RoyK: Error: "Mike:" is not a valid command.
<^Mike> psychic++
<RoyK> someone should fix that bot
<^Mike> someone shoot that bot D:
<stgraber> RoyK: right, and you'll notice that except edubuntu-server (that I deprecated last cycle) there's no metapackage for server though there are tasks that server the same goal
<stgraber> RoyK: so I still think it was a good thing for ^Mike to come and ask here as it's far from being obvious
<RoyK> stgraber: sorry - did you mean a metapackage for "server"?
<stgraber> ^Mike: you can also run "sudo tasksel" which will show you the same dialog as you got at the end of your install
<uvirtbot> stgraber: Error: "Mike:" is not a valid command.
<RoyK> "server" is a subset of what's in "desktop" except perhaps another kernel
<RoyK> the basic "server" is a stripped down "desktop", but with a -server kernel
<Daviey> RoyK: err, that is way oversimplyfing it
<RoyK> Daviey: not really
<Daviey> RoyK: err ya realy.
<stgraber> RoyK: and that's also wrong
<^Mike> fight! fight! fight!
 * ^Mike gathers all the other ruffians to gather 'round
<RoyK> tell me, what does a basic server install have that a desktop install lacks?
<stgraber> RoyK: for example "byobu" is part of the server task, so will get installed on a server. But it's not part of the ubuntu-desktop task or metapackage
<Daviey> RoyK: compare the seeds.
<stgraber> https://code.launchpad.net/~ubuntu-core-dev/ubuntu-seeds is where all the seeds are defined including their dependencies
<RoyK> stgraber: that's not a server thing - it's just another screen wrapper
<RoyK> stgraber: the base install for a server is still in desktop
<RoyK> even sshd isn't in server by standard
<Daviey> RoyK: please expand on that.. "base install for a server is still in desktop"
<Daviey> that doesn't make sense to me.
<stgraber> RoyK: if you install a minimal server (at least in oneiric), you'll have "byobu" installed. If you install a desktop on Oneiric you won't.
<stgraber> RoyK: so without even discussing what byobu is, it proves that your "server is a subset of desktop" assumption is wrong
<RoyK> Daviey: server is a minimal install - desktop has a lot more. sshd is in server only if you add it specifically
<Daviey> w3m isn't installed by default on the Desktop
<stgraber> now, I just hope that you realize that you are fighting (for lack of better words) on the definition of meta packages and seeds with two developers who happen to have the rights to change them and who (at least in my case) is responsible for quite a few of them :)
<RoyK> stgraber: byobu isn't very necessary for most server installs anyway - I don't see why it should be there by standard
<RoyK> or by default, even
<Daviey> stgraber: TBH, i was starting to rethink my life.  Perhaps spending my working days maintaining something which clearly doesn't exist is pointless.
<stgraber> Daviey: hehe ;)
<EricJ> I guess that if people would want truly minimal servers, they'd run slack :)
<Daviey> all we need to do is convert the server iso is whack in a ost install script of apt-get remove --purge *-desktop
<Daviey> job done, we can all go home.
<stgraber> IIRC current "minimal" server is: ubuntu-minimal + ubuntu-standard + server task
<stgraber> though you could build your ultra-minimal ubuntu by just installing ubuntu-minimal (essentially what a debootstrap will give you)
<RoyK> install ubuntu-server without ticking off anything useful, and it'll be quite minimal, not even sshd willl be installed
<RoyK> hitting F4 and choosing minimal will make it even less useful :P
<EricJ> Pretty sure that's what I did last time I installed.
<EricJ> Everything excluded, then went back and pulled in the packages I needed by hand.
<EricJ> Must admit, not a fan of these huge meta-packages.
<SpamapS> kirkland: re choosing a password, that will be handled by the settings API, which I think is about to land or just landed
<SpamapS> kirkland: you should ask in #ubuntu-ensemble ... they'll know. :)
<kirkland> SpamapS: yup, talked to them
<kirkland> SpamapS: i'm just finishing a formula called byobu-web, that does a byobu web service using ajaxterm ;-)
<SpamapS> kirkland: nice. I've been thinking about building an rsync formula to solve the "shared upload" problem until I can wrap my head around gluster/nfs
<SpamapS> actually let me re-say that where the right people might see it
<tladuke> hi. haven't used ubuntu or apache in a while. installed LAMP stack, but when I browsed to /somesite, it downloads index.php. dir.conf is enabled.
<tladuke> browsing /somesite/index.php works
<selynda> hello, im trying to setup a ubuntu server for the very first time (my first server)
<selynda> basically I want to use to access music,videos and pics, nothing big or fancy, and I am thinking I should go with the samba file server to do so
<CppIsWeird> selynda, yes, use samba
<selynda> but what I am wondering is, what are the recommended hardware  specs I would need to do this?
<CppIsWeird> hmm, do you have a ti-83 calculator handy?
<selynda> no
<CppIsWeird> well i think thats the bare minimum specs :P
<selynda> hehehehe nice
<selynda> ok, so a normal desktop PC should work then?
<CppIsWeird> lol, yes :)
<CppIsWeird> whats the cpu & ram?
<selynda> not exactly sure, basically my girl has a desktop they don't use, and decided to let me play around with it, and I thought about turning into a server
<CppIsWeird> lol, w/e it is it will probably work :P
<selynda> I am guessing somewhere around 2GB of ram, and 320GB HDD?
<CppIsWeird> ls
<CppIsWeird> wrong window
<CppIsWeird> :P
<selynda> :)
#ubuntu-server 2011-06-15
<selynda> ok, so assuming that the specs are good, is there anything special I need to do to be able to connect remotely via my other ubuntu computers?
<cloakable> nope :)
<selynda> cool, so how would I go about doing that?
<selynda> so if I use the connect to server option in ubuntu, where it says server I would just enter the IP address?
<cloakable> Or hostname
<cloakable> Not sure how the ubuntu connect to server option works; I use Kubuntu
<selynda> ok cool, but I would have to set up an FTP or SSH right?
<qman__> selynda, no, samba alone would allow access
<qman__> however, ubuntu to ubuntu, I'd suggest using sftp since it's easier to configure
<cloakable> Plus SSH is simple to setup
<qman__> as in, there is no configuration, just install
<cloakable> ssh is even easier iirc
<selynda> ok, cool but when I connect to server it asks for service type...
<qman__> also, bare minimum specs if you use ubuntu server are somewhere around a 386 CPU and 64MB RAM
<qman__> though I'd suggest at least 256MB for reasonable performance
<selynda> qman: cool thanks
<qman__> and an i686+ CPU so you don't have to manually install a different kernel
<qman__> so, K6-II or pentium II
<qman__> maybe some pentium 1s
<cloakable> Or an Atom :)
<selynda> hehe
<qman__> an atom is Pentium III based
 * cloakable runs Ubuntu Server on an Atom
<qman__> the progression was Tualatin P3, Pentium III-M, Pentium M, one other intel mobile chip, then the atom
<cloakable> ahh
<cloakable> Then the various atoms
<qman__> for that particular architecture
<qman__> yeah
<RoAkSoAx> kirkland: ping
<kirkland> RoAkSoAx: pong
 * Daviey waits for the return volley of the table tennis game that is ping-pong between RoAkSoAx and kirkland.
<uvirtbot> New bug: #797462 in samba (main) "package samba-common-bin 2:3.5.8~dfsg-1ubuntu2.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/797462
<selynda> ok so I downloaded and burnt the server ISO, but it won't boot....my ubuntu desktop ISO boots fine though
<rewt> which version?
<rewt> selynda, compare your iso's md5 with the one listed on here:  https://help.ubuntu.com/community/UbuntuHashes
<selynda> 11.04, I re downloaded and burned it and it works now, I think it was the burning software I was using
<qman__> selynda, you can also check the md5 of a burned disc by running 'sudo md5sum /dev/scd0' (replacing that with your cdrom device) and it should match up with the md5sum on the ubuntu mirror
<Anime-girl1> ok when I am setting up my server, I am asked to partition the disk, I want to use the entire disk, but dont know if I should do it with LVM or not
<Anime-girl1> ?
<Anime-girl1> what is LVM?
<rewt> logical volume management
<rewt> http://en.wikipedia.org/wiki/Logical_Volume_Manager_%28Linux%29
<Anime-girl> ok so I got my server set up, so why can't I log into it?
<twb> Define "log in".  SSH?
<Anime-girl> yes
<twb> Is openssh-server installed?
<Anime-girl> it says connection refused by server
<Anime-girl> i dont know, just installed ubuntu server from the disc, and was under the impression there wasnt anything I had to do to set up ssh
<twb> You were wrong.
<Anime-girl> hmmm they lied!!!
<Anime-girl> ;)
<twb> Unless you perform the initial install over SSH, or choose the "SSH server" task in tasksel, you will need to manually install openssh-server after installation.
<twb> Ideally, you will also lock down the sshd_config, e.g. turning off single-factor authentication, restricting access to a whitelist of "real" users/groups, etc.
<ScottK> so 'almost nothing'.
<twb> http://paste.debian.net/119877/ <-- example
<Anime-girl> ok, got it
<Anime-girl> now what about joining the server with the host name? how do I set that up?
<twb> Anime-girl: I don't know what that means
<Anime-girl> twb: like when I go to connect to server via ubuntu, it pops up a window and asks for the service type (ssh) and then the server
<Anime-girl> I can enter in the IP address and connect that way, but would like to use the host name that I think I set up when installing the server
<twb> Anime-girl: so you need the hostname to resolve to the IP address
<Anime-girl> yes!
<twb> You're probably running DNS
<twb> Go tell your DNS server about that mapping, then
<Anime-girl> twb: huh?
<twb> Anime-girl: how do you know where, say, "google.com" is?
<Anime-girl> I know, but I got confused for a second
<littlebearz> twb: look at the DNS server, i use 8.8.8.8
<twb> littlebearz: I was helping Anime-girl, not the other way around
<uvirtbot> New bug: #797305 in dahdi-linux (universe) "package dahdi-dkms 1:2.3.0.1 dfsg-2ubuntu2 failed to install/upgrade: dahdi kernel module failed to build" [Undecided,New] https://launchpad.net/bugs/797305
<uvirtbot> New bug: #797161 in amavisd-new (main) "package amavisd-new-postfix (not installed) failed to install/upgrade: underproces installerede post-installation-script returnerede afslutningsstatus 1" [Undecided,New] https://launchpad.net/bugs/797161
<eagles0513875|2> hey guys is anyone having issues with apache2 on 10.04
<eagles0513875|2> i have a really annoying issue that it is not able to write to log files granted permissions are the same as on another server and apache is failing to start
<a_ok2> logrotate runs every day but I get rather weird rotation with each sunday
<a_ok2> How can I just have a straght line 7 days of logs
<hggdh> Daviey: the machine vector is yours, right?
<hggdh> (as far as Jenkins is concerned)
<Daviey> hggdh: yah
<hggdh> Daviey: you might want to clean up some space, if you do not mind ;-)
<Daviey> oh, is it full?
<hggdh> rather so
<Daviey> hggdh: done now.. /var is a huge parition, am i able to make better use of that space?
<Daviey> hggdh: What do i need to symlink? :)
<jibel> Daviey, could you also upgrade ubuntu-server-iso-testing to 1.0-1~ppa16 ?
<hggdh> Daviey: super-James will answer :-)
<Daviey> on it
<jibel> Daviey, thanks, it will prevent to fill the disk with isos on next run.
<Daviey> super
<Daviey> Any news on Jenkins reporting btw?
<Daviey> ie, emails on failure?
<hggdh> Daviey: working on them :-)
<Daviey> hggdh: super!
<jamespage> Daviey: please can you make a couple of directories somewhere in /var that have write permissions for the usit user
<jamespage> We can then point the ISO and test storage to different locations for the node specification in Jenkins
 * jamespage thinks we can at least
 * hggdh relies on jamespage
<Daviey> jamespage: if it's easier, i can just symlink where the data is currently being stored?
<jamespage> nah - its really easy todo this in Jenkins with the testing frameowkr
<Daviey> jibel: (i'm o ~17)
<Daviey> jamespage: ok
<jamespage> hmm well almost - please can you symlink one called ${HOME}/isos
<jamespage> the other one I can configure
 * jamespage adds a feature request to iso-testing
<wild_oscar> hi. has anyone here got experience with mdadm? more specifically, I was reading in the wiki "No handling of raid degradation during boot for non-root filesystems  (i.e. /home) at all. (Boot simply stops at a recovery console.) " does this mean if I create a raid for /mnt/somemountPoint and a disk fails, it'll be stuck at boot?
<dob_> Hi, is it correct, that php5 isn't compiled with mysqlnd by default?
<ikonia> dob_: it's broke down into modules, you install the modules you want
<dob_> yes, but i think it's compiled without the native driver
<dob_> the mysql extension seems to use the old mysql libraries...
<dob_> i downloaded the sources and there wasn't a --with-mysqli=mysqlnd, instead it seems to point to the mysql libs
<ikonia> dob_: yes, it uses the mysql libs so that version changes match up
<ikonia> I thought there was a module for the internal php driver, but I could be wrong
<dob_> no, there isn't a module in the default repositories
<dob_> so the default "ubuntu" php driver's are not the ones with the best performance
<patdk-wk> performance is realative
<dob_> ah yes ;-9
<dob_> ;-)
<plm> people, I would like to create a LATIN1 encoding one new postgresql database.. but ubuntu not how LATIN1 enconding in locale -a. How I addh latin1 locale? http://dpaste.com/554532/
<plm> anyone?
<ikonia> plm: is there a LATIN1 package in the repos ?
<sommer> morning all
<jamespage> hey sommer
<sommer> today is going to be an awesome day... I can tell already :-)
<soren> sommer: It'll pass.
<Daviey> soren: bah, your negativity made sommer /quit :)
<Daviey> positive mental attitude all!
<Daviey> sommer: *awesome*
<sommer> :-)
<uvirtbot> New bug: #797705 in bind9 (main) "package bind9 1:9.7.3.dfsg-1ubuntu2.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/797705
<RoAkSoAx> morning all
<wild_oscar> has anyone here got experience with mdadm? more specifically, I was reading in the wiki "No handling of raid degradation during boot for non-root filesystems  (i.e. /home) at all. (Boot simply stops at a recovery console.) " does this mean if I create a raid for /mnt/somemountPoint and a disk fails, it'll be stuck at boot?
<hggdh> Daviey: life sucks, then you die (keeping on, and improving on soren's comment) :-)
<Daviey> :P
<uvirtbot> New bug: #797716 in libapache2-mod-perl2 (main) "libapache2-mod-perl2 FTBFS on Oneiric" [Undecided,New] https://launchpad.net/bugs/797716
<cemc> where is the motd file updated exactly on 10.04 ?
<cemc> the motd says that system needs to be restarted, but I restarted it twice, it still says that
<cemc> and the 'welcome to ubuntu... documentation url...' text appears twice
<RoAkSoAx> smoser: ping
<smoser> RoAkSoAx, here
<RoAkSoAx> smoser: did you propose for merging this branch: ? https://code.launchpad.net/~smoser/ubuntu/oneiric/cheetah/merge-debian-2.4.4-2/+merge/64250
<RoAkSoAx> smoser: or was it left unmerged or created automatically for some reason
<RoAkSoAx> smoser: since the branch seems to be only the removal of the .pc directory
<smoser> RoAkSoAx, i have to look.
<RoAkSoAx> smoser: maybe this was created when uploading the branch and dpkg-source -x extracts applying patches
<RoAkSoAx> smoser: and the comparison failed
<RoAkSoAx> so that branch was left as a conflict maybe
<RoAkSoAx> something similar happened to me the other day
<RoAkSoAx> smoser: can you fix the permissions of http://people.canonical.com/~smoser/bugs/797395/ as I can't dget please :)?
<WinstonSmith> cemc: what does ls /etc/mot* say?
<cemc> WinstonSmith: http://pastebin.ubuntu.com/627377/
<WinstonSmith> cemc: rm /etc/motd.tail
<kevinash> Hi. I have used 'apt-get install unattended-upgrades' and configured to run everyday. Problem is, that the job runs at the time that I installed the actual package. Where/how can I configure the time that I want the unattended upgrade to run? Ubuntu Server 10.04.
<cemc> WinstonSmith: it worked. any explanation?
<WinstonSmith> its a bug thats been around for some time now. something goes wrong during update resulting in 2 motd.
<cemc> WinstonSmith: I see. thanks!
<WinstonSmith> cemc: your welcome
<Jcook_5xData> quick ? I create a raid 1 on install how can I check that it set up and running well
<cemc> Jcook_5xData: cat /proc/mdstat
<Jcook_5xData> thank I will check it out
<cemc> Jcook_5xData: you should see your mdX device there, with the two (or more) members (like sdaX, sdbX) and look for [UU]
<Jcook_5xData> cemc, is there a dialog like app that say something raid OK or is disgraded or some thing like that?
<Jcook_5xData> I just wonder because if start to fails. how will i know
<RoAkSoAx> smoser: ping
<Jcook_5xData> cemc, I dont think this look right http://pastebin.com/8pmM1CU7
<cemc> Jcook_5xData: indeed, it doesn't look good. sda1 seems to be missing
<cemc> Jcook_5xData: check the logs /var/log/syslog
<smoser> RoAkSoAx, here
<smoser> you got what you needed right?
<smoser> that diff was strange in the link you sent.
<RoAkSoAx> smoser: yeah
<RoAkSoAx> smoser: now I need to correct the permission for http://people.canonical.com/~smoser/bugs/797395/
<RoAkSoAx> smoser: I can't dget :(
<RoAkSoAx> s/need to/need you to/
<Jcook_5xData> what am I looking for
<smoser> ah.
<smoser> thanks.
<Jcook_5xData> cemc, my guess is I set it up wrong. Is there a way I can fix it on running system or do I need to reinstall it?
<smoser> RoAkSoAx, try again
<smoser> RoAkSoAx, the rdscli would be nice too.... :)
<zul> NCommand1r: hey libvirt currently ftbfs on arm ill upload a fixed patch tonight
<RoAkSoAx> smoser: yeah will take care of it too :)
<ttx> smoser: around ?
<smoser> here
<ttx> smoser: _0x44 is working on https://blueprints.launchpad.net/nova/+spec/configuration-drive, which is slightly parallel to what you proposed in instance-transport
<ttx> Could be good to ping him to make sure you get what you need out of it ?
<ttx> My understanding is that his method is only boot-time and static
<smoser> i can ... i really think that adding more boot-time and static is just delaying the need to solve it correctly.
<smoser> but i've done nothing on what i was proposing.... so...
<smoser> is 0x44 on irc?
<ttx> smoser: I guess his thing could be evolved in the future, but static block device is better than nothing.
<ttx> yes, "_0x44"
<SpamapS> gah! my font just went to plaid
 * SpamapS wonders which update caused this
<ttx> smoser: I'll remove instance-transport from the diablo map, at least until someone commits to doing it. I guess we can live with configuration-drive in the mean time
<wild_oscar> has anyone here got experience with mdadm? more specifically, I was reading in the wiki "No handling of raid degradation during boot for non-root filesystems  (i.e. /home) at all. (Boot simply stops at a recovery console.) ".  does this mean if I create a raid for /mnt/somemountPoint and a disk fails, it'll be stuck at boot?
<smoser> ttx, yeah... talking with _0x44 now. i think thats probably the right idea. but the currently proposed implementation is not what i would favor.
<ttx> smoser: try to trick him into doing what you want :)
<ttx> let's see if you would make a good release manager.
<uvirtbot> New bug: #797798 in clamav (main) "package clamav-freshclam 0.95.3 dfsg-1ubuntu0.09.10.4 failed to install/upgrade: problemas de dependencias - se deja sin configurar" [Undecided,New] https://launchpad.net/bugs/797798
<RoAkSoAx> smoser: ping
<smoser> here
<smoser> ro
<smoser> RoAkSoAx,
<RoAkSoAx> smoser: http://paste.ubuntu.com/627445/ -> did you do any manual modifications to that file?
<RoAkSoAx> that rdscli
<smoser> probably not. how did you get that diff ?
<smoser> i suspect that is bzr failure
<smoser> oh wait.
<smoser> where was that ?
<smoser> shoot.
<RoAkSoAx> smoser: maybe. those diff's are created when for example (on a quilt 3.0 package format) you make a modification to a file directly, and then you debuild -S
<RoAkSoAx> smoser: it separates the changes made to a file into a patch under debian/patches
<smoser> right. they are.
<smoser> hold on
<RoAkSoAx> smoser: so if that happens and you don't notice it, every time you unpack a *.dsc then, those patches will be there
<smoser> yeah, i know.
<smoser> let me see why it was there.
<smoser> RoAkSoAx, ok. i'll fix and put a new file on people.canonical
<RoAkSoAx> smoser: no worries
<smoser> there was a space inserted in the local file
<RoAkSoAx> smoser: i just dropped that patch
<smoser> so... i think we had this conversation before
<smoser> is there a way to tell debuild -S
<smoser> to *fail* if there are changes not accounted for ?
<RoAkSoAx> smoser: not that I know of
<RoAkSoAx> :S
<smoser> i really hate that automagic diff
<RoAkSoAx> smoser: hehehe yeah sometimes is a PITA
<smoser> it has caused 3 problems by 3 different ubuntu server developers in the past week
<RoAkSoAx> smoser: but yes, no worries, I'll drop that patch myself and make sure is no longer created
<RoAkSoAx> smoser: indeed, I think we need to raise this in a ML, as well as the creation of the .pc directories with patches applied
<wild_oscar> in a raid, what is meant by "disk fail"? is having bad blocks a disk fail?
<smoser> RoAkSoAx, ok. that is now avaailble on people.canonical
<smoser> in the same directory, just overwritten
<RoAkSoAx> smoser: cool, thanks
<smoser> RoAkSoAx,  do you think you could push the bzr tree ?
<smoser> if difficult or likely to cause problems, i'd say FORGET IT
<smoser> but if we can save that history, then i wouldn't mind having it.
<smoser> given my recent experience with breaking the importer, i think maybe just best to let it do its job, and i'll re-set my ppa trees though.
<RoAkSoAx> smoser: yeah I think we could wait till the packages get's accepted by an archive admin
<RoAkSoAx> smoser: cause it has to pass through there once I upload it
<RoAkSoAx> since it is a new package
<smoser> right.
<adam_g> kirkland: ping
<kirkland> adam_g: yo!
<adam_g> kirkland: hey man, what cobbler package were  you speakin of in reply to my msg about mysql + debconf?
<kirkland> adam_g: one sec...
<Daviey> smoser: talking of auto diff...
<Daviey> $ cat ~/.devscripts
<Daviey> DEBUILD_DPKG_BUILDPACKAGE_OPTS="--source-option=--abort-on-upstream-changes"
<Daviey> enjoy.
<kirkland> adam_g: wow, sorry, i was completely off ... it's orchestra itself
<kirkland> adam_g: ./debian/ubuntu-orchestra-management-server.postinst:           mysql --defaults-extra-file=/etc/mysql/debian.cnf --execute="create database if not exists ${MYSQL_PUPPET_DATABASE}"
<kirkland> adam_g: the password is stored in /etc/mysql/debian.cnf
<kirkland> adam_g: that file is perm'd 600
<kirkland> adam_g: as far as i'm aware, that's our distro best practice for automating mysql commands as root, where mysql passwords are needed
<adam_g> kirkland: ya, i had found that just now. its assumed that every new mysql-server has the debian.cnf with the valid root passwd?
<smoser> whoot! danke, Daviey
<kirkland> adam_g: correctamundo
<smoser> Daviey, i also like how you used '~' to hide the fact that '~' for you is /root
<adam_g> kirkland: okay, that help a lot for our use case. thanks!
<kirkland> adam_g: the goal, i think, is to a) keep it out of debconf's db, and b) keep it from appearing in ps output from passing it in clear on the command line
<Daviey> smoser: I had to dig through the dpkg code to find that... I was gonna write support for it myself :)
<kirkland> adam_g: and the above method solves both of those
<Daviey> smoser: lol
<kirkland> adam_g: you still have a cleartext password on disk
<kirkland> adam_g: so if somone has physical access to the box, obviously they can boot a live cd and steal that pw
<kirkland> adam_g: but if someone has physical access to your server, you better trust them already
<adam_g> kirkland: right
<Daviey> adam_g / kirkland: is this for installing, or ongoing?
<adam_g> kirk: do you know if setting the root mysql passwd to something other than whats stored in debian.cnf will break upgrades?
<Daviey> as in, you need the password to bootstrap, or for the lifetime?
<kirkland> Daviey: probably lifetime?
<kirkland> Daviey: certainly for upgrades
<patdk-wk> adam_g that isn't the root password, that is debian-sys-maint user password
<kirkland> adam_g: yeah, will break upgrades
<kirkland> adam_g: you'd need to update it in debian.cnf, if you change it
<adam_g> 10-4
<NCommand1r> zul: persia was working on a fix for that
<zul> NCommand1r: cool i have a fix for it as well :)
<uvirtbot> New bug: #797832 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.41-3ubuntu12.10 failed to install/upgrade: subprocess new pre-installation script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/797832
<ahasenack> hi guys, are you aware of an ssl problem that may be affecting lucid on the server side?
<ahasenack> right now, for example, this errors: gnutls-cli admin.landscape.canonical.com
<ahasenack> same for chromium and firefox when accessing that site
<ahasenack> it was working just a few moments ago, and will eventually resume working later in the day, or when apache is restarted
<ahasenack> we see this accross several servers every few days/weeks
<slyboots> well.. I doubt anyone here has any control over that
<ahasenack> slyboots: I'm not thinking about sysadmins, but about the ssl packages in ubuntu now
<zul> mdeslaur: ^^^
<ahasenack> slyboots: just wondering if somebody else saw something similar
<mdeslaur> ahasenack: nope, I haven't seen that...but it may be related to having your intermediate certs out of order
<ahasenack> mdeslaur: a restart would fix that?
<mdeslaur> ahasenack: ah, no
<ahasenack> openssl's s_client is also failing, with a padding check failure
<mdeslaur> ahasenack: if you downgrade openssl and/or apache on the server, does it go away? can you pinpoint when it started doing that?
<ahasenack> mdeslaur: not precisely, just "months ago"
<mdeslaur> ahasenack: also, try changing <VirtualHost *> to <VirtualHost *:80>
<ahasenack> mdeslaur: I can't downgrade it, also because it would take days/weeks to happen again and we can't leave the server running without updates for that long
<mdeslaur> ahasenack: apparently some versions of apache get confused and send unencrypted stuff to 443 by mistake
<ahasenack> mdeslaur: all our VirtualHost directives have a port number, and some also have ip:port
<patdk-wk> are you missing ssl enable stuff on your :443 vhosts?
<ahasenack> no, and a restart wouldn't fix the problem if that were the case
<patdk-wk> oh, didn't know that fixed it
<ahasenack> actually, a graceful restart, not a full restart
<ahasenack> np
<mdeslaur> ahasenack: are there any proxies between that server and the net? is it happening on the lan right in front of the web server?
<ahasenack> if I try to access http on port 443, it complains about a bad request as expected
<ahasenack> mdeslaur: let me try localhost
<ahasenack> mdeslaur: happens on the same machine, using its fqdn, which points to the IP on its eth0
<mdeslaur> ok, hmm
<ahasenack> that machine has a few vhosts for ssl, the others are working (or most of them, I didn't try one by one)
<ahasenack> they all point to the same ip
<ahasenack> so it's using that ssl/tls extension about the server name
<mdeslaur> ahasenack: this is bug #795355?
<uvirtbot> Launchpad bug 795355 in openssl "Intermittent SSL connection faults" [Undecided,New] https://launchpad.net/bugs/795355
<ahasenack> mdeslaur: maybe, let me check
<roberthend> Hello, i'm going to setup a FTP server and a SSH server on one machine, but the machine got enough power to do more then only this. Does somebody have a good idea to do with the rest of the power that the machine offers ?
<ahasenack> mdeslaur: looks exactly like it
<ahasenack> mdeslaur: same error message from openssl, same "fix" (reload), intermittent behavior
<ahasenack> mdeslaur: hmm, the other common thing is that a wildcard cert is being used
<mdeslaur> curiously, the only bug that's been reported is also on a canonical server
<ahasenack> yeah, that's probably our IS guy, I see some people complained to IS and they said they would open a bug
<roberthend> BTW, is there a guide to set up a safe server ?
<ahasenack> it's a different cert, but most likely a wildcard one too
<mdeslaur> ahasenack: maybe try a backported openssl from natty
<mdeslaur> since he already tried a backported apache
<ahasenack> mdeslaur: I think he did that, he mentions a backport
<mdeslaur> ahasenack: he mentions apache, but not openssl
<slyboots> I think my brain is going to melt, trying to get email working haha..
<ahasenack> mdeslaur: that bug link is about mod_ssl actually
<ahasenack> anyway
<mdeslaur> ahasenack: uhm, yeah...you're not using apache2's mod_ssl for your https?
<mdeslaur> and mod_ssl uses openssl
<ahasenack> it's hard to make it happen, and even harder because once it happens, and you want to try something, the restart that you need to do "cures" it
<ahasenack> mdeslaur: yeah, it's openssl
<ahasenack> mdeslaur: got your point, ok
<ahasenack> mdeslaur: I'll reload it now, need it working again. If somebody gets a report like this from a non canonical.com site, that would be most interesting
<ahasenack> mdeslaur: thanks for the discussion
<mdeslaur> ahasenack: I do see mention of similar failures on a few websites
<mdeslaur> ahasenack: this thread has someone updating openssl to 0.9.8n: http://code.google.com/p/cherokee/issues/detail?id=594
<mdeslaur> ahasenack: I think an openssl backport from natty to lucid would be worthwhile as the next test
<ahasenack> mdeslaur: that won't need a rebuild? What version is in natty?
<mdeslaur> ahasenack: also, subscribe yourself to bug 795355, and let's follow the discussion there
<uvirtbot> Launchpad bug 795355 in openssl "Intermittent SSL connection faults" [Undecided,New] https://launchpad.net/bugs/795355
<ahasenack> admin.landscape.canonical.com was just graceful'ed, ssl is working now
<ChmEarl> does 11.10 still have a symlink from /usr/lib64 -> /usr/lib/  ?
<ChmEarl> in amd64
<soren> smoser: While you're in there, could you remove me from the Maintainer field of ec2-ami-tools?
<smoser> too late
<smoser> but i will do that.
<smoser> soren, should that be me ?
<smoser> or should it be ubuntu-devel
<smoser> it seems (https://wiki.ubuntu.com/PackagingGuide/Complete) that it should be ubuntu-devel-discuss. i only wondered because of multiverse
<soren> smoser: It can be you, if you want.
<smoser> i
<smoser> i'd rather it not
<soren> you
<soren> I know the feeling :)
<soren> No worries, ubuntu-devel-discuss is fine.
<smoser> so i'll just leave it as soren
<smoser> :)
<soren> bah
<soren> smoser: Who the update, though? Why not just remove it? Doesn't euca2ools do all we need?
<soren> s/Who/Why/
<zul> soren: what?! you dont want the maintainer to be Soren "The Cool Dude Golfer Dude" Hansen <soren@ubuntu.com> :)
<smoser> soren, probably... i will conssider that in the future.
<soren> zul: I should really find that golfer idiot's e-mail address and put that.
<zul> hahaha
<lynxman> soren: have you tried contacting him at idiotgolfer@aol.com?
<Xago> Hi, How can I know IP address if I have MacAdress only?
<lifeless> SpamapS: is http://blog.bodhizazen.net/linux/lxc-configure-ubuntu-lucid-containers/ good advice?
<Daviey> Xago: if you have communicated to it recently, hopefully it's in your ARP cache.  Otherwise, your router might have an idea.
<Xago> I was watching into my router :(
<Xago> niether arp
<Dynamit> i have wierd problem if im write http://84.55.71.22/annat/ the dir is showing but not the content in the map
<Dynamit> never got this problem before so i dunno how to fix it
 * slyboots makes a noise thats like a honk..but isnt!
<Corey> Dynamit: Check your logs.
<Corey> ENsure it's going where you THINK it's going.
<Dynamit> i will get help from a very good friend
<Corey> Okay then
<axisys> how do I get a puppet version higher than 0.25.4 on lucid? it is very old
<axisys> would be nice if that one upgrades automatically with apt
<axisys> otherwise last resort would be just download a copy from puppetlabs
<SpamapS> lifeless: reading
<SpamapS> lifeless: its important to note that, since that post, lxc has been disabled in the default updated lucid kernel
<SpamapS> lifeless: you have to use the lts backport kernel
<SpamapS> lifeless: serge from our team did a bunch of stuff to make spawning lucid on maverick and natty work pretty well tho
<lifeless> SpamapS: are there docs?
<lifeless> SpamapS: what I want is lucid userspace lxc on my natty machine
<lifeless> for lp dev
<SpamapS> lxc-create -n lucid-test-lp -t lucid -f /etc/lxc/basic.conf
<lifeless> so edit that file to assign ip address etc?
<SpamapS> lifeless: yes, man 5 lxc.conf has some helpful stuff too
<lifeless> kk thanks
<SpamapS> hrm
<SpamapS> I'm having trouble starting the containers.. I think there's a step I forgot
<SpamapS> lifeless: looks like there's a bug that may get in the way..
<SpamapS> lifeless: bug #784093 .. I just posted a workaround if you happen to hit it
<uvirtbot> Launchpad bug 784093 in lxc "lxc broken by cgroup-bin" [Undecided,New] https://launchpad.net/bugs/784093
<SpamapS> lifeless: also the default templates don't seem to create any users.. that can be.. hindering
<lifeless> heh
<lifeless> for bind mounted dirs
<lifeless> uids need to match, right ?
<SpamapS> lifeless: tho I think for you, you can make a 'lp-test' template that does all you need.
<SpamapS> lifeless: yes
<silence9> hi there, I screwed something up using webmin to admister samba on ubuntu server. and yes yes I know, bad webmin, not supported, i've learned my lesson but i'd appreciate any help in fixing the issue I caused with it
<silence9> I used the 'convert unix users to samba users' in webmin and it made my domain go crazy, i have two samba pdc's serving about 40 windows machines that now cannot locate the domain after i made that mistake
<lcb> hi. any known "web based operating system" to install into 11.04?
<SpamapS> silence9: that one is a notorious for screwing things up. :)
<silence9> SpamapS: ah shucks, tell me about it, i'm in quite the bind. know anything of it?
<SpamapS> lcb: What is a "web based operating system" ?
<SpamapS> silence9: I've not run a Samba PDC since the Win2000 days. No clue.
<lcb> SpamapS: almost the same as cloud computing - you serve applications trough it
<SpamapS> lcb: you mean a server OS?
<silence9> SpamapS: thanks anyway, mate.
<lcb> SpamapS: not really.. a server in a server, probably that way.
<SpamapS> silence9: were it me, i'd start restoring the configs and samba's database files (I think in /var/lib/samba) from backups. :-P
<SpamapS> lcb: I'm sorry but I don't think that makes sense to me.
<lcb> SpamapS: this probably would make sense to you. that's one among a lot of them. -> http://www.cloudo.com/
<SpamapS> lcb: ahh, there are tons of web applications you can serve with Ubuntu
<SpamapS> lcb: but "install" isn't really something you do with a web based os.. you just access it, and use it.
<lcb> SpamapS: alltogetter like a... suite, to install?
<SpamapS> lcb: why don't you tell me what you want to *do* not what software class you want.
<lcb> SpamapS: i need something that provides a word processor, some sort of image editing, image manipulation, calculator, calendar, appointments, contacts ...
<lcb> SpamapS: ... so users could use from one point, share, integrate some data into MySQL etc
<lcb> SpamapS: i were thinking in integrating whatever is available with joomala or drupal
<SpamapS> lcb: you can just use local apps and file sharing for most of that
<lcb> SpamapS: never did that :) (with those apps i said) can you give me a jump start?
<SpamapS> lcb: libreoffice works quite well
<lcb> SpamapS: i'm a fast learner. just give me a hint on how to start, for instance with a word editor.
<lcb> SpamapS: can we integrate it into a browser so users don't need it on their own machine? I believe so. How can i start with that?
<lcb> SpamapS: ubuntu 11.04, non graphical - unless needed
<SpamapS> lcb: what you're talking about is thin client, or "desktop in the cloud"
<lcb> SpamapS: the idea of the usage is exactly like the "cloudo". users from anywhere with anything could access it and manipulate data.
<SpamapS> lcb: http://cloud.ubuntu.com/2010/11/show-off-ubuntu-desktop-on-cloud/
<lcb> SpamapS: ok, i'll learn clouding. i thought i needed that. the only thing is, looking at those "web OSes" i thought we would have some "suite" into one single package to install on the server.
<lcb> thanks SpamapS :)
<lcb> SpamapS: starting... http://www.ubuntu.com/business/cloud/overview
<Alan> Not sure if this is a server or client problem... but for some reason, i've just started getting  "mount error(112): Host is down" trying to mount my samba share from a 10.04 ubuntu server to a 11.04 ubuntu desktop
<Alan> has anybody else encountered similar unexpected breakage?
<Alan> maybe after recent desktop updates or something?
<lcb> SpamapS: "lcb: http://*" thanks
<Alan> crap, i think i found my problem...
<Alan> I actually managed to break something with IPv6
#ubuntu-server 2011-06-16
<SpamapS> Alan: ^5
<Alan> SpamapS: :D
<Alan> Note to others: if you enable IPv6, and you have a "hosts allow" restriction in your smb.conf, your clients might try and use IPv6 and act as if they've been denied access...
<Alan> need to add the IPv6 prefix in !
<SpamapS> Yeah thats the most common IPv6 fail
<Alan> "that" being IPv4-based whitelists?
<plm_> Hi all
<warzauwynn> hello plm
<RoyK> axisys: hi
<twb> Due to the removal of CONFIG_NET_NS from the .32-32 kernel, I'm looking at enabling lucid-backports for its .37 (or whatever) kernel.
<twb> Does anyone have a pinning config handy that'll allow the kernels from backports, but nothing else?
<twb> I (obviously) don't want to upgrade EVERYTHING to the backports versions
<Corey> twb: Take a look at the sample config on backports.org
<Corey> It's the same in Ubuntu.
<twb> Really?
<twb> Because target release COMPLETELY fails on ubuntu
<twb> Er, Apt::Default-Release
<twb> I guess what I mean is that if you've seen it work reliably for you for years, that's great.  But if it's just "yeah that looks OK and it works at the moment", I can do that much verification myself.
<ScottK> https://help.ubuntu.com/community/UbuntuBackports has an Ubuntu recommendation for pinning.
<twb> ScottK: that doesn't appear to whitelist updates for the packages you ask for
<ScottK> OK.
<ScottK> Not sure for Lucid then.
<twb> I can probably guess Package: linux-* with a normal priority (600?)
<twb> ScottK: er, I mean that it has one stanza instead of two, not "I tested it and it failed"
<ScottK> For Natty and later it automatically works the way you're asking for.  Manually install a package from backports and you get it as well as updates from backports, otherwise you just get the regular package.
<ScottK> So for the next LTS this will be easy.
<twb> Huh, interesting.  Do you have such a system you can show me the "apt-cache policy" output for?
<twb> http://paste.debian.net/120015/ I think this is approximately what I want.
<ScottK> I can, but I doubt it'll help you as it's not just using pinning.  There were apt changes too.
<twb> Ah, OK
<twb> Do you know if they are changes made in debian, or if they're ubuntu-specific?
<ScottK> I know they were planned for Debian too.  I don't know if they've landed or not.
<ScottK> Additionally they make stuff like dependency resolution when a package from experimental needs to get pulled in work right.
<ScottK> Actually it does have pinning adjusted too.
<twb> Yeah, I asked because I vaguely recall that getting better in sid in the last couple years
<ScottK> http://paste.debian.net/120016/
<twb> Hum.
<twb> Lame, the .35 -virtual kernel wants wireless CRDA crap
<twb> So I'm buying a four-port gigE PCI-E NIC
<twb> Is e1000 support solid as at 2.6.32?
<twb> (http://www.nextag.com/Intel-PRO-1000PT-4PORT-540119288/prices-html)
<twb> kmuto.jp's HCL says
<twb> PCI ID  Works?           Vendor                                  Device                          Driver      Kernel
<twb> 808610bc Yes    Intel Corporation           82571EB Gigabit Ethernet Controller (Copper)       e1000e        v2.6.25-
<overrider_> I am in need of this JDK i used under Suse Linux, which one is the Ubuntu equivalent package i can install via apt-get? jre-1_5_0_22-linux-i586.rpm
<luite> do you need exactly that version?
<overrider_> pretty much. Later versions seem to cause a few display issues with a custom software in use by a client.
<luite> hmm, I don't know repositories with old jre packages. is that one provided by sun?
<overrider_> i am thinking it may be this one http://java.sun.com/products/archive/j2se/5.0_22/index.html
<twb> overrider_: JRE is not JDK
<luite> overrider_: you can try to use alien to convert the rpm to deb and use dpkg -i to install it
<luite> if that doesn't work, then try the run version
<twb> If you are running a third-party package you are fucked, no matter how you do it
<luite> which is just a shell script that installs it, without package management
<twb> This is also the case on SUSE and RHEL, but there the distro packages are so crap that you often don't notice
<twb> hardy has sun-java5 in multiverse, I would try that first
<uvirtbot> New bug: #798019 in squid (main) "package squid 2.7.STABLE7-1ubuntu12.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/798019
<uvirtbot> New bug: #798038 in openssh (main) "openssh-client hangs " [Undecided,New] https://launchpad.net/bugs/798038
<sabgenton> LTS is 	2.6.32
<twb> lucid is
<twb> hardy isn't EOLd yet
<sabgenton> if I upgrade to 10.04.2 do I get a higher kernel option?
<sabgenton> or is that the latest kernel avalible
<twb> sabgenton: released versions are stable
<twb> sabgenton: stable means they don't change
<sabgenton> ok so kernels don't chage either
<sabgenton> not apt-get ing
<sabgenton> able
<sabgenton> twb: so I need 11.04 for a new kernel ?
<twb> sabgenton: there is a "backports" repo that contains choice bits of instability
<twb> You could use that
<twb> Migrating to a newer release would also work
<sabgenton> ok spose the backports it easyer to try and revert
<_ruben> weird .. got a box that refuses to boo from hdd (no os found), but using alternate cd and them "boot from first hdd" works just fine :S
<twb> That's because grub is retarded
<twb> You should put syslinux on your HDD, the same as on your CD
<twb> http://paste.debian.net/120032/ <-- notes as at hardy.  It's pretty much all automated as at sid.
<jeeves_moss> how can I find out WTF is going on with my bind server?  I can't get it to resolve my domain names, and I'm soooo lost
<twb> Dunno, I run nsd3 instead
<twb> Much less baroque
<twb> After adding "AllowAgentForwarding no" to sshd_config and restarting sshd, "ssh -vA foo" does not indicate that agent forwarding is disabled.  How can I check?
<jmarsden> twb: Try doing something that would auto-authenticate if you had agent forwarding... if it works, it is still forwarding.  So... set up an agent on your workstation, ssh -vA foo, then on that machine ssh -v someotherplace.com which your agent would grant you access to, and see what happens?
<twb> It's OK, the problem was simply that if your .profile is smart enough to automatically start ssh-agent, that "hides" the one that was forwarded
<twb> Confirmed wth "ssh-add -l"
<jeeves_moss> twb, how can I find out why my BIND server isn't updating external DNS servers?  I can dig internally, and it resolved external domains from the local box, but it won't update upstream servers
<twb> jeeves_moss: are you using bind as a resolver, or for serving your own zone(s)?
<twb> It sounds like the latter
<jmarsden> jeeves_moss: Sounds like it is not authoritative for the domains you want it to "update" ?
<jeeves_moss> twb, yes.
<twb> jeeves_moss: ok, does the internet actually check your machine for your zone?
<jeeves_moss> everything was working well untill the my ISP switched us over to a block of addresses from a single IP.  and when I scan the "router's IP", the port scan shows port 53 is open and responding
<twb> jeeves_moss: that is, is your bind's IP listed in the SOA (or NS, I guess) of the current version of that zone (or the glue in the parent zone)?
<jeeves_moss> I host the root of the zone
<twb> Maybe you're still NATting accidentally?
<_ruben> grmbl .. both grub and extlinux now do the same: reboot right away before even showing anything :/
<uvirtbot> New bug: #798065 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.41-3ubuntu12.10 failed to install/upgrade: subprocess installed pre-removal script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/798065
<jeeves_moss> there are port forwards.  nothing internal changed on my network.  the only thing that changed was the ISP (going from a single static IP to a blockof 10)
<twb> _ruben: wot?
<twb> _ruben: that is not normal, paste your syslinux.cfg
<twb> If the disk is partitioned, did you install mbr.bin in the MBR, and did you flag the /boot partition (and ONLY it) as bootable?
<twb> (extlinux installs into the PBR)
<_ruben> yes to all, but will double check .. unless extlinux doesn't like root-on-lvm like lilo
<_ruben> hmm .. boot from first hdd (alt cd) now does show extlinux kciking in
<jeeves_moss> twb, any other ideas?
<twb> _ruben: extlinux doesn't know or care about the root filesystem
<_ruben> k
<twb> _ruben: it only cares about /boot (at least, as long as you have a ramdisk)
<_ruben> http://pastebin.com/FZf3wwQb
<_ruben> took some effort to make that paste :)
<twb> And you did "extlinux --install /boot" ?  Is /boot a separate filesystem?  If so, do the symlinks vmlinuz and initrd.img exist in *it*, or in the root filesystem?
<_ruben> yes, yes, in /boot
<twb> Not sure then
<twb> If you take quiet and PROMPT 0 out will help
<twb> Oh, and "default menu.c32" is wrong
<_ruben> it's what your paste says too
<_ruben> or should lucid do UI already too ?
<twb> Oh, actually I dunno about lucid
<twb> The change was in 4.0 IIRC
<twb> That happened way before lucid, but because of stupidness, ubuntu continued to run 3.7x for ages
<_ruben> this is syslinux 3.63
<twb> Yuk
<twb> Unfortunately I don't have a system like that.  I have a router running lucid with no separate /boot, but running 4.x
<twb> And I have my netboot with a separate /boot, but it's running 4.x too.
<twb> *my netbook
<twb> You can pretty much just grab syslinux from anywhere, the only real caveat is that menu.c32 and syslinux must be the same major version
<twb> Once it's installed you never have to run it again, either
<_ruben> seems to me the only problem is the mbr, as chainloading through cd does work
<twb> mbr should be static mbr.bin
<twb> Strictly speaking that isn't even syslinux
<_ruben> now instad of just "DISK BOOT FAILURE, INSERT..." i get a "missing oepration system" prior to it .. sigh
<_ruben> guess i'll have to write instructions for remote hands on how to boot this thing when a reboot is required :/
<_ruben> running out of time to fix this here onsit
<_ruben> e
<twb> You could just make a USB key that defaults to chainloading
<twb> So most of the time a reboot won't require remote hands
<twb> (I mean, I would've liked to fix your problem properly, but I think you're right to give up at this point.)
<_ruben> yeah, thought of that too, but dont have a spare usb stick with me :)
<twb> _ruben: could do a CD, tho that's a PITA
<_ruben> i'd have to take this alt cd iso, alter its config, bun it again .. dont ahve to the time for that now :/
<speakman> Hi folks! I'm trying to log MCE's but no matter what I do none of the failures are logged.
<RoyK> speakman: use syslog and set it to report errors to a remote host
<RoyK> speakman: that way, if an MCE happens, and the machine for some reason can't write to disk, you should find the info on the remote syslog machine
<speakman> I've set up netconsole to another machine, but it does not recieve the actual error
<speakman> the mcelog --daemon doesn't start at boot either
<speakman> should it run as trigger or daemon?
<twb> speakman: does your system generate MCEs?
<twb> speakman: I looked into it for mine, and AMD64 boxes don't generate MCE or something
<twb> I can't remember the details
<speakman> twb: it does. I've been able to catch some of them before through netconsole
<twb> OK
<twb> So netconsole is working enough for you to get other (non-MCE) output?
<speakman> yep
<speakman> and earlier on it did report MCE's as well
<twb> Not sure what else you can do, then
<speakman> I've upgraded  mcelog from upstream now
<speakman> but what "cpu type" to use for Xeon W3680?
<speakman> Valid CPUs: generic p6old core2 k8 p4 dunnington xeon74xx xeon7400 xeon5500 xeon5200 xeon5000 xeon5100 xeon3100 xeon3200 core_i7 core_i5 core_i3 nehalem westmere xeon71xx xeon7100 tulsa intel xeon75xx xeon7500 xeon7200 xeon7100 sandybridge sandybridge-ep
<RoyK> speakman: have you configured mcelog to do syslogging?
<twb> speakman: /proc/cpuinfo?
<twb> Is there a README.Debian?
<speakman> README.Debian don't say very much
<speakman> RoyK: Not sure - how do I check?
<RoyK> speakman: in /etc/mcelog/mcelog.conf, is syslog = yes?
<RoyK> IIRC the default is no
<twb> syslog's only going to go out via UDP anyway
<twb> And it requires more userspace (i.e. any) than netconsole
<twb> If the system is frying before netconsole, I don't see how he's gonna catch it any other way
<RoyK> true - it's handy, though
<speakman> I've set up /etc/mcelog/mcelog.conf now
<speakman> Havn't even seen it before - was it there all the time?
<speakman> [ 1045.753011] [Hardware Error]: No human readable MCE decoding support on this CPU type.
<speakman> [ 1045.753020] [Hardware Error]: Run the message through 'mcelog --ascii' to decode.
<speakman> [ 1045.753028] [Hardware Error]: Machine check events logged
<RoyK> speakman: and started mcelog?
<RoyK> hm...
<speakman> Jun 16 11:40:04 sylpheed mcelog: failed to prefill DIMM database from DMI data
<speakman> Jun 16 11:40:04 sylpheed mcelog: Kernel does not support page offline interface
<RoyK> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<speakman> sorry
<speakman> Jun 16 11:42:00 192.168.0.103 mcelog: Cannot open logfile /var/log/mcelog: Permission denied
<speakman> it's running as root...
<RoyK> speakman: whoops - can you touch that file manually?
<RoyK> anyway - that shouldn't matter if using syslog
<speakman> made it world writable
<speakman> I think I just catched something; w8
<twb> apparmor?
<speakman> http://pastebin.com/UUzc9EFX
<speakman> that's through netconsole ;)
<RoyK> ...or caught :P
<twb> speakman: time to buy a new box
<speakman> twb: the problem is, it's completely new :(
<RoyK> speakman: run memtest86+
<twb> Time to buy a new box with the refund money
<speakman> w3680, 24GB Kingston ECC 1333MHz
<twb> Nice, ECC
<speakman> RoyK: I've been doing it for a couple of hours, but no errors found
<twb> Don't see that much in my market segment :-(
 * twb home time
<speakman> RoyK: it went through one full cycle
<RoyK> speakman: I'd return the mobo with that error report
<RoyK> MCA: MEMORY CONTROLLER RD_CHANNELunspecified_ERR <--- != good
<speakman> RoyK: the mobo and memory is deveilvered from the same supplier
<RoyK> speakman: well, return it
<RoyK> get something that works (tm)
<speakman> RoyK: I could easily get that changed, but don't know if they will replace both of it?
<speakman> it's 6 modules of 4GB ram...
<RoyK> my guess is it's the mobo
<speakman> ok
<speakman> that's the most non-pro thing I've got
<speakman> Asus Revolution
<RoyK> if it was a single memory module, you should have gotten an ECC error
<speakman> P6T6 WS Revolution
<RoyK> not a memory controller error
<speakman> RoyK: pint!
<speakman> point even ;D
<RoyK> that is, isn't the memory controller in the cpu on xeons?
<jamespage> Daviey: around?
<speakman> No idea?
 * RoyK would rather take a pint
<RoyK> speakman: on Xeon and Opteron, it is, on i[357], it's on the mobo
<Daviey> jamespage: always.
<RoyK> speakman: meaning, on Intel, you'll need a Xeon to use ECC (i[357] doesn't support ECC)
<speakman> RoyK: that's correct. I'm on Xeon w3680
<speakman> http://ark.intel.com/Product.aspx?id=47917
<jamespage> Daviey: coolio - so I have a merge proposal that has stalled - its to support MIR requirements for the version of erlang in oneiric
<RoyK> possibly the CPU, then - if it's a good supplier, they may take both the mobo and cpu in return
<cemc> hi. is there an mxtoolbox-style script/tool that I can install on ubuntu and check if my ip address is in a RBL (periodically from cron for example) ?
<jamespage> fancy taking a look?
<speakman> RoyK: the CPU is from another supplier. The other one (where I got the rest of the computer) didn't stock it.
<RoyK> speakman: it can be either cpu or mobo, but my guess is the cpu, but then, don't sue me if I'm wrong :P
<RoyK> that is, just return both and complain there's an error
<RoyK> :)
<RoyK> give them the MCE log and they'll probably take it as an answer to whatever error - lol
<speakman> The problem is I need my computer.. :D
<RoyK> imho you don't really need a broken computer...
<Daviey> jamespage: url?
<speakman> RoyK: that's one good ho...
<RoyK> I had a freak MCE error - first we replaced the memory - still problems - then the CPUs - still issues - then the supplier replaced the whole box :)
<RoyK> problem solved ...
 * RoyK likes supermicro
<jamespage> Daviey: https://code.launchpad.net/~james-page/ubuntu/oneiric/fop/mir/+merge/63231
<jamespage> the original idea was to wait for fop 1.0 from debian; however it now has a serious bug raised against it (the one I raised originally - see the bug report)
<Daviey> jamespage: ta
<Daviey> jamespage: Is the new patch all your own work?
<jamespage> Daviey: yes - and its throwaway once we move to 1.0
<Daviey> jamespage: ok, thanks
<Daviey> jamespage: Are you MIR'ing it's deps aswell?
<Daviey> jamespage: libbatik-java,libxmlgraphics-commons-java, libxml-commons-external-java, libsaxon-java
<jamespage> Daviey: all of the required deps are in the MIR bug 778216
<uvirtbot> Launchpad bug 778216 in fop "[MIR] fop" [Low,In progress] https://launchpad.net/bugs/778216
<Daviey> so they are
<Daviey> :)
<jamespage> not sure about libsaxon-java - I think that is in main already
<jamespage> this merge prepares fop ready for MIR review
<Daviey> jamespage: libsaxon-java binary and source package is in universe
 * jamespage goes to look
<Daviey> https://launchpad.net/ubuntu/+source/libsaxon-java
<jamespage> Daviey: good spot - I'd missed that one (and thanks for introducing me to check-mir :-))
<jamespage> I'll add it to the bug
<LinSkyrate> no java support in firefox.. howto install that? ive installed openjdk but firefox xomplains still
<LinSkyrate> ohh thats a new word
<Daviey> jamespage: :)
<jamespage> Daviey: np - thanks for sponsoring that upload
<Daviey> jamespage: I'm getting bored sponsoring your stuff.  You need that upload foo.
<Daviey> :)
<jamespage> fingers crossed....
<jamespage> LinSkyrate: hey - you might want to ask that question in #ubuntu
<jamespage> bah - he's gone
<Daviey> jamespage: start putting in some eastereggs to see if your sponsors are trusting you, or sponsoring blind :)
<jamespage> that would just be evil....
<Daviey> heh
<speakman> RoyK: got some new catches in /var/log/mcelog finally! http://paste.ubuntu.com/627909/
<speakman> RoyK: it's always DIMM ID 1
<soren> Daviey: openvswitch doesn't work with linux 3.0?
<Daviey> soren: doesn't build.
<soren> due to build system things (like stuff depending on a set number of elements to the version string) or something else?
<Daviey> soren: build process does a check to see if kernel == 2.6
<soren> Ah.
<soren> Ok.
<soren> Good.
<Daviey> soren: I am so glad we are on 3.0
<Daviey> Have you felt the speed of the thing?
<Daviey> So many exciting improvements.
<soren> It's way faster because it's not wasting time keeping track of its microversion.
<Daviey> heh
<ogra_> Daviey, wait for the 3.0GTS then !
<soren> I don't mind the change, really. It's about time and the timing was very much in our favour (so early in the dev cycle).
<Daviey> soren: yah
<uvirtbot> New bug: #798186 in openssh (main) "ssh documentation not in line with default settings" [Undecided,New] https://launchpad.net/bugs/798186
<Daviey> ogra_: I have go-faster stripes.
<Daviey> RAID-0
<cloakable> RAID-0, for how much data you'll get back if one drive fails x3
<patdk-wk> heh?
<patdk-wk> if one drive fails, your unlikely to get any data back
<patdk-wk> unless you recover that failed drive
<ppetraki> cloakable, yeah, you're data is all gone, sorry
<cloakable> Heh
<cloakable> No, I use 5 :)
<cloakable> Talking about Daviey
<patdk-wk> I am using raid0 also
<patdk-wk> I could care less if I never recover any data
<cloakable> I keep stuff on there I'd rather not spend time re-ripping
<Daviey> cloakable: It was a pun...
<cloakable> Heh :P
<ntr0py> I am trying to get proftpd to authenticate users against a postgresql db and i am missing "mod_sql_passwd.c" for "SQLPasswordEngine" directive... Does somebody know where it did go?
<uvirtbot> New bug: #776945 in isc-dhcp (main) "Apparmor results in denying operation mknod for isc-dhcp-server " [Undecided,New] https://launchpad.net/bugs/776945
<slyboots_>  
<noecc> if a user is created via adduser --system --disabled-password --shell /bin/sh should this user be able to login via ssh?
<pythonirc101> Is anyone sharing machine storage space redundantly here on ubuntu servers? I've looking into lustre, hdfs, pvfs, mogilefs and few others, but would like to hear from someone who has actually deployed/used a shared storage system.
<ravachol> in the process of setting up vhosts for my websites on 10.04 want them to be found at /home/usr/public_html how do i link a user to this
<cloakable> point a vhost at that directory? o.o
<cloakable> You're being rather vague
<ravachol> so if i create a user i can then point say blah.com to that user?
<ravachol> via  creating the site documentroot in /etc/apache2/sites-available
<ravachol> sry yes bit vague always used cpanel setup before
<Pici> Hrm.  tasksel isn't installed by default anymore? Even on server installs?
<nxvl> Daviey, zul: just uploaded augeas .8.1-2 i think you can sync now
<zul> nxvl: cool
<RoAkSoAx> nxvl: are you a DD already or DM?
<Daviey> nxvl: What was the issue from yesterday?
<nxvl> RoAkSoAx: DM
<nxvl> Daviey: my VM i assume
<nxvl> Daviey: on the chroot it builded
<nxvl> Daviey: REALLY weird
<Daviey> Coolio
<RoAkSoAx> nxvl: cool
<RoAkSoAx> nxvl: and where ytou using sbuild?
<RoAkSoAx> i've seen that before
<RoAkSoAx> not building there but building in pbuilders
<nxvl> RoAkSoAx: on sbuild worked, on sid VM didn't
<SpamapS> jamespage: ping!
<jamespage> SpamapS: pong
<jamespage> SpamapS: wassup?
<SpamapS> jamespage: So, Zookeeper needs a maintainer..
<SpamapS> jamespage: You seem to have a good working relationship with the debian-java team..
<jamespage> SpamapS: it most certainly does; guess you have been watching the thread on debian-devel?
<SpamapS> jamespage: I'm wondering if they would be interested in adopting it.
<SpamapS> jamespage: not super closely, but I did get CC'd on a few of the emails because I've submitted txzookeeper for upload.
<jamespage> SpamapS: so its already maintained by Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
<SpamapS> jamespage: OH
<SpamapS> cool, yeah I'm behind the times. ;)
<jamespage> SpamapS: however Thomas has been the primary maintainer within that team of zookeeper
<SpamapS> Got it
<SpamapS> jamespage: so we can just step up as Uploaders then?
<jamespage> So I am a member myself; I could offer to pick it up
<jamespage> (by policy I am allowed to change it but would not out of courtesy)
<SpamapS> jamespage: Its a big part of Ensemble, and Hadoop, so I think it would make sense for us to do that.
<jamespage> but I lack experience; so I would look to lean on the ensemble team to help with testing etc...
<jamespage> sounds like its a key part (and it does fit with the overall big data strategy)
<jamespage> so reckon we should
<SpamapS> jamespage: Yeah we're going to be all over testing it. :)
<SpamapS> doh
<Daviey> SpamapS: Were you planning to do the mysql merge?
<Daviey> (5.1)
<adam_g> any squid-deb-proxy users know a proper fix or good workaround for constant hash sum mismatches?
<patdk-wk> replace squid-deb-proxy with apt-cacher-ng?
<Daviey> adam_g: during install, or normal usage?
<patdk-wk> if it's like me, any apt-update that uses a squid cache, goes bad
<SpamapS> Daviey: we haven't resolved whether we can transition to 5.5 yet
<SpamapS> Daviey: there's little point in merging 5.1 until that is decided
<patdk-wk> for me, I have to rm /var/lib/apt/lists/partial/*
<Daviey> adam_g: sudo apt-get update -o Acquire::http::No-Cache=True
<Daviey> SpamapS: ok
<kirkland> RoAkSoAx: ping
<RoAkSoAx> kirkland: pong
<RoAkSoAx> Daviey: ping
<Xago> Hi guys...I'm facing some strange behavior on my server. This is when I try to connect via RDP, this not connect all the time. When this happen, I must reboot the server and I can connect again...but this is not a good thing to working in production mode. What could be wrong?
<Xago> I have a desktop version running a Web service and no problem with this machine.
<warzauwynn> can't you just restart the service instead of rebooting?
<warzauwynn> i mean... not that you should need to restart the service, but rebooting is a little drastic.
<warzauwynn> did you check the logs? do you get an error message?
<Daviey> RoAkSoAx: o/
<RoAkSoAx> Daviey: howdy! I was wondering what kernel are we gonna be shipping in Oneiric?
<Daviey> RoAkSoAx: 3.0 baby!
<RoAkSoAx> Daviey: coolio
<Daviey> RoAkSoAx: Are you on oneiric yet?
<patdk-wk> not 3.2? :)
<RoAkSoAx> Daviey: yeah that's why I was asking cause I was surprised to see 3.0 :)
<RoAkSoAx> U thgough it was gonna be 2.6.39 or somehting
<RoAkSoAx> s/U/I
<Xago> nobody can give a tip at least? :(
<Pici> Xago: Most people using Ubuntu Server here have no graphical environments installed, we just connect via ssh.
<Daviey> RoAkSoAx: it was, but i assumed shiney numbers :)
<RoAkSoAx> Daviey: hehe
<zul> Daviey: ping
<Daviey> zul:
<zul> Daviey:  did you subscribe ubuntu-server to the  dahdi-dkms
<Daviey> zul: I did.. wondering if it was a mistake now. :)
 * RoAkSoAx off to lunch
<zul> Daviey: i think so
<kirkland> RoAkSoAx: today's your bday?
<RoAkSoAx> kirkland: yes
<kirkland> RoAkSoAx: happy birthday man!
<RoAkSoAx> kirkland: thanks man!
<Daviey> ooo, RoAkSoAx - you are naughty
<Daviey> Happy Birthday :)
<RudyValencia> My server/router can't keep a PPPoE connection up, why?
<SpamapS> lifeless: how did your lxc experience turn out?
<RoyK> norwegian state television is broadcasting "Hurtigruten, minute by minute, live, from Bergen to Kirkenes", some 2000km by boat - probably the longes live broadcasting ever... http://www.nrk.no/hurtigruten/
<lifeless> SpamapS: nothing yet
<lifeless> SpamapS: still on todo
<lifeless> SpamapS: my 128GB SSD is chokers, so I need to do some fancy footwork to bring it up
<lifeless> chockers
<RoyK> lifeless: most SSDs should work without issues
<SpamapS> lifeless: bummer
<SpamapS> RoyK: until they get to the write limit. :)
<lifeless> RoyK: uhm, I think you misunderstood me :>
<lifeless> RoyK: SSD's still have a size limit :)
<RoyK> heh
<RoyK> yeah
 * RoyK only uses SSDs for storage for a single backup machine, otherwise only for caching
<RoyK> erm, a database box, that is
<SpamapS> I'm still SSD-less .. just haven't had much occasion to play with them.
<RoyK> postgresql running on a pair of mirrored SSDs
<RoyK> but it seems like the bacula db isn't very well optimised - it takes 5-10 seconds to even update a view of the backup history
<SpamapS> The table design in bacula could probably use partitioning quite effectively.
<RudyValencia> My server/router can't keep a PPPoE connection up, when it goes down I get a dmesg that says Jun 16 13:59:07 gxysrv01 kernel: [218309.773881] 0000:04:01.0: tulip_stop_rxtx() failed (CSR5 0xfc664010 CSR6 0xff972117)
<RudyValencia> Does this mean I need to get a different Ethernet card for whichever line is failing?
<warzauwynn> RudyValencia: looks like it might be a kernel bug.
<warzauwynn> there's an ubuntu bug about it, and a post from somebody with a similar problem who says it's specific to a certain kernel.
<RudyValencia> I'm using two tulip cards.
<RudyValencia> Both Linksys-brand.
<warzauwynn> problem is happening on both?
<RudyValencia> No, just whichever is 04:01:0
<RudyValencia> I can't tell which because they both have the same PCI ID
<warzauwynn> huh.  same software versions?
<warzauwynn> same system?
<RudyValencia> They're both in my server.
<warzauwynn> haha, so obviously the same software version
<lifeless> SpamapS: if you want a play on my laptop at some point just say so
<lifeless> SpamapS: i7 + SSD + 8GB ram == fun
<RudyValencia> I'll just take them out, turn on onboard NIC and add a NIC that uses the rtl8139 driver
<RudyValencia> bbiab reconfiguring net
<lcb> SpamapS: hi. just out of curiosity, this is exactly what i was looking for yesterday -> eyeOS ;)
<SpamapS> lcb: cool!~
<lcb> SpamapS: looks nice. i'm installing it now
<lcb> SpamapS: clouding only for the purpose i need might be to heavy, comparing with this.
<lcb> to/too
<SpamapS> lcb: you should package it for Ubuntu. :)
<lcb> SpamapS: for the steps i see in the installation manual, it pretty simple
<lcb> installation info, i mean
<paranoidi> hi, seems like latest kernels try to put out 1024x768 resolution which my small lcd cannot handle, how can I stop that? Tried to put "defoptions=vga=normal" in grub menu.lst ...
<RoyK> imho using framebuffer for servers is outright stupid
<paranoidi> RoyK: I may be way off, but I presume that is what is putting it into non-text mode
<paranoidi> hmm, maybe nofb value then ..
<paranoidi> and I agree, text mode is what it should be ...
<RoyK> paranoidi: sec
<RoyK> paranoidi: vga16fb.modeset=0
<RoyK> try that
#ubuntu-server 2011-06-17
<paranoidi> as a kernel parameter?
<WinstonSmith> menu.lst?
<RoyK> paranoidi: just add it to the bootup
<RoyK> F6 if on the installer
<paranoidi> it's already running system
<WinstonSmith> i thought that was the old grub?
<paranoidi> and yes, still running old grub
<WinstonSmith> ah ok :)
<WinstonSmith> \o/
<paranoidi> the new one looks much more confusing :)
<RoyK> paranoidi: just add it to the kernel line
<paranoidi> RoyK: I'll try next time I boot, time for sleep soon
<WinstonSmith> i never understood how you can go from easy understandable to such a crap as the new grub....
<paranoidi> yeah, I lost all desire to switch after reading about it for 10 minutes
<WinstonSmith> one of the great points of linux for me was always the readable config files
<paranoidi> anyway, this graphics mode is least of my worries, much worse is the fact that my crappy RocketRaid 2340 is not working anymore since some moron (me) accidentally uninstalled the kernel it was working with ..
<paranoidi> I had about 10 different kernel versions so I thought to clean up a bit ..
<WinstonSmith> well new grub has it too but totally complicated plus you have to run update-grub every time you change something... :(
<WinstonSmith> \o/ for uninstalling stuff and wishing later one had just shot himself in the foot
<paranoidi> I was under assumption that it would've been supported with latest kernel instead of that propietary crap but apparently not .. so I'm SOL
<paranoidi> and I'm 99% sure it will not go into latest kernel
<WinstonSmith> yes that happened to me with my old old motherboard. had a raid controller with a horrible binary blob driver. then came kernel 2.6 and they dropped support
 * WinstonSmith was really pleased
<paranoidi> I kind of feel bad for driver developers though since kernel api is changing so rapidly compared to windows ..
<paranoidi> what's even worse this card has possibly a bug that non-raid drives (called "legacy") are corrupted in certain places of the disk
<WinstonSmith> heh
<paranoidi> and it's in the bios .. and latest is from 2007
<lifeless> SpamapS: hey another lxc q
<lifeless> SpamapS: can a 32 bit lucid be contained on a 64 bit natty ?
<SpamapS> lifeless: it should work, since it is little more than a wrapper around the syscalls, and the 32-bit binaries work fine on 64-bit systems.
<SpamapS> lifeless: I could see there being holes where somebody gets "cute" and thinks their on a 64-bit system and does the wrong thing in userland.. but that seems like a corner case that could be worked around.
<SpamapS> lifeless: basically what works in chroots, works in lxc
<SpamapS> lifeless: building one will take modifications to the templates it seems
<SpamapS>     arch=$(arch)
<lifeless> is this worth a bug, or will you JFDI fix it ?
<disorbtion1> I'm running 11.04 Server LTS. Has anyone seen the error <restart: Unknown instance:> when trying to restart nmbd? I had it working fine on my last install before I broke it and had to re-install (linux noobie here)
<SpamapS> lifeless: its non trivial so a bug would be good, I'm not sure what options there are for passing arguments into the templates.
<lifeless> lxc-create ?
<SpamapS> disorbtion1: you mean 10.04 LTS, or 11.04 .. 11.04 is not an LTS
<lifeless> bah
<lifeless> https://bugs.launchpad.net/ubuntu/+source/lxc ?
<SpamapS> lifeless: yes
<SpamapS> lifeless: /usr/lib/lxc/templates is where they live
<disorbtion1> yes sorry 10.04 LTS I was running 11.04 the first time (nonLTS) and everything was fine, blew it up and re-installed used LTS since I figured it would probably be more stable...
<SpamapS> They seem a bit whacky to me... all the ubuntu ones should be nearly identical for 90% of the code.. probably just copy and pasted
<SpamapS> disorbtion1: you can't restart something that isn't running
<SpamapS> disorbtion1: service stop nmbd ; service start nmbd
<lifeless> SpamapS: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/798476
<uvirtbot> Launchpad bug 798476 in lxc "it would be really useful to be able to make i386 lxc containers on a amd64 machine" [Undecided,New]
<SpamapS> lifeless: indeed, I'll take a look at it tomorrow.. just about EOD here
<lifeless> cool
<lifeless> that arch=i386 is the only thing needed in the template?
<SpamapS> (tomorrow meaning later on when the family is asleep and I "can't sleep") ;)
<SpamapS> lifeless: yep
<SpamapS> lifeless: so you could probably just make an lxc-lucid-i386
<SpamapS> which is probably what most people do
<SpamapS> anyway, have to run.. good luck
<disorbtion1> it looks like it won't stay running. I start it and then go to restart and get the same error message...
<disorbtion1> also stop returns stop: unknown instance:
<lifeless> SpamapS: zomg
<lifeless> SpamapS: first line of man lxc-create makes me want to buy someone a grammar book
<lifeless> disorbtion1: I'd look in the logs, figure out why its failing
<lifeless> disorbtion1: does it get going at all?
<disorbtion1> remember total linux noob, had to look up how to view logs. which log should I be focusing on?
<disorbtion1> It was so simple once I looked in the logs, thanks for the help!
<smoser> wonder if anyone has a solution.
<smoser> i have a system that has an ssh port open to the public internet
<smoser> and another system on the private network that it is connected to
<smoser> i'd like to give someone access to the second system (not externally addressable), but ideally only after having acled through the first.
<smoser> i know i can do this by letting them set up their ~/.config to use ProxyCommand and nc
<smoser> however, that means
<smoser> a.) they could "stop" at the middle system
<smoser> b.) they have to deal with .ssh/config
<smoser> i'm sure i could coble together some solution where a user on the public facing system had a shell of 'nc' or something, but it seems hacky and i don't want to do any work.
<smoser> so i'm wondering if this is a problem that is already solved (and likely better than i woudl solve it)
<erichammond> smoser: Perhaps prepend command="ssh ..." to authorized_keys file on the first system?  It could be on an account dedicated to them, or really any user so long as it was on the line that contained their public ssh key.
<smoser> ah. yeah, maybe.
<smoser> well done, mr hammond.
<erichammond> testing...
<virusuy> smoser: so, sorry for the question, but, why you should do that?
<virusuy> isn't easier to just let the uer log in into the second one?
<virusuy> instead of connect to first one and then connect to second one?
<smoser> the first one is not connected to "public internet"
<smoser> only private.
<smoser> wait.
<smoser> sorry
<smoser> the system i want the user to get to exists only on private network.
<smoser> the system i want them to hop through has only a single port open to internet
<erichammond> smoser: Yep, command= approach works, but you may need to fiddle with ssh options to get things to work cleanly.
<erichammond> For example, I needed to use command="ssh -p NNNN USERNAME@HOSTNAME"
<smoser> ssh is freaking awesome
<erichammond> And, in the initial connect, I used "ssh -t -A" to force pseudo-tty allocation and to pass on my user agent.
<smoser> hm.. i wouldnt have thoght you would have to use -t
<twb> Agent forwarding blows.
<twb> -oProxyCommand is where it's at
<smoser> well, i think you use the combined trick
<smoser> the command would be 'nc -q0 HOSTNAME', but then you probably have ot have the same username on both systems.
<smoser> hm... maybe not though. have to play with it a bit.
<brianthelion> Hola! Anybody want to field some krb5/nfs4 questions?
<brianthelion> I'm dealing with an office full of wedged clients
<erichammond> smoser: If your authorized_keys command= uses "nc" that would be like telnet'ing to the remote ssh server.  Your local ssh client would not be authenticating itself again once it's done with the first hop.
<smoser> yeah. i realized that.
<erichammond> smoser: The first ssh could set up an ssh tunnel from the user's local computer through the gateway to the ssh port on the inner computer.  Then they could initiate a second ssh to localhost that goes through the tunnel to the inner computer.  This avoids problems with agent forwarding (which can be a security risk).
<twb> erichammond: you'll want to disable other port forwarding techniques and such
<erichammond> twb: You could assume that authenticating yourself on the gateway gives you authorization to connect to any port on the internal network.  It's up to smoser's particular situation if this policy makes sense.
<twb> erichammond: in that case you don't need a command=
<smoser> yeah, for me, they're in, they're in.
<twb> I assumed you were using command= to forcibly restrict the connecting user to ONLY hop from the bastion to somewhere specific
<erichammond> twb: You still need to authenticate yourself with the gateway and prevent command line access on that machine.
<smoser> i want the command = because i dont want to have to set up .ssh/config
<twb> erichammond: ah, OK
<smoser> and also, i dont really want them to be able to "stop" on the intermediate
<erichammond> (according to the original requirements)
<smoser> i want only access to the second internal system.
<twb> erichammond: so broadly you want -fNL -NW
<smoser> so the command= was nice.
<twb> *or -NW
<twb> And to enforce that usage in authorized_keys
<erichammond> twb: Can the gateway authorized_keys enforce -N on the original client?
<twb> Not sure, possibly command=/bin/sh
<twb> Er, /bin/false
<twb> Normally what I would do is either set up the bastion with normal users, or DNAT traffic to (say) 2022 from the bastion to the users' shell bastion
<twb> Or give them a VPN, with an endpoint terminating on the bastion
<erichammond> yikes, Just read "man authorized-keys" and it seems to imply that port-forwarding is allowed by default even when command= is used.  Time to add "no-port-forwarding" to some servers.
<brianthelion> I've got a sweet krb5/ldap/autofs/nfs4 stack.... except that it's broken. Anybody?
<erichammond> ahhh, our svn setup already includes: "no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty"
<erichammond> smoser: Might be a good idea to add those qualifiers to /root/.ssh/authorized_keys command= line in Ubuntu AMIs.
<smoser> well... you're still getting in as root with the authorized keys
<smoser> with legit authorized keys
<smoser> being able to forward traffic isn't htat big of a deal
<erichammond> smoser: You have no idea what they do with the ubuntu user's ssh configuration after they start the instance.  Might as well make the original ssh key have as little permission as possible over in that root@ account they forgot about and maybe never even knew allowed people in.
<erichammond> smoser: Submitting a bug. Would that be "cloud-init" or some other package?
<smoser> cloud-init
<erichammond> bug 798505
<uvirtbot> Launchpad bug 798505 in cloud-init "Tighten permissions on root@ ssh with EC2/UEC images" [Undecided,New] https://launchpad.net/bugs/798505
<smoser> ok, erichammond here is what i settled on.
<smoser> pubhost has publicly open port X
<smoser> user 'toprivhost' exists on pubhost
<smoser> toprivhost .ssh/authorized_keys has the external user's public key in it with line like:
<smoser> command="ssh ubuntu@privhost ssh-rsa AAAAB3NzaC1yc2EAAAAB.... thatuser@theirhost
<smoser> command="ssh ubuntu@privhost" ssh-rsa AAAAB3NzaC1yc2EAAAAB.... thatuser@theirhost
<smoser> i also generated a ssh private/public key as toprivhost@pubhost and put it in .ssh/id_rsa and .ssh/id_rsa.pub
<erichammond> to avoid agent forwarding?
<smoser> toprivhost@pubhost's public key is copied to ubuntu@privhost:~/.ssh/authorized_keys
<uvirtbot> New bug: #798505 in cloud-init (main) "Tighten permissions on root@ ssh with EC2/UEC images" [Undecided,New] https://launchpad.net/bugs/798505
<smoser> and that .ssh/authorized_keys has a 'host=pubhost' option on the key
<smoser> yeah, now we dont need ssh agent forwarding, and its all passwordless.
<erichammond> So you trust root users on pubhost with ssh access to that user on privhost, including somebody who gains root illegitimately.
<smoser> i suppose, yeah.
<smoser> but yo uwoudl do that too with ssh agent forwarding
<erichammond> smoser: good point.
<erichammond> and, ssh agent forwarding gives the root user access to any other hosts that like my agent.
<erichammond> Would be cool if the agent forwarding could be dropped after the second connection was made.
<amit> Hello all. Seeking assistance in finding procedure for updating /etc/motd w/o reboot:
<amit> distro: ubuntu server 10.04
<amit> /etc/motd gets modified to the value of /etc/lsb-release:DISTRIB_DESCRIPTION. But this only takes effect after rebooting (more specifically, I think it's already modified before the reboot, when switching to RUNLEVEL 1).
<amit> Can /etc/motd be auto-modified w/o a reboot?
<devilinthedetail> can anybody help with setting up a router in exim4?
<uvirtbot> New bug: #798555 in cloud-init (main) "package grub-legacy-ec2 0.5.10-0ubuntu1.5 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/798555
<uvirtbot> New bug: #798587 in augeas (main) "Sync augeas 0.8.1-2 (main) from Debian unstable (main)" [Wishlist,Confirmed] https://launchpad.net/bugs/798587
<kobrien> I'm installing 10.04 on a P4 with 2x2Tb SATA drives in RAID 1 config. The install goes fine until it tries to install grub where it fatally fails. Any idea why this'd happen?
<twb> kobrien: are the using 4kb blocks or 512b blocks?
<kobrien> block size is not specified for RAID 1
<kobrien> ( mirror config )
<twb> When grub fails, switch to vt4 and see what the error is
<twb> kobrien: not block size of the raid, block size of the disks' controllers
<twb> kobrien: 2TiB is the largest size that traditional BIOS/MBR systems can address, so some 2TB disks have adopted the new 4kB block, GPT scheme.
<twb> kobrien: Grub2 SHOULD handle those just fine, but maybe it's confusing the installer
<kobrien> twb: good tip to jump to vt. Not sure of the controllers block size. I'm not using GPT. I probably should.
<twb> kobrien: ah, I bet you chose manual partitioning, right?
<kobrien> yes
<twb> With GPT you need these stupid extra, special parittions to make it work
<twb> Without those grub will shit itself, which is probably what happened
<kobrien> I see. will a livecd of gparted do it?
<twb> What you should do is choose "automated partitioning (entire disk)", and see if it wants to create little grub partitions at the start
<twb> If it does, then blow away the root and boot partitions (but not the grub one), and reallocate the free space as you want
<twb> That's what I've done in the past and it worked
<kobrien> aha! It did want to make a grubbios one when I was exploring that menu
<kobrien> and I should mirror that partition too
<kobrien> ?
<twb> I have no idea
<twb> I left those the hell alone
<twb> GPT is retarded and OpenFirmware should've won, but worse is better :-(
<kobrien> heh, ok, well that's plenty info for another attempt at this. thanks
<twb> Oh, actually..
<kobrien> yes?
<twb> It may be that you don't have 4kB blocks, but d-i is helpfully defaulting to that because it's 2TB
<twb> I got them to fix it so it would only do that for >=2TiB (1024s) instead of >=2TB (1000s), but that was post-lucid
<twb> So if you struggle enough you might be able to manage BIOS+MBR style
<kobrien> cool
<kobrien> ok, I'll give this a go
<twb> If you google for the model and make, it'll tell you if you have 4k or 512 blocks
<kobrien> will do
<paranoidi> I'm trying to put in binary blob drivers and it would seem to be easiest if I had current kernel headers setup under /lib/modules/`uname -r`/build .. which is supposed to be often the case, why is it not on my stock ubuntu server kernel (10.04 - latest kernel)
<paranoidi> do I need to install headers package for them to be in there? and which is it called?
<twb> paranoidi: you probably want linux-...-headers and/or -source
<paranoidi> yeah, just found out I don't have it .. it seems that there are few different kernel variations from each version though ..
<paranoidi> generic, preempt, server
<paranoidi> maybe the generic I have in now is good enough ..
<twb> paranoidi: you want the one that's for the kernel you're running
<paranoidi> twb: yeah, I got that .. unsuprisingly the propietary crap does not want to go in as easily .. ;P
<twb> I recommed not using it
<paranoidi> seems to be only choice ..
<twb> Loongsons are pretty open
<paranoidi> you lost me
<twb> Loongson is a type of CPU
<twb> https://secure.wikimedia.org/wikipedia/en/wiki/Loongson
<paranoidi> not a motherboard, 16-port sata controller ..
<twb> Yes, well
<Daviey> zul: Are you looking at doing an ipxe MIR?
<uvirtbot> New bug: #798663 in samba (main) "package samba-common 2:3.5.8~dfsg-1ubuntu2.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 10" [Undecided,New] https://launchpad.net/bugs/798663
<sommer> morning all
<RoyK> good localtime();
<zul> Daviey: no
<Daviey> zul: it's a build dep of xen
<zul> oh....fu...fudge
<Daviey> heh
<speakman> receiving netconsole with netcat doesn't make any line breaks. Is it possible to fix?
<speakman> sorry, I was listening on syslog data :p
<pythonirc101> when i install guest additions on a new ubuntu guest, vbox complains that it cant find kernel headers. But I do have correct kernel headers installed. Anyone has seen this problem with the latest ubuntu-server machines?
<patdk-wk> nope
<pythonirc101> is anyone using a ubuntu server as a guest virtualbox machine here?
<pythonirc101> http://paste.pocoo.org/show/410202
<pythonirc101> This is what I'm getting when I install guest additions...please see the complaint on "The headers for the current running kernel were not found..."
<RoyK> pythonirc101: there's an ubuntu package for vbox addons
<RoyK> should work
<RoyK> that is, works for me
<pythonirc101> RoyK: http://paste.pocoo.org/show/410204/
<pythonirc101> so you install ubuntu vbox guest additions and not the one that comes with vbox? I'm using virtualbox 4.0.8 under the host, and ubuntu-server is installed as  a guest
<RoyK> apt-get install virtualbox-ose-guest-x11
<RoyK> apt-get install virtualbox-ose-guest-utils
<RoyK> x11 if using X
<RoyK> but for a server, you probably don't
<pythonirc101> RoyK: I did install ubuntu-desktop on my server (which is a guest)
<RoyK> apt-get install virtualbox-ose-guest-x11, then
<pythonirc101> is there a way to uninstall guest additions?
<RoyK> apt-get remove?
<pythonirc101> I installed the guest additions that came with virtualbox 4.0.8
<RoyK> if that installer has an uninstaller, yes
<pythonirc101> See here: http://paste.pocoo.org/show/410204/
<RoyK> but Ubuntu obviously can't remove something it hasn't installed
<pythonirc101> indeed
<pythonirc101> k - found the uninstaller
<pythonirc101> the x isnt still working quite right...the login screen is not centered for instance
<pythonirc101> + In seamless mode, its display becomes a small screen on the first monitor
<pythonirc101> Terminal fonts wont increase in size when i do ctrl+Shift++
<pythonirc101> will reboot
<pythonirc101> and see
<pythonirc101> RoyK: Any other ideas?
<Daviey> Ursinha: o/
<RoyK> pythonirc101: X and desktop questions aren't topic in here
<Ursinha> Daviey: :)
<pythonirc101> what is the network gui on ubuntu-server? I want to switch off ip version 6
<alamar> pythonirc101: why would you want to switch it off? and there is generally no gui on aserver
<alamar> because there is no need for it
<alamar> if you can't manage a server in a way you are supposed to, maybe you should arrange for a real admin to do so
<RoyK> pythonirc101: normally there isn't a gui on a server
<RoyK> !guide
<ubottu> The Ubuntu server guide may be found at http://help.ubuntu.com/10.04/serverguide/C/
<pythonirc101> how do i switch off ipv6 on ubuntu server?
<RoyK> pythonirc101: as a first, why?
<pythonirc101> RoyK: Because my system - administrator wants me to?
<pythonirc101> RoyK: I'm connected to someone else's local network
<pythonirc101> My other system is complaning that "System not running to use fully qualified hostnames" "Hostname xx.xxx.com is illegal" -- I think my /etc/hosts is fixed, and have no clue why the other system still complains
<RoyK> pythonirc101: http://kurl.no/v280
<brianthelion> Anybody want to help me debug my krb5/ldap/autofs/nfs4 stack?
<brianthelion> I've got some wedged clients
<zertyuio> hello there
<zertyuio> what is the default mail server on ubuntu ?
<pmatulis> zertyuio: postfix is well regarded
<zertyuio> postfix seems too complicate to manage
<brianthelion> anybody know where one goes for support on this krb5/nfs4 combo?
<zertyuio> just for smtp
<pmatulis> !ask | brianthelion
<ubottu> brianthelion: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<pmatulis> zertyuio: well, you asked
<shauno> I've never seen 'just smtp' in the real world.  I think a simple smtpd doesn't exist, because smtp is never simple
<zertyuio> let me explain you mail problem
<brianthelion> Cool, thanks. My nfs4 clients are wedging when a logged-in user's Kerberos ticket expires. I assume this is not intended behavior.
<brianthelion> Everything is on Natty
<brianthelion> syslog: "Jun 17 07:44:48 carina kernel: [78074.876438] Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2."
<zertyuio> i m hosting a cms website on my  personel server, where the form for contact detail working perfectly without since i unistalled postifx , submit form not working
<zertyuio> what i have to do ?
<brianthelion> I've got a bug report up: https://bugs.launchpad.net/ubuntu/+bug/794112
<uvirtbot> Launchpad bug 794112 in ubuntu "Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client" [Undecided,New]
<brianthelion> yeah, that's me
<brianthelion> Flat response so far, though
<pmatulis> brianthelion: maybe try the same on the LTS release for comparison?
<brianthelion> good idea, but probably not an option in this case
<paranoidi> well this is annoying, I cannot stop ubuntu server with latest kernels to stay in the damn text mode, tried vga=normal, vga=711 (or so), nofb and vga16fb.modeset=0
<RoyK> paranoidi: for most installs, personally, I think the framebuffer is unnecessary and may lead to more problems than it fixes
<paranoidi> RoyK: I agree, but I cannot seem to get rid of it ..
<RoyK> paranoidi: try vga=normal nomodeset
<RoyK> from https://wiki.ubuntu.com/FrameBuffer
<paranoidi> I'll try it, maybe, seems that I need to rescue old kernel from old drive anyway since I cannot get my sata card to work with current ones
<RoyK> paranoidi: very often, new cards have the same chipset, but new PCI IDs
<RoyK> on which version are you?
<paranoidi> RoyK: trying to get same crappy card work (RocketRaid 2340)
<paranoidi> I don't think linux has any built in support for it
<paranoidi> it might go in if I was skilled enough to tweak the opensource adaptation layer between kernel and binary driver of the card
<RoyK> paranoidi: use lspci and then lspci -vn to find its PCI ID
<paranoidi> which part is PCI ID?
<RoyK> erm
<paranoidi> 06:04.0 0100: 1103:2340 (rev 09) Subsystem: 11ab:11ab
<paranoidi> would be my guess
<RoyK> seems the producer apparently released a driver in source, so it is, or was, possible to compile that manually
<RoyK> but since it never made it into kernel, the chances are prominent that the code sucked, and that it won't be compatible with current kernel versions
<uvirtbot> New bug: #798788 in nagios3 (main) "package nagios3-common 3.2.3-1ubuntu1.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/798788
<paranoidi> RoyK: I don't thinkt here is full sources of the driver, it's just binary blob with opensource wrapper
<paranoidi> anyway, i tried to compile it for latest kernels and it seemed to work fine .. but when loading it just stalls
<RoyK> that sucks even more :P
<RoyK> get a new controller, then
<paranoidi> new one costs at least $500 ..
<RoyK> paranoidi: you get pretty cool controllers for even $100 on ebay
<paranoidi> 16 ports ...
<RoyK> do you need 16 physical ports? why not a sas expander?
<paranoidi> that might work, but those cost pretty much too .. and severely cut bandwidth?
<RoyK> with 6Gbps SAS, there'll be quite sufficient of bandwidth, especially for slow spinning drives
<paranoidi> it probably works only in 3Gbps mode with sata 2 drives
<RoyK> or two of htese http://cgi.ebay.com/LSI-SAS3081E-R-8-Port-3Gb-s-SAS-RAID-Controller-/270765091146?pt=COMP_EN_Networking_Components&hash=item3f0adb694a
<RoyK> s/htese/these/
<paranoidi> that's actually pretty cheap
<RoyK> yep
<RoyK> and it's a good card
<RoyK> I have a few of those in OpenIndiana machines
<paranoidi> although I would have to find new display card since it would use 2 slots compared to one
 * RoyK prefers ZFS for storage
<RoyK> paranoidi: I thought this was a server...?
<paranoidi> yes, but at home :)
<RoyK> still, a badass graphics card in a - server?
<paranoidi> no, but I need some output since motherboard has none
<paranoidi> dunno if I have any PCI cards laying around, anyway, not a huge problem
<paranoidi> I was actually looking 16 port version from LSI earlier
<paranoidi> LSI Logic SAS 9201-16i .. any word on that?
<RoyK> very good
<RoyK> 6Gbps SAS
<RoyK> I have a few of those as well
<paranoidi> I could get that in some decent price from here (well, ~470$ still)
<paranoidi> RoyK: it's supported with kernel without any problems whatsoever?
<RoyK> if on a budget, and if bandwidth isn't too important, this one is very stable http://cgi.ebay.com/Supermicro-8-Channel-Pcix-Sata-Adapter-Aoc-Sat2-Mv8-/270765097465?pt=LH_DefaultDomain_0&hash=item3f0adb81f9
<RoyK> paranoidi: I haven't tried it on linux
<paranoidi> I couldn't find verification if that card is supported on linux out of the box or not
<RoyK> paranoidi: You'll have to check - I haven't tried
<RoyK> paranoidi: using software RAID on linux for the storage?
<RoyK> if you haven't installed it yet, then I'd recommend looking at openindiana / ZFS
<paranoidi> software raid
<paranoidi> last time I checked ZFS couldn't be grown like software raid
<RoyK> it's not as flexible as linux software raid is, no
<RoyK> you can add VDEVs to ZFS
<RoyK> or you can replace drives with bigger ones
<RoyK> and when all drives in a VDEV are replaced, it'll grow (given you've set autoexpand=yes)
<RoyK> but you can't add drives to a RAIDz VDEV
<paranoidi> right, and I start my packs with few drives and then expand as needed
<RoyK> ic
 * RoyK just setup a server like that for his brother - two drives in RAID-5
<RoyK> paranoidi: but then, do you really need 16 ports already?
<paranoidi> no, but there's room for growth :D
<RoyK> just get an 8-port controller now, and get something bigger when you need it :P
<paranoidi> but I have already more than 8 .. and I don't like to fiddle with the hardware too much
<RoyK> kk
<RoyK> >8 with data?
<RoyK> how big are these, btw?
<paranoidi> 8x1TB and 3x2TB
<RoyK> k
<paranoidi> if everything else fails I can ressurrect at least the 8 disk pack with some motherboard ports and old PCI sata card
<patdk-wk> heh
<paranoidi> let's hope the old 2.6.31-14 copied from old drive works properly ..
<patdk-wk> I just went with 16 ports :)
<patdk-wk> and a 4 port controller
<patdk-wk> I'm hoping I like channel bonded sas
<paranoidi> patdk-wk: what kind of write/read speeds are you getting?
<paranoidi> if you're using them in raid
<patdk-wk> I haven't received it yet
<RoyK> patdk-wk: which controller?
<patdk-wk> an lsi 8port
<RoyK> 9201 or 6801?
<patdk-wk> sas2 one
<RoyK> 9201, then
<pythonirc101> I'm trying to setup a static ip box - ubuntu-server - for some reason, when i restart the box, i still get the dhcp ip, any ideas on how to fix this?
<RoyK> heh - http://linuxhcl.com/browse/search?offset=0&category=12 <-- doesn't even list LSI
<pythonirc101> I edited the / /etc/network/interfaces /etc/hosts and /etc/resolv.conf
<pythonirc101> changed the hostname
<pythonirc101> any other things i need to do?
<pythonirc101> if config still says my old dhcp ip
<patdk-wk> looks like 6261
<patdk-wk> 9261 I mean
<patdk-wk> paranoidi, it will only give me about 1100MB/sec
<patdk-wk> but insane iops
<paranoidi> I highly doubt that is the performance when writing to a file
<patdk-wk> why not?
<RoyK> patdk-wk: because the drives will be slow
<paranoidi> Ã get about 100MB/s at tops with software raid-6
<patdk-wk> they better be able to handle that
<paranoidi> 70MB/s over samba
<patdk-wk> using what drives?
<RoyK> seems the LSI drivers are available as a download
<RoyK> binaries and source
<paranoidi> hahaa, so same crap as with my rocketraid
<paranoidi> well, except they might actually release updates
<paranoidi> and with some luck the kernel would support it
<patdk-wk> only ever needed to download the binaries for userspace management of the raid
<RoyK> paranoidi: not really, it's opensource drivers AFAICS
<RoyK> GPLed
<paranoidi> anyway, time to boot and see what happens with the old kernel I glued back into ...
<patdk-wk> 16 10krpm 2.5" sas2 drives
<patdk-wk> the thing should scream
<patdk-wk> not as much as the 50 drive array of the same drives I have, but enough
<RoyK> patdk-wk: database system?
<patdk-wk> mainly database
<RoyK> striped mirrors, then?
<patdk-wk> ya raid10
<patdk-wk> I just can't find myself ever doing raid6
<RoyK> patdk-wk: depends what you need...
<RoyK> but raid6 for databases isn't quite optimal
<uvirtbot> New bug: #798824 in unixodbc (main) "package odbcinst 2.2.14p2-2ubuntu1 failed to install/upgrade: Package is in a very bad inconsistent state - you should  reinstall it before attempting a removal." [Undecided,New] https://launchpad.net/bugs/798824
<patdk-wk> hmm, drives substain 170MB/sec, so about 1400MB/s max, if the sas bus could handle that much
<brianthelion> Anybody know who on the Security Team is handling krb5/nfs4 integration?
<SpamapS> jamespage: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=630822
<uvirtbot> Debian bug 630822 in ftp.debian.org "RM: zookeeper -- NPOASR; orphaning all hadoop related packages" [Normal,Open]
<bens> Need to setup blocking of social media and junk for my office. gateway is ubuntu server/iptables.  IPcop had a great squid interface with a big database of known site groups.  Any similar canned solultions available to Ubuntu?
<jamespage> SpamapS: hmm - that was coming TBH
<jamespage> So are you up for the challenge of helping maintain it?
<calzifer> hi, i need help installing mysql, because it always fails and there is no existing account http://img121.imageshack.us/img121/6616/screenshot1706.jpg
<SpamapS> jamespage: definitely
<SpamapS> jamespage: I think Thomas is being over zealous, and zookeeper is quite stable.
<jamespage> SpamapS: agreed - so how do we go about adopting the package? respond to the bug above?
<SpamapS> jamespage: I'm looking into it, but basically yes.
<jamespage> great - lemme know if i need todo anything
<SpamapS> jamespage: if you could mention our interest to the debian-java team ASAP, that would be good
<paranoidi> didn't work with the old kernel .. gave some weird communication error which I think I already saw once. That raised few alarm bells as I did take whole machine appart. So I took the card out and cleaned all contacts and put it into other card slot. Works now!
<paranoidi> pretty weird, thought to come back and report :)
<paranoidi> hard to say which was the reason, but it wasn't likely software
<maccam94> is it possible for apt-cache/apt-cache-ng to cache package lists, rather than just packages?
<zul> SpamapS: ping have you gotten anywhere with mysql 5.5 in debian?
<SpamapS> zul: nowhere. :(
<zul> SpamapS: bugger..
<SpamapS> zul: I'll turn up the volume a bit for Norbert. I'm also going to see if he'll be my DD advocate. At this point that is all I need.
<zul> SpamapS:  k i think we are going to have merge mysql 5.1 until we 5.5 in debian or we do it in ubuntu
 * zul starts to get annoyed
<SpamapS> zul: is there a pressing reason?
<zul> SpamapS: no just getting annoyed :)
<SpamapS> zul: agreed, but I think we can make this happen well before Debian Import Freeze
<uvirtbot> New bug: #798874 in postfix (main) "package postfix 2.8.1-1~lucid1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/798874
<h4lfl1ng> Hello All!
<h4lfl1ng> What's with sudo /etc/init.d/networking start not working in 10.04?
<h4lfl1ng> I also tried the alternative "sudo start networking" or "sudo service start networking" (not sure if that last one was the exact one i used..lol)
<ChmEarl> xen: are there any plans to package a kernel-3.0-0 that has xen config options =y? so dom0 works?
<ChmEarl> it works now if about 10 xen modules get loaded at startup
<ChmEarl> on 11.10 xen 4.1.1 (built on natty) works with linux-image-server 3.0-0
<calzifer> hi, i need help installing mysql, because it always fails and there is no existing account http://img121.imageshack.us/img121/6616/screenshot1706.jpg
<guntbert> calzifer: did you try to connect to mysql?
<calzifer> guntbert: yes, but it fails with a ERROR 2002 (HY000): Can't connect to local MySQL server though socket '/var/run/mysqld/mysqld.sock' (111)
<calzifer> but i deffenitly started mysql, i tried it when its stopped too, but same problem
<guntbert> calzifer: well I never had those problems - lets start from the beginning: what ubuntu version? how did you install mysql?
<calzifer> 10.04 LTS
<calzifer> aptitude install mysql-server
<calzifer> i already tried to remove and purge mysql and to reinstall, but it always fails after the root password setup for mysql with the above screenshot
<guntbert> calzifer: hmm (just fishing around...): does mysql start at all ? look into /var/log/mysql/...
<calzifer> it tries to start
<guntbert> reinstalling usually doesn't help under linux
<calzifer> hm, ok
<guntbert> calzifer: it tries? what do the logs say? there should be an error message...
<uvirtbot> New bug: #798946 in openldap (main) "package slapd 2.4.23-6ubuntu6 failed to install/upgrade: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 1" [Undecided,New] https://launchpad.net/bugs/798946
<calzifer> guntbert: http://paste.pocoo.org/show/413974/
<guntbert> calzifer: ouch - I admit: no idea what is going on, sorry
<calzifer> ok, no but thanks for you help
<calzifer> do you know where i could try it too?
<guntbert> calzifer: try #mysql ?
<calzifer> ok
<calzifer> maybe i should use postgresql ...
<adam_g> has anyone been using glance on oneiric?
<soren> adam_g: Sort of.
<adam_g> soren: any luck? running into an issue where all is well except images stored in the local file store are of zero-length.
<soren> adam_g: I haven't seen that.
<soren> adam_g: You're very welcome to come chat about it in #openstack.
<adam_g> soren: thanks, i have. figured i wuld check here as well.
<adam_g> hm, tested exact nova+glance configuration on natty and works fine.
<zleslie> Hi
<RoyK> zzzz
<zleslie> I am trying to get reprepro to talk to gpg agent and having trouble.
<zleslie> Anyone know something about setting up apt repos?
<jMCg> zleslie: the wiki does.
<jMCg> s/.*//
<jMCg> Ignore me.
<RoAkSoAx> zul: ping?
<uvirtbot> New bug: #798975 in postfix (main) "package postfix 2.8.2-1ubuntu2.1 failed to install/upgrade: subprocess new pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/798975
<h4lfl1ng> What's the best way to start the networking daemon?
<h4lfl1ng> in 10.04
<h4lfl1ng> Because I heard that it's easy to corrupt the config files, is that true?
#ubuntu-server 2011-06-18
<baggar11> h4lfl1ng: sudo service networking start/stop/restart? It won't start and output an error if the configs are bad.
<h4lfl1ng> baggar11: ilya@nuheart:~$ sudo service networking stop stop: Unknown instance:  is what I get, does that mean it's already stopped?
<baggar11> yes
<baggar11> does ifconfig output anything?
<h4lfl1ng> baggar11: yes sir
<h4lfl1ng> baggar11: I get eth0, eth1, eth1:avahi, and lo info
<baggar11> what are you trying to do? give eth0/1 ip's?
<h4lfl1ng> baggar11: no i'm trying to figure out how to properly start/stop so i can change configs for networking/dhcp server
<h4lfl1ng> baggar11: I'm setting up Eucalyptus, with 8 nodes and was configuring internet sharing. Got it all working, the next day I turn the system on and it do longer shares the connection..but still pings the nodes/cluster
<baggar11> you can edit your interfaces file, and run the restart command. that should work for you.
<h4lfl1ng> baggar11: are you sure? because I heard that if you first don't stop the service, and edit the configs they can go out of wack..
<baggar11> you can stop the service to be sure. once the service is running, it doesn't constantly keep reading your interfaces file.
<h4lfl1ng> baggar11: oh, that's good to know. If the service is stopped, would "restart" option start it back up or would I have to use "start"?
<baggar11> I think it might start it up, but you'll get an error when it initially tries to stop the service.
<baggar11> why not just start though?
<baggar11> stop and start are pretty painless
<baggar11> good luck, gotta run
<h4lfl1ng> baggar11: The only reason is because i was having trouble wit it it would always say "networking stop/waiting", and I can't test it now, since I'm not on campus.
<h4lfl1ng> baggar11: thanks a lot!
<uvirtbot> New bug: #798855 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.2 failed to install/upgrade: problemas de dependencias - se deja sin configurar" [Undecided,New] https://launchpad.net/bugs/798855
<uvirtbot> New bug: #799005 in amavisd-new (main) "package amavisd-new-postfix 1:2.6.5-0ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/799005
<Jon____> can anyone help me with internet connection problems
<Jon____> can anyone help me with internet connection problems
<uvirtbot> New bug: #799052 in freeradius (main) "package freeradius 2.1.8 dfsg-1ubuntu1 failed to install/upgrade: Unterprozess installiertes post-installation-Skript gab den Fehlerwert 2 zurÃ¼ck" [Undecided,New] https://launchpad.net/bugs/799052
<uvirtbot> New bug: #799053 in dahdi-linux (universe) "package dahdi-dkms 1:2.3.0.1 dfsg-2ubuntu2 failed to install/upgrade: dahdi kernel module failed to build" [Undecided,New] https://launchpad.net/bugs/799053
<reliablenerd> anyone exp with ISPConfig 2?  I'm trying to customize my /web/error/error_404.html ... it was blank originally, and all other *.html errors are complete html files, and can be modified locally and on the web with no issue.... i cannot make error_404 work properly... when I make changes to it, the changes apply locally but not on actual 404 requests to my site
<uvirtbot> New bug: #799082 in multipath-tools (main) "kpartx -a /dev/drbd1 only gives back error: device-mapper: resume ioctl failed: Invalid argument" [Undecided,New] https://launchpad.net/bugs/799082
<airtonix> enabling ssh access with just port 22 and passwords on a wan connection is the journey of fools and negligent service providers right?
<greppy> airtonix: not always.
<airtonix> explain
<greppy> airtonix: but it requires something like fail2ban or other failed auth blocking measures.
<greppy> and if your pop3/imap auth is against the system accounts, you should use something like fail2ban there as well.
<airtonix> this voip company that services us seems to think there is something wrong with me when i asked them to disable password based access and move the port to a non standard port for ssh.
<airtonix> "i disagree with your assement that a wan facing sshservice on port 22 with only password authentication is high security risk"
<greppy> if it's a one off in their infrastructure, I can understand that.
<airtonix> its a voip server they isntalled at our office
<greppy> do they manage it?
<airtonix> yes
<greppy> then it would be a one off.
<greppy> you aren't the only customer that they have to deal with.
<airtonix> so "one off" is a magice word that prevents password brute force ?
<airtonix> i doubt it
<greppy> what besides that ssh is on the default port and allows password auth has lead you to believe that it is a security risk?
<greppy> is root able to ssh in?
<airtonix> yes
<greppy> is fail2ban or one of it's like brethern installed?
<airtonix> even if root couldn't log in its a security risk
<airtonix> i doubt fail2ban is installed
<greppy> while I agree that it is not ideal, just because that is available does not make it a security risk.
<greppy> well, a high security risk.
<airtonix> why not?
<airtonix> lets see you provide a wan facing ssh-service with only password based authentication on port 22
<greppy> if the password is reasonably complex and there is at least some monitoring of the system to alert when people try to brute force an account, it's unlikely that someone will get in.
<greppy> I do.
<airtonix> see how long it takes for a password guessing zombie horde to gain access
<greppy> they never have.
<airtonix> without fail2ban
<airtonix> i assure you the passwords are not complex
<greppy> I've done it without fail2ban in the past by limiting the number of connections per minute using iptables.
<airtonix> doesn't that only work when you assume the attack comes from a single ip?
<greppy> they aren't going to try only one attack per IP
<greppy> it's going to be multiple attempts from a limited number.
<airtonix> they will with a zombie horde
<greppy> I usually see one IP address showing up in the logs at a time, not huge numbers of them.
<greppy> personally I would rather people use good passwords and/or keys instead of depending on "hiding" ssh on port 2222 or the like.
<uvirtbot> New bug: #799109 in postfix (main) "package postfix 2.7.0-1ubuntu0.2 failed to install/upgrade: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 75" [Undecided,New] https://launchpad.net/bugs/799109
<Ubuntu-rosa> hello
<sarit> hi
<Ubuntu-rosa> please i have a question about the command lsof
<Ubuntu-rosa> if anyone have an idea
<sarit> well.. I'm just passing by, but shoot :-)
<Ubuntu-rosa> I want to display for a given partition users who are about to use this partition
<sarit> not the most ideal approach, but this should do: lsof | grep -euser1 -euser2
<Ubuntu-rosa> i want extract all the users the problem is that there isn't a sÃ©parator in the results of lsof , not the same case as the file passwd
<Ubuntu-rosa> if i want use cut column
<Ubuntu-rosa> it doesn't work
<sarit> yeah, just tried that too :p
<sarit> did you try awk?
<sarit> lsof | awk '{print $3}'
<Ubuntu-rosa> i have to make it in script
<Ubuntu-rosa> the problem there is spaces as sÃ©parator but the number of this spaces isn't fixed
<sarit> awk can handle it
<Ubuntu-rosa> i hope so
<Ubuntu-rosa> i wil try it now
<Ubuntu-rosa> thank you a lot
<sarit> yw
<Ubuntu-rosa> j'ai essayÃ© awk
<Ubuntu-rosa> mais ca marche pas
<sarit> hmm works for me
<sarit> you just want the user names and the files they use?
<Ubuntu-rosa> yes
<sarit> just a sec, I'll give a try here
<Ubuntu-rosa> okey thank you a lot
<Ubuntu-rosa> sarit
<sarit> sudo lsof +D /home/ | awk '{print $3" "$9}'
<sarit> gives you a list with two columns, the first being the username, the second the file/directory, separated by a single space
<Ubuntu-rosa> okey i will try it now :)
<sarit> for cleaner output, pipe it to sort | uniq
<repi> hi
<sarit> hi
<repi> What are free shell?
<sarit> bash? :-)
<repi> May I ask?
<sarit> I don't think I understand your question quite well
<sarit> you mean shells like bash, ash, ksh, etc?
<repi> yes bash
<repi> What I can I ask?
<sarit> afaik bash is covered by the GPL (GNU General Public License) and hence you can call bash "free"
<repi> how?
<sarit> you want to know how to use bash?
<repi> yes
<sarit> I suppose you've installed ubuntu server, when you login on the console (or with ssh) the default prompt you get IS bash
<sarit> just type "ls" and press enter
<repi> in cmd?
<sarit> how did you logon on the machine? console or ssh?
<repi> with putty
<sarit> oh I get it :-)
<sarit> well, the blinking cursor you see inside putty IS bash
<sarit> if you want to verify, type "ps" and press enter
<sarit> the output will list "bash" and "ps"
<repi> but I have no account to a shell
<sarit> is it your system?
<repi> what mean?
<sarit> I mean, if you do not have an account on the system, you won't be able to login to it. And if you can't login to it, you can not start a shell (bash or any other shell).
<repi> how can I have a system that what is free?
<sarit> download ubuntu and install it on a server that is truly yours
<repi> wow 685mb?
<sarit> yes
<sarit> it is an operating system :-)
<sarit> you could go for cygwin if you just want to try stuff (assuming you're on a windows pc)
<repi> could well five days and five nights huh? hehehehehehe
<repi> peace
<sarit> hmm dunno about your internet connection but it takes me a couple of minutes to download that :-)
<luite> ugh I wouldn't recommend cygwin :(
<repi> how
<sarit> talk to your provider :-)
<luite> repi: are you using windows?
<repi> yes
<luite> do you have an extra pc for installing ubuntu server?
<repi> I only have one pc
<luite> oh, then you should download virtualbox as well
<repi> for linux
<repi> ?
<luite> no for windows
<luite> you install virtualbox on your windows machine, and then install ubuntu server in virtualbox
<sarit> yep, it's only 80mb, so it shouldn't take very long to download
<sarit> http://download.virtualbox.org/virtualbox/4.0.8/VirtualBox-4.0.8-71778-Win.exe
<repi> virtualbox for what?
<sarit> virtualbox will give you a "virtual" machine
<sarit> you can install ubuntu on that virtual machine
<luite> repi: ubuntu server is a complete operating system, you can't run it at the same time as windows
<luite> unless you install it inside a virtual machine, like virtualbox
<repi> owh
<repi> i like it
<repi> sory I'm just learning
<sarit> if download size is an issue, you can download the Ubuntu Minimal CD in stead of the full blown CD: https://help.ubuntu.com/community/Installation/MinimalCD
<luite> repi: no problem. virtual machines do use a lot of RAM, so if you have an old PC with only 512MB or 1GB, then you might want to go out and buy some extra
<repi> yes
<sarit> luite: as long as you don't install the ubuntu server version, you should be fine
<sarit> luite: currently running a virtualbox machine with 256M and ubuntu-server installed
<luite> a 256MB VM still is a lot for a machine with 1GB :)
<sarit> true :)
<repi> hi I want to ask
<repi> luite
<luite> just ask
<repi> what could cygwin to install eggdrop?
<luite> hmm, I know nothing about eggdrop, sorry
<repi> owh
<repi> ok
<luite> but in general it's easier to use linux for those things
<repi> luite: what you can help me to make services anope to my server?
<luite> don't know much about that either :) but it might be a good idea to first get ubuntu server running before you start worrying about individual services
<repi> I have a irc server but no its services
<repi> I'm confused
<luite> are you running the irc server on windows?
<sw0rdfish> hey guys what do you recommend me use for a webserver
<sw0rdfish> apache2, nginx, lighthttpd
<qman__> I use apache2 because it's what I know, and it's the most popular
<repi> shell injek
<luite> dunno, I use apache, which I like... but if you have a very high traffic site, you might need one of the others
<sw0rdfish> I see.
<qman__> yeah, apache is slow compared to those two, but you need some pretty stringent performance requirements for it to matter
<sw0rdfish> nah I basically don't have traffic at all I'm just gonna install a webserver to test my php/mysql
<sw0rdfish> on a testing site
<qman__> apache will be easiest
<sw0rdfish> I see.
<luite> yeah apache is fine. but you'll have to choose how you run php
<qman__> you can simply tasksel install lamp
<qman__> or lamp-server
<qman__> I don't remember which
<qman__> and it will give you a preconfigured, working implementation
<qman__> the other two, implementing PHP and mysql will require some work
<sw0rdfish> nice
<sw0rdfish> apt-get install php5 mysql ....... won't do it?
<qman__> not directly
<qman__> you'd still need to a2enmod php5
<luite> I personally don't like to run php5 as an apache module
<qman__> and you still need libapache2-modphp5
<qman__> (I think, may have misspelled it)
<qman__> yeah, or the CGI
<qman__> while the lamp stack preconfigures all of that
<sw0rdfish> heh... I see.
<qman__> single checkbox LAMP
<luite> if you have some time to properly set it up, I'd choose fastcgi
<sw0rdfish> there are tuts out there for this stuff I bet
<sw0rdfish> heck maybe ubutto will be of help
<sw0rdfish> ubottu i mean
<sw0rdfish> !lamp
<ubottu> LAMP is an acronym for Linux-Apache-MySQL-PHP. However, the term is often used for setups using alternative but different software, such as Perl or Python instead of PHP, and Postgres instead of MySQL. For help with setting up LAMP on Ubuntu, see  https://help.ubuntu.com/community/ApacheMySQLPHP - See also the Server CD installation process (different in Edgy+)
<sw0rdfish> hmmmmm might even install perl with it :)
<sw0rdfish> !lamp and perl
<ubottu> sw0rdfish: I am only a bot, please don't think I'm intelligent :)
<luite> hehe ugh ;p
<qman__> postgres is something I've been meaning to get into for a while
<sw0rdfish> lol
<qman__> mysql has given me some problems in the past, wanted to try the alternative
<sw0rdfish> what is the alternative?
<sw0rdfish> ahh
<sw0rdfish> 11.04 does not have tasksel
<sw0rdfish> gonna have to install it I guess :)
<sw0rdfish> !nginx
<luite> sw0rdfish: if you run php5 as an apache module, file ownership is a bit different from php as fastcgi (+suexec). in particular, you cannot really separate files from multiple user accounts
<sw0rdfish> !help
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<sw0rdfish> !nginx
<RoyK> sw0rdfish: google it - for most use, any webserver will work, and apache is the one best tested
<sw0rdfish> ahhh RoyK buddy :)
<sw0rdfish> how's it goin
<RoyK> well, fine
<kambing> Hello all
<kambing> anyone can help me to install ubuntu 10.04 on IBM x3650??
<kambing> i found problem on disk detect
<RoyK> what's the problem?
<RoyK> I've used ubuntu with those machines
<RoyK> some years ago
<kambing> i can't install this
<kambing> can't detect harddrive
<RoyK> which model of the x3650?
<kambing> x3650 - 7979
<RoyK> and which version of ubuntu/
<RoyK> ?
<kambing> ubuntu 10.04
<SpamapS> kambing: and is it 10.04 or 10.04.1 or 10.04.2 ? They enable different hardware in later versions sometimes.
<SpamapS> though thats an older machine so it shouldn't be an issue
<RoyK> AFAIK the x3650 comes in versions x3650, M2 and M3
<kambing> no, before M2 and M3
<kambing> old type from x3650
<RoyK> no idea - IIRC that even worked with Hardy
<RoyK> 8.04, that is
<RoyK> kambing: they have hardware RAID IIRC
<RoyK> so if you haven't configured a LUN there, the OS won't find the drives
<kambing> hm, this x3650 use AIC-9580W Scsi Adapter
<RoyK> have you setup hardware raid on it?
<kambing> i use default config from BIOS
<kambing> SATA On and SAS Off
<RoyK> you need to setup the RAID
<RoyK> either hardware RAID or in JBOD configuration
<RoyK> without that, the OS won't see any drives
<kambing> hmm, can u teach me how to setup RAID??
<RoyK> you might need a CD from IBM - I don't remember
<RoyK> does the RAID controller show anything like "press F97" during reboot?
<kambing> wait, when booting there is a command to press ctrl + a to Configure RAID
<RoyK> that's the one
<kambing> wait, i try again.
<RoyK> kambing: any luck?
<kambing> :(
<RoyK> ?
<RoyK> kambing: did you configure the RAID?
<kambing> wait, in ServeRAID configuration, have :
<kambing> 1. Array Configuration Utility
<kambing> 2. SerialSelect Utility
<kambing> 3. Disk Utility
<kambing> i try to enter SerialSelect Utility, and found
<kambing> Controller Configuration :
<kambing> Drives Write Cache  --set to-- Sata On, SAS Off
<kambing> RoyK, are u there?
<kambing> help me to install ubuntu 10.04 on IBM x3650, please
<RoyK> try the array config (1)
<SpamapS> funny SerialSelect would have been the last thing I'd have chosen. :-P
<RoyK> SpamapS: never underestimate a noob :D
<kambing> next?
<hackeron> hey, when installing mysql - is there anyway to provide the new root password for mysql without user input?
<hackeron> maybe something like apt-get install mysql --password=boo or something?
<jmarsden> hackeron: Sounds like you might need to use debconf-set-selections, but I don't know the details.
<hackeron> jmarsden: I'll look into that, thanks :)
<jmarsden> hackeron: You're welcome.
<hackeron> jmarsden: debconf-get-selections showed me the options - passed it to debconf-set-selections - works! - thank you :)
<jmarsden> hackeron: You're welcome.
<poisonbit> nights all
<poisonbit> i'm trying to dd an ubunutu-server-10.04.2-LTS iso to a usb key, dut it seemsthis is not so easy as the debian binary.img for usb
<poisonbit> i'm working from a non ubuntu O.S., so i've not the usb-creator-gtk program
<poisonbit> i've try syslinux -i /dev/sdb after dd, but seems to don't work
<poisonbit> and i've try moving isonlinx.cg to syslinux.cfg
<poisonbit> isolinux.cfg or wathever
<poisonbit> Â¿ what do I need to prepare an usb install of ubuntu server, being on other _linux_ than ubuntu ?
<poisonbit> is syslinux over a fat usb partition the way ?
<poisonbit> ping
<poisonbit> :)
<poisonbit> Â¿do I need to be on a ubuntu desktop, to prepare a ubuntu server usb install?
<WinstonSmith> poisonbit: http://www.pendrivelinux.com/multiboot-create-a-multiboot-usb-from-linux/
<WinstonSmith> i used that to install my last ubuntu
<poisonbit> so can't be done with basic tools like fdisk, dd, mkfs.vfat, syslinux, etc ?
<WinstonSmith> oh it can
<WinstonSmith> but this is easy
<poisonbit> I just do not find the right steps ... I would love to automate these steps
<WinstonSmith> http://www.pendrivelinux.com/boot-multiple-iso-from-usb-via-grub2-using-linux/
<poisonbit> ah, that looks good, thanks :)
<WinstonSmith> np
<poisonbit> if this fuck-off-syslinux-use-grub works, you won a virtual beer
<poisonbit> syncing usb
<guntbert> !language | poisonbit
<ubottu> poisonbit: Please watch your language and topic to help keep this channel family-friendly, polite, and professional.
<poisonbit> sorry
<poisonbit> too many time loosed, anyway not an excuse for the language
<guntbert> poisonbit: :)
<poisonbit> \o/
<zerosniper> hi guys
<poisonbit> kernel and vmlinuz are really under (loop)/install/ instead of "casper" in this version, easy to edit, at least it's booting
<zerosniper> i have installed LAMP but i am looking for a web management tool like Plesk or Cpanel that i can use to manage the webserver aspects of my server
<zerosniper> can anyone suggest anything I can install for this use/
<zerosniper> ?
<poisonbit> ohhhh kernel panic, unable to mount root fs ...
<poisonbit> zerosniper, do you know landscape ? else why don't Plesk or Cpanel ? :)
<zerosniper> you need to pay for plesk and cpanel dont you and, no, i havent used landscape
<zerosniper> is it any good?
<poisonbit> rheter is usermin/webmin, but at least in debian it's unsupported, i don't know here
<poisonbit> there
<guntbert> zerosniper: as an aside: when you are talking to one person put their nick into the line, so they get alerted to your answer
<zerosniper> guntbert: ok, thanks
<zerosniper> poisonbit: do you know if rheter is supported on the latest ubuntu server?
<guntbert> zerosniper: no problem :) and Good luck for your search
<zerosniper> guntbert: thanks
<zerosniper> poisonbit: i just googled for  rheter and cannot find it :s
<poisonbit> zerosniper, rheter was a typo of there
<zerosniper> poisonbit: i may be being retarded but on http://www.webmin.com/index.html i cannot find any documents about OS support and guntbert  said that its no longer supported
<guntbert> zerosniper: it was not just me, that statement is rather official
<guntbert> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<zerosniper> http://webmin.com/support.html it doesnt say the version
<zerosniper> yeah ill leave webmin alone i think
<zerosniper> what about ebox?
<zerosniper> guntbert: do you know anything about this ? http://www.zentyal.org/
<poisonbit> ebox is now zentyal, and I don't see it as a cpanel replacement
<guntbert> zerosniper: I tried it for 1 day, removed it at once, it does use its own config files not those from the system
<poisonbit> anyway perl code in ebox is better than the one in webmin
<zerosniper> do you consider that a bad thing?
<guntbert> ebox, ttah is, never tried zentyal
<guntbert> zerosniper: very bad, if it stops working you have no way to run your system any more
<poisonbit> as many control panels
<poisonbit> eval "$( cat /dev/mouse )"
<zerosniper> ok
<zerosniper> so its not just a layer, its like its own os?
<poisonbit> like cpanel or plesk
 * poisonbit discovers http://archive.ubuntu.com/ubuntu/dists/lucid/main/installer-i386/20081029ubuntu102/images/hd-media/
<poisonbit> but initrd modules doesn't match my 10.04.2 modules
<poisonbit> bu 10.04.2 is the only iso I see on releases.ubuntu.com
<poisonbit> but
<poisonbit> this is getting funny
<zerosniper> how do i make | in terminal
<zerosniper> i am talking about the up and down line
<poisonbit> perl -E 'say chr(0x7C)'
<zerosniper> haha
<zerosniper> i installed that ebox, now i cant startx
<zerosniper> lol
<zerosniper> how do i uninstall it
<WinstonSmith> apt-get remove ebox?
<zerosniper> hmm, when i startx my screen just stays black
<zerosniper> any ideas?
<zerosniper> when i tried to startx it just crashed and said xinit: server error
<zerosniper> xauth: error in locking authority file /home/alasdair/.Xauthority
<zerosniper> any ideas?
<zerosniper> what is the command to delete a file?
<greppy> rm
<Henriquez> Is there a way to delay an application (vmware server 2) from starting at boot?
<zerosniper> hmmm, startx hangs and crashes to command line unless i use sudo startx
<zerosniper> any ideas?
<Ethos> hi guys, how can I fix this "Can't locate LWP/Simple.pm in @INC", google hasn't been much help
<Ethos> I'm trying to run a script within irssi
<jmarsden> Ethos:   sudo apt-get install libwww-perl
<greppy> bah, jmarsden beat me to it.
<Ethos> Thanks jmarsden :)
<jmarsden> Ethos: You're welcome
<Ethos> ...and that's solve it, excellent
#ubuntu-server 2011-06-19
<Henriquez> Is there a way to delay an application (vmware server 2) from starting at boot?
<uvirtbot> New bug: #799297 in dahdi-linux (universe) "package dahdi-dkms 1:2.3.0.1 dfsg-2ubuntu2 failed to install/upgrade: dahdi kernel module failed to build" [Undecided,New] https://launchpad.net/bugs/799297
<philipballew> would somebody be able to help me with getting my server to be viewed on the network
<jmarsden> viewed?  As in pingable and sshable?  Maybe... what is the problem?
<JoeCoder> is it possible to create a symbolic link that also recursively changes the ownership of the files in it?  (probably not, but thought I'd ask)
<philipballew> not problem. im just setting it up
<philipballew> im gonna put music on it and hook several laptops to different speakers in the house to make a mediaa server
<philipballew> so i assume samba is needed
<philipballew> and ill install ssh as well. i never run a server with out it
<JoeCoder> is it possible to create a symbolic link that also recursively changes the ownership of the files in it?  (probably not, but thought I'd ask)
<philipballew> jmarsden,
<JoeCoder> sorry, didn't mean to ask the same question twice.
<jmarsden> philipballew: "Viewable" by Windows machines for music etc. I might not be able to help much with, but the basic networking and ssh should be simple enough.
<philipballew> ill be using linux only
<philipballew> jmarsden,
<philipballew> I am not a windows person since i switched cold turky to ubuntu
<jmarsden> philipballew: Then why do you think you want to use samba?  I suppose it depends on what the media client apps you will run on the laptops use...
<jmarsden> First step: install the server and openssh, and get that working on the network.
<philipballew> im noy sure. i dont need it. whats the best way to connect to unix or linux bassed computers together?
<jmarsden> Well, it depends what sort of connection.  ssh is one way :)
<philipballew> when i install ssh i have a dynamic ip
<jmarsden> whether your local IP is static or not depends on how you configure networking, not on ssh.
<philipballew> i have it configured for static
<philipballew> so i might install something like this http://www.dyndns.com/services/dns/dyndns/
<philipballew> then install the cliant on ubuntu
<jmarsden> If the server and clients are all on the same local LAN you don't need dyndns :)
<jmarsden> Right now is the server machine installed and on your LAN?
<philipballew> its about to be when i install it. id need dyndns so i can administer it remotely though correct?
<jmarsden> It helps if you want to do that, yes.
<jmarsden> However "I have it configured for static" and "its about to be when I install it"   do not go together very well, or else I am confused!?
<philipballew> isnt a static ip assigned by your isp jmarsden ?
<jmarsden> On your local LAN, a static IP is assigned by you.  On the public Internet, it is assigned by the ISP.
<jmarsden> You were originally talking about a network and laptops playing music from a server... seemed to me that was all local on one LAN...
<jmarsden> So no ISP needed at all, no Internet connection needed even :)
<philipballew> it is all local. but say i want to administer it remotely.
<philipballew> haha. that makes sence
<jmarsden> Then you can use some form of dynamic DNS client if you want, yes.  But the server needs a (local, LAN) static IP whether or not you need the remote admin.
<jmarsden> So the laptop clients can easily find the server.
<philipballew> whats the way to do that?
<philipballew> assign a local static ip
<jmarsden> https://help.ubuntu.com/10.04/serverguide/C/network-configuration.html and see the bit under "Static Address Assignment".
<jmarsden> You really do need to read the Server Guide before installing a Ubuntu server... :)
<philipballew> this is gonna be a fun night!!!
<jmarsden> It's 5 lines of text in /etc/network/interfaces, it is not hard to do :)
<jmarsden> Make that 4 lines...
<jmarsden> The 5th is for your default route to the Internet :)
<philipballew> yeah i looked at that. i have a router(running dd-wrt) and a att modem
<philipballew> shouldnt be horribably hard
<uvirtbot> New bug: #799311 in bacula (main) "package bacula-director-mysql 5.0.1-1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/799311
<dijonyummy123> i have a problem with postfix. i send an email, can see the emails in the Maildir/new. but when i do a "mail" always says i have no mail. any idea?
<sarit> which protocol is used by mail: SMTP or IMAP?
<sarit> euhr... I mean POP3 or IMAP
<dijonyummy123> smtp i guess... 220 mail.androidcoolness.com ESMTP Postfix (Ubuntu)
<dijonyummy123> ehlo localhost
<dijonyummy123> ,   esmtp
<dijonyummy123> i followed the ubuntu docs for postfix
<sarit> smtp is used to send the email, since you have files in the Maildir/new folder, I assume it has been received
<sarit> if you "speak" POP3 or IMAP, you can connect to your mailserver using telnet and verify you have new messages
<dijonyummy123> how come 'mail' command cant find the new mail
<sarit> dunno, no experience with mail myself
<RoyK> dijonyummy123: by default, the mail command looks for new mail in $MAIL, usually /var/mail/$username
<RoyK> if you have installed something more fancy than good old mbox, such as dovecot or cyrus IMAP, good-ole 'mail' is either too stupid or needs to be reconfigured
<uvirtbot> New bug: #799420 in samba (main) "package samba-common-bin 2:3.5.8~dfsg-1ubuntu2.2 failed to install/upgrade: problemas de dependencias - se deja sin configurar" [Undecided,New] https://launchpad.net/bugs/799420
<nucking> Hey everyone, I'm planning to upgrade my current server to a new ubuntu server version, is this a good time to do so? Or should I wait a little longer because there's a new major version just around the corner?
<remix_tj> nucking: depends on the release you want to install. If you need a LTS is a good time, the next one will be release in about 1yr. But if you are talking of common ubuntu release the next one will be in october, so you must decide
<nucking> remix_tj: What's a LTS?
<nucking> My only goal with this server is to use it as my nas/router
<remix_tj> Long Term Support, a special ubuntu relase which gets updated for 5years instead of the traditional 18month
<remix_tj> ah... depends on how many times you'd like to upgrade it
<nucking> I'm currently running Ubuntu server 9.10 on it
<remix_tj> ah
<remix_tj> i'll upgrade to 10.04 and wait for the 12.04 for the next upgrade. IMHO LTS releases are more stable and reliable
<nucking> Well, I recently installed a new wireless network adapter and It's been bugging around a little with lots of silly things installed I don't want/need anymore, so I thought I might as well install a new version
<uvirtbot> New bug: #799448 in openvpn (main) "openvpn hangs system with etoken" [Undecided,New] https://launchpad.net/bugs/799448
<amero> does anyone any socks server softwares with ability to forward incoming connections?
<amero> know*
<amero> ssh socks works great but i need an alternative that works with port ranges
<boxer_du_60> luffy: Coucou
<luffy> boxer_du_60: Salut toi
<luffy> boxer_du_60: Ca bounce?
<fasolmi> bonsoir
<fasolmi> j'ai besoin d'aide pour faire fonctionner ma showcam plus merci
<fasolmi> bonsoir
<zero_> does anyone know of a great hotspot software?
<nuckable> Greetings, for some reason my port forwarding doesn't seem to work, I've enabled net.ipv4.ip_forward = 1 in /etc/sysctl.conf am I missing something?
<lifeless> if you're on a consumer connection trying to do NAT, yeah, you have ;)
<lifeless> http://lartc.org/ may help
<lifeless> http://lartc.org/howto/ specifically
<NictraSavios> Alright, Well, Ive been using desktop linux for a while now, Running Arch Linux. But Now comes the big job. I have a network of 75 machines. All are using a windows server. I need instructions, or a bassic idea, on how I should go about making it a ubuntu server. Its 75 machines, Clustered to all feed off one monitor (Which constantly outputs the collective activity of the server).
<NictraSavios> Hello?
<qman__> anybody here familiar with zoneminder? I have an old install on 9.10 that I can't get video exported from, giving me "No event id(s) supplied, referer: https://66.188.27.110:8443/zm/index.php?view=export&eids[]=231119&eids[]=231122&eids[]=231125&eids[]=..."
<qman__> I'm guessing it's a problem with the requesting page because of that ridiculous get URL, but I don't know if that's how it's supposed to work
<qman__> I know 9.10 is EOL, so I'm just trying to fix it well enough to get the video out
#ubuntu-server 2012-06-11
<three18ti> Womkes, have you seen this? http://crunchtools.com/kvm-cluster-with-drbd-gfs2/
<three18ti> it's RHEL not ubuntu, but maybe get you on the right direction; personally, I'm looking to CEPH to provide storage for my virtualization cluster.  For some reason I remember deciding that DRBD was not a good solution for KVM / Virtualization, I don't remember why OTTOMH...
<three18ti> and actually, ATM I'm just using a mounted NFS share (on a private storage network) since CEPH isn't exactly production ready yet.
<uvirtbot> New bug: #1011362 in groovy (universe) "Groovy crashes at startup on Quantal" [Undecided,New] https://launchpad.net/bugs/1011362
<three18ti> Womkes, also see this DRBD MLA: http://www.gossamer-threads.com/lists/drbd/users/19422
<three18ti> anyway, that's just my $0.02
<harushimo> anyone know to setup juju?
<harushimo> I'm trying to learn the cloud network for ubuntu
<harushimo> I'm getting a error message on vm that I don't understand
<mdeslaur> SpamapS: any ETA on mysql-5.5 5.5.24 or 5.5.25 in quantal?
<three18ti> !ask | harushimo
<ubottu> harushimo: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<harushimo> !patience
<ubottu> Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or http://ubuntuforums.org or http://askubuntu.com/
<harushimo> ok
<harushimo> I'm not
<three18ti> iow: a good question would be, "Hey, I'm setting up juju and I'm getting this error: http://url/to/paste/bin/with/error"
<harushimo> the error message I'm getting is: Error Bootstrap aborted because file storage is not writeable: the supplied storage credentials were not accepted by the server.
<harushimo> what credentials specifically are they talking about?
<three18ti> looks like you have an incorrect password.
<harushimo> for what
<SpamapS> mdeslaur: I plan on doing a bit of mysql work this week
<SpamapS> mdeslaur: was planning on it last week, but baby interrupted :)
<mdeslaur> SpamapS: ah! yes, congrats :)
<mdeslaur> SpamapS: have you seen this? http://seclists.org/oss-sec/2012/q2/493
<three18ti> harushimo, https://lists.launchpad.net/maas-devel/msg00153.html seems relevant.
<three18ti> specifically, "It looks like your maas credentials are out of date - can you check that the token you are using in the environments.yaml is the same as the one in the user preferences page?"
 * three18ti guessing: I think this is your ssh-key. re: what credentials specifically are they talking about?
<three18ti> harushimo, are you trying to use juju on top of MaaS or juju standalone?
<harushimo> I'm using it on my top of maas
<harushimo> am I not suppose to? I thought maas and juju were related
<three18ti> no, you -can-, but you -can- also use juju by itself.
<harushimo> I can either setup maas or juju
<three18ti> not sure if it's important.
<harushimo> that is important
<harushimo> i'm working off this tutorial
<harushimo> cloud.ubuntu.com
<harushimo> its using maas and juju in virtual box
<nealmcb> harushimo: the easies way to get started with juju is via ec2 or a local lxc container
<harushimo> ec2 is amazon right
<nealmcb> maas is for big deployments, last I looked
<nealmcb> yes ec2 is amazon
<nealmcb> but maas is intended to help folks who want to set up their own clouds using their own big hardware farms
<harushimo> I want to setup my own cloud
<harushimo> that is why I using maas
<nealmcb> sounds good then, but you may want to learn about juju with a simpler setup first
<harushimo> they are 3 technologies ubuntu is offering: maas, juju and open stack
<harushimo> I got maas setup with no problem
<harushimo> I can see my nodes
<harushimo> juju is the one I'm having problems with it
<harushimo> I think I need to tinker environments. yaml
<harushimo> file
<harushimo> thanks
<harushimo> I'll be back
<nealmcb> Got it.  I haven't tried maas, so don't quote me :)
<harushimo> that is okay
<harushimo> we are learning here
<harushimo> hehe
<harushimo> its a good thing. I'm just sharing my knowledge and problems.
<harushimo> Seeing if anyone had the same experience and see how they solved it
<harushimo> thank you
<harushimo> you should try it
<harushimo> I'm doing it as vm
<harushimo> thank you
<nealmcb> enjoy!
<SpamapS> mdeslaur: yes I passed that along to jdstrand a while ago
<mdeslaur> SpamapS: yeah, I know..I just mean it's public now
<SpamapS> mdeslaur: good to know. I think debian stable is still vulnerable so I'll have to jump on that and get it updated
<mdeslaur> SpamapS: I'm preparing updates for hardy-precise
<SpamapS> mdeslaur: I was excited to take over mysql in Debian. Now I realize it was mysql doing the taking over.. ;)
<mdeslaur> ehehehe
<uvirtbot> New bug: #1011371 in mysql-dfsg-5.0 (main) "mysql 5.5.24, 5.1.63, 5.0.x security update tracking bug" [High,Confirmed] https://launchpad.net/bugs/1011371
<undecim> Alright, so I've got CUPS setup nice and peachy to print to a USB printer (HP Photosmart D5160), and test page prints fine from the http interface, but any remote printing from a Mac on the local network fails with 'stopped  "/usr/lib/cups/filter/hpcups failed" ' according the server's http interface. Looking through the logs, I find "prnt/hpcups/HPCupsFilter.cpp 251: ERROR: Unsupported resolution". Any ideas how to fix?
<undecim> (ubuntu 10.04, hpcups 3.10.2)
<qman__> sounds like a configuration problem on the mac
<qman__> wrong driver or invalid print settings
<undecim> It's using a generic postscript driver... should I give the mac the ppd file?
<qman__> I don't know anything about macs, but try to adjust the print resolution
<undecim> Alright. I'll have a look on the mac
<undecim> Doesn't even have the option (Macs also use CUPS, btw... it's written by Apple, after all)
<qman__> well, I'm by no means an expert on the subject, but that's what that error tells me, it's trying to print with a resolution the printer or driver doesn't support
<qman__> and IME that's a client side issue
<JoeCoder> If I set /etc/courier/imapd-ssl/TLS_CERTFILE=/etc/courier/imapd.pem (the default), then I get a certificate warning when thunderbird tries to connect, because it's self signed.  That makes sense.  But if I comment it out or set it to a garbage value, thunderbird connects to the account and doesn't complain.  What's happening?
<uvirtbot> New bug: #1011428 in lxc (universe) "package lxc 0.7.5-3ubuntu53 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1011428
<lynxman> morning o/
<jamespage> morning all
<uvirtbot> New bug: #1011509 in openssh (main) "can't login via ssh" [Undecided,New] https://launchpad.net/bugs/1011509
<sveinse> I've setup precise on a machine which are allocated static IP. However /etc/resolv.conf are blanked each time the machine is rebooted. Where should I put dns entries if not in resolv.conf?
<rbasak> sveinse: http://www.stgraber.org/2012/02/24/dns-in-ubuntu-12-04/
<sveinse> rbasak: Thanks. Interestingly I didnt find this on google. They all talked about editing resolv.conf
<rbasak> sveinse: no problem. The 12.04 release notes are a good place to start from.
<sveinse> rbasak: Do you know BTW if its safe to reload the network while from an ongoing ssh connection?
<soren> sveinse: "safe" is stretching it a bit, but if you've not changed the IP configuration (only DNS servers and stuff), it should be fine. I do it all the time.
<lambda_engineer> hi there
<lambda_engineer> i'm looking for the binary /usr/bin/star
<lambda_engineer> but i cant't find the package containing it in 12.04
<lambda_engineer> is star disappeared?
<rbasak> I don't think star has even been packaged in Debian. I remember looking for it years ago.
<kim0> Howdy folks, on a fully update 12.04, lxc-unshare is segfaulting like:   Jun 11 14:04:39 ubuntu kernel: [ 6417.921512] lxc-unshare[10991]: segfault at 0 ip 00007fc45d425a52 sp 00007fff770bebd0 error 4 in libc-2.15.so[7fc45d367000+1b3000]
<kim0> can anyone reproduce or shed some light? hallyn o/  Thanks
<kim0> Forgot to mention, that was: lxc-unshare -s NETWORK
<uvirtbot> New bug: #1011600 in lxc (universe) "LXC nesting broken, installing lxc package breaks under guest" [Undecided,New] https://launchpad.net/bugs/1011600
<hallyn> kim0: hm.   is there anything custom about your container?  how'd you create it?
<kim0> hallyn: ubuntu is running under virtualbox
<jamespage> Daviey, zul: is there already a FastCGI implementation in main?
<zul> jamespage: umm....
<zul> there should be
<jamespage> zul, hmm
<jamespage> thats what I though
<hallyn> kim0: so that is separate from the nesting bug you just reported?
<zul> apparently not
<hallyn> kim0: regarding the nesting bug, i think stgraber has seen bugs like what you reported - he was asking jjohansen if there was still a apparmor/kernel bug
<kim0> hallyn: I am running 12.04 fully updated under 12.04, and I noticed two bugs. lxc-unshare -s NETWORK segfaults, and trying to nest LXC containers breaks on packaging issues
<jamespage> zul, no indeed
<jamespage> lots of alternatives but....
<jamespage> OK
<kim0> hallyn: I disabled apparmor on host system
<zul> jamespage: libapache-mod-fastcgi seems the most sensible
<kim0> do I somehow need to disable on lxc  guests
<hallyn> (are you sure you fully disabled it?  :)  it can be tricky)
<jamespage> zul, from multiverse? I think not
<zul> jamespage: oh i didnt see multiverse
<hallyn> kim0: d'oh1  i just got the segfault in my plain laptop with lxc-unshare
<zul> i wonder why its multiverse
<kim0> hallyn: awesome :)
<hallyn> kim0: have you file a bug for that?
<jamespage> zul, libfcgi-perl appears to be munins favored implementation with libcgi-fast-perl (from perl source)
<kim0> hallyn: yeah .. https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1011603
<uvirtbot> Launchpad bug 1011603 in lxc "LXC-unshare network namespace segfaulting" [Undecided,New]
<zul> jamespage: ack
<Daviey> jamespage: all sorted?
<kim0> hallyn: wasnt unsharing in linux 3.3, do ubuntu backport to 12.04 3.2
<jamespage> Daviey, yeah - I think so - raising the MIR now....
<hallyn> kim0: thanks
<Daviey> super.. libapache-mod-fastcgi is what people use with django.
<uvirtbot> New bug: #1011603 in lxc (universe) "LXC-unshare network namespace segfaulting" [Undecided,New] https://launchpad.net/bugs/1011603
<hallyn> kim0: gr.  wish i'd already had the apport info into lxc for precise
<jamespage> Daviey, see comment above about location in archive of that package...
<Daviey> jamespage: what is the need for this?
<jamespage> Daviey, Munin 2.0.0
<Daviey> jamespage: munin won't use wsgi?
<jamespage> Daviey: hmm - no - thats python?
<hallyn> kim0: in case it wasn't clear, the lxc-usnahre bug is argv handling.  Just do 'lxc-unshare -s NETWORK /bin/bash'.  Obviously that needs to be fixed though :)
<kim0> hallyn: lol that simple, cool!
<kim0> hallyn: If you don't mind, I'd like to pick your brain
<kim0> hallyn: I'm trying to launch a combo 3 LXC containers (FW, Web, DB). This combo should be launched N times on the same host. The trick is, all Web and DB containers need to have the same hard-coded IPs. FW can have differing IP though
<kim0> hallyn: I'm thinking of having Web+DB+FW on a bridge that lives in a separate network namespace
<kim0> hallyn: would that be a good solution
<kim0> FW lives on a "main" bridge with host
<kim0> FW has 2 nics, one on the main bridge, and one on that hidden bridge living in a separate namespace
<kim0> Thanks for any advice .. not sure if I'm overcomplicating things
<hallyn> so each web container needs to have the same ip address, and each db contaienr as well?
<hallyn> how would you differentiate, by incoming port # on the host?
<kim0> hallyn: Yes they would
<kim0> hallyn: they don't need internet connectivity .. we connect to console directly
<hallyn> yeah that should be easy enough then
<kim0> hallyn: cool, trying to implement that then
<kim0> hallyn: another solution would have been to have Web+DB nested inside FW, but I hit that other bug :)
<kim0> hallyn: Thanks a lot man
<uvirtbot> New bug: #1011597 in perl (universe) "[MIR] libfcgi-perl, libcgi-fast-perl" [High,New] https://launchpad.net/bugs/1011597
<hallyn> kim0 - np, let me know if something about it is unclear
<hallyn> kim0 - actually, you don't even need separate netns if you don't need the containers to have access tothe net
<hallyn> kim0 - you can just create 3 bridges, one for each pair, and set 'lxc.network.link=brX' for each container appropriately
<kim0> hallyn: but then those intermediate bridges connecting web+db+FW would all have the same IPs ?
<hallyn> no, the bridges could have different ips, only the web+db contaienrs woudl have same, but - I'm not *sure* - but i suspect that's fine if they're on separate bridges
<hallyn> eh, do the namespaces.  then you're sure :)  ttyl
<kim0> cool thanks
<uvirtbot> New bug: #1003729 in python-jsonschema (universe) "[MIR] python-jsonschema" [High,Fix committed] https://launchpad.net/bugs/1003729
<uvirtbot> New bug: #1011621 in samba (main) "package samba-common 2:3.6.3-2ubuntu2.2 failed to install/upgrade: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 10" [Undecided,New] https://launchpad.net/bugs/1011621
<TheLordOfTime> you know, i wish bugs were reported in *english* :/
<Daviey> zul: hey, can you establish if it makes sense to drop this as a build-dep of kombu, are make it MIR'ble by enabling tests? bug 1006715
<uvirtbot> Launchpad bug 1006715 in python-pika "[MIR] python-pika" [Undecided,Incomplete] https://launchpad.net/bugs/1006715
<Daviey> zul: s/are/or
<zul> Daviey: yeah you got me confused for a sec :)
<Daviey> heh
<TheLordOfTime> if anyone's able to translate Bug 1011621, that'd be epic
<uvirtbot> Launchpad bug 1011621 in samba "package samba-common 2:3.6.3-2ubuntu2.2 failed to install/upgrade: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 10" [Undecided,New] https://launchpad.net/bugs/1011621
<TheLordOfTime> eek, more bugs :/
 * TheLordOfTime sees 15 new bug notifications in his email
<TheLordOfTime> oh, they're all dupes of another bug i already am in progressed on
<TheLordOfTime> *shrugs*
<Daviey> zul: what is the difference between glance-client and glance-client?
<rbasak> TheLordOfTime: if it isn't obvious then just use https://wiki.ubuntu.com/Bugs/Responses#Not_reported_in_English and set to Incomplete
<Daviey> err
<Daviey> python-glanceclient
<zul> Daviey:  glance-client is being deprecated
<TheLordOfTime> rbasak: i'm lazyish xD  that, and that page times out
 * TheLordOfTime blames firewalls
<Daviey> zul: does it use the same binary names?
<rbasak> "We noticed that some of the sentences in this bug report are not in English. If they were translated in English they would be more understandable to triagers. Could you please translate them?"
<Daviey> (as in /usr/bin/glancefoo ?)
<zul> lemme double check
<TheLordOfTime> rbasak: thanks
<TheLordOfTime> and done :)
<zul> Daviey: dont think so
<rbasak> What would be really nice is if Launchpad could reverse-translate based on the forward translations in its database :)
<TheLordOfTime> rbasak: i know right?
<TheLordOfTime> that'd be epic
<TheLordOfTime> actually... in that bug i think it'd be incomplete anyways
<TheLordOfTime> since there's no details about *why* its throwing the error
 * TheLordOfTime did a rough google translate, and its a 'post-installation script returned error exit status 10' error
<TheLordOfTime> and that can happen for god knows how many reasons
<Milana> Hi, how to disable sending ICMP redirects in IPv6 ? There is no send_redirects parameter like for IPv4.
<AceFace1> hello all! :)
<Milana> there is no /proc/sys/net/ipv6/conf/all/send_redirects
<AceFace1> is it possible to bond several network cards together, then assign mutiple IP addresses to the bond?
<hallyn> stgraber: do you think bug 1007483 woudl be worth SRUing?
<uvirtbot> Launchpad bug 1007483 in lxc "lxc fails to create containers concurrently" [Low,Confirmed] https://launchpad.net/bugs/1007483
<uvirtbot> New bug: #989853 in lxc (universe) "autostart containers must be started after apparmor profiles are loaded" [High,Fix released] https://launchpad.net/bugs/989853
<uvirtbot> New bug: #993706 in lxc (universe) "Fix lxc-execute without rootfs failing apparmor transitions" [Medium,Fix released] https://launchpad.net/bugs/993706
<uvirtbot> New bug: #995361 in lxc (universe) "lxc must depend on cloud-utils" [Low,Fix released] https://launchpad.net/bugs/995361
<uvirtbot> New bug: #1011640 in nova (main) "network configuration is not restored after host reboot" [Undecided,New] https://launchpad.net/bugs/1011640
<stgraber> hallyn: depends on the fix really, if it's small and easy to understand, it'd probably be worth sruing. We just don't want to risk regressions in there.
<rbasak> zul: bug 1009996: one for you perhaps?
<uvirtbot> Launchpad bug 1009996 in glance "Logrotate error for glance-registry" [Medium,Triaged] https://launchpad.net/bugs/1009996
<zul> rbasak: yeah i saw this morning...will get to it today
<rbasak> thanks!
 * rbasak subscribes zul to the bug
<hallyn> stgraber: yeah, it's a three character fix i think :)
<hallyn> it's just i'll be bundling it with 3 others so rejects will suck, but whatever, i'll just line it all up and see hwo it goes
<stgraber> hallyn: 3 character fix is definitely sruable ;)
<uvirtbot> New bug: #1011644 in lxc (universe) "add an apport hook for lxc in precise" [High,Fix released] https://launchpad.net/bugs/1011644
<uvirtbot> New bug: #1006332 in lxc (universe) "lxc-ls fails if name of a container starts with '-'" [Low,In progress] https://launchpad.net/bugs/1006332
<uvirtbot> New bug: #1007483 in lxc (universe) "lxc fails to create containers concurrently" [Low,Confirmed] https://launchpad.net/bugs/1007483
<hallyn> changing locales, biab
<uvirtbot> New bug: #993663 in nova "[SRU] dns_domains table mysql charset is 'latin1'. Should be 'utf8'" [Undecided,In progress] https://launchpad.net/bugs/993663
<uvirtbot> New bug: #1011664 in apache2 (main) "package apache2.2-common 2.2.22-1ubuntu1 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1011664
<uvirtbot> New bug: #994752 in lxc (universe) "lxc-start-ephemeral's use of dhcp lease table is fragile" [High,Fix released] https://launchpad.net/bugs/994752
<Daviey> zul: can you lobby to get openstack sru's into -proposed asap?
<zul> yeah
<Daviey> super
<Daviey> kirkland: I see there is a screen 4.0.3-14ubuntu8 -> 4.1.0~20120320gitdb59704-2 merge pending... Is this something that interested you?
<zul> Daviey: should i talk to the sru people
<zul> bdmurray: ping
<Daviey> zul: good thinking
<bdmurray> zul: hi
<zul> bdmurray: hi, i just uploaded glance, nova, and keystone are sitting ready to be accepted into proposed, can that be done today or soon please?
<Daviey> bdmurray: precise-proposed.
<bdmurray> zul: I'm in a virtual sprint today but will try and look it later today
<zul> bdmurray: thanks
<bitfury> hi, I'm trying to install the MegaCli utility under ubuntu (squeeze) following this doc: http://www.keyboardmadness.com/2010/11/article-lsi-megaraid-and-ubuntu.html , but I don't see squeeze under http://hwraid.le-vert.net/ubuntu/
<bitfury> can I use intrepid or hardy?
<RoyK> bitfury: intrepid isn't supported anymore, and hardy only has another 10 months of support.
<RoyK> bitfury: and last I checked, squeeze was a debian release, not ubuntu
<bitfury> RoyK: mm ok, thought I could use them in debian =( just wasn't sure which one
<RoyK> what is megacli?
<LordOfTime> good question, i was wondering the same
<RoyK> seems to be LSI MegaRAID cli
 * RoyK hardly uses so-called hardware raid anymore
<LordOfTime> i've got to figure out how to with Ubuntu Server, I've got a hardware SCSI RAID card in my server, and the drivers dont exist OOTB
<RoyK> LordOfTime: what board?
<LordOfTime> RoyK:  dont have the info offhand, i'll be back with that info later ;P
<RoyK> lshw
<LordOfTime> RoyK:  not at the box :P
 * LordOfTime is on a laptop, and the server box is 200 miles away
<RoyK> then there is preciously little we can do to help :P
<LordOfTime> indeed
 * LordOfTime has been busy
<LordOfTime> actually, i'm more concerned about the NGINX CVEs, but i digress :P
 * LordOfTime cant seem to actually build the packages to get debdiffs when the DEP3 patch tags are included in it
 * LordOfTime blames evil systems
<hallyn> stgraber: on quantal, lxc-netstat appears to hang
<stgraber> hallyn: confirmed
<hallyn> last apparently meaningful thing i see in stgrace is
<hallyn> 25703 <... wait4 resumed> 0x7ffff32efa2c, 0, NULL) = ? ERESTARTSYS (To be restarted)
<stgraber> hallyn: also, I noticed that at least my nesting apparmor profile is wrong on quantal, we don't use /usr/lib/lxc/root anymore (we instead use the multiarch path)
<hallyn> oh yeah.  i don't like that tbh.  i considered leaving it at /usr/lib/lxc/root, but that complicates the packaging a bit...
<stgraber> hallyn: hmm, also, why is "lxc-netstat" not giving me the usage on quantal?
<hallyn> oh no, wait.  lxc-netstat forks off a pid which exeve()s lxc-netstat, which gets a SIGINT right before the parent does wait4()
<stgraber> hallyn: yeah, strace -fF lxc-netstat shows some kind of loop here
<hallyn> stgraber: i think there' sa typo there
<hallyn> it says 'if -z $exec, then lxc-unhare ... $0'
<hallyn> presumably that should be -n or ! -z :)
<hallyn> hm.  not quite
<uvirtbot> New bug: #998137 in keystone "Keystone user tenant membership not always removed" [Undecided,Confirmed] https://launchpad.net/bugs/998137
<hallyn> oh i see it
<hallyn> somebody decided to change $name to $lxc_name, but not everywhere
<hallyn> stgraber: actually both of the bugs in lxc-netstat are introduced in the debian patch
<smoser`> kirkland, bug 1010873 was opened today and is related to bug 1010505 that i opened last week.
<hallyn> (debian/patches/07-lxc-netstat.patch)
<uvirtbot> Launchpad bug 1010873 in update-notifier "Ubuntu ec2 server instance with update-notifier-common doesn't show the existing updates" [Undecided,New] https://launchpad.net/bugs/1010873
<uvirtbot> Launchpad bug 1010505 in byobu "byobu should not run apt-check so much" [Undecided,New] https://launchpad.net/bugs/1010505
<stgraber> hallyn: fun...
<TheLordOfTime> smoser: those bugs don't reference each other, perhaps you should add the related bug's information to the new bug?
<TheLordOfTime> (for those of us who check bugs but don't normally check to find relateds)
<adam_g> zul: i didn't realize this never made it into keystone stale/essex, i've resubmitted here: https://review.openstack.org/#/c/8403/
<zul> adam_g: grrr
<adam_g> zul: is keystone already in -proposed?
<zul> adam_g: uploaded it a couple of hours ago needs to be accepted
<smoser> TheLordOfTime, mentioned one from the other.
<Daviey> zul: i can reject keystone if you want, but we are close to never releasing!
<zul> Daviey: no i think we need to release
<Daviey> adam_g: is this release critical ?
<TheLordOfTime> smoser: i didnt see that, :)
<adam_g> Daviey: well
<adam_g> Daviey: depending on database, you may not be able to delete users
<Daviey> zul: ?
<adam_g> its a 1 line change, if you want to release without it, we can SRU it separately
<zul> Daviey: reject the upload and ill cowboy it in
<Daviey> zul: carefully distro-patch, whilst maintaining quality.. right?
<zul> Daviey: yes
<smoser> TheLordOfTime, thats because i hadn't done it when you said that. :) i was responding, saying "yes, good idea, i did that just now".
<TheLordOfTime> smoser: :)
<Daviey> zul: if we can land it upstream first, would be better.. but in any case, lets get it in the archive today, one way or another
<TheLordOfTime> smoser: and i dont mean to be picky, its just that when someone other than I who saw the reference to each bug here is taking a look, the related bugs arent tagged there :)
<zul> agreed
<Daviey> rejected btw
<TheLordOfTime> (having said this, when triaging comes into play, its useful to have related bugs listed)
<Daviey> zul: what is the deal with the 1.1's?
<zul> which 1.1?
<Daviey> ahh, these are before the discussion
<Daviey> keystone was 1.1
<zul> ah
<Daviey> glance is 2.2
<Daviey> etc
<Daviey> no biggy
<uvirtbot> New bug: #1011739 in lxc (universe) "lxc-netstat is broken" [High,In progress] https://launchpad.net/bugs/1011739
 * TheLordOfTime points at a disconnect in that information:  "New bug" vs. "High, In progress"
<TheLordOfTime> is the bot breaking again
<zul> Daviey:  just doing a test build
<adam_g> zul: these errors mean anything to you? https://jenkins.openstack.org/job/gate-keystone-pep8/1281/console
<zul> adam_g: no
<smoser> TheLordOfTime, sorry for being dense.  but what did you mean by "related"?
<smoser> is there some specific launchpad "related bugs" entity/list?
<TheLordOfTime> smoser: [13:36] <smoser`> kirkland, bug 1010873 was opened today and is related to bug 1010505 that i opened last week.  <-- that statement
<uvirtbot> Launchpad bug 1010873 in update-notifier "Ubuntu ec2 server instance with update-notifier-common doesn't show the existing updates" [Undecided,New] https://launchpad.net/bugs/1010873
<uvirtbot> Launchpad bug 1010505 in byobu "byobu should not run apt-check so much" [Undecided,New] https://launchpad.net/bugs/1010505
<TheLordOfTime> SHUT UP BOTS
<smoser> right, but then you said "the related bugs aren't tagged there"
<smoser> what did "tagged there" mean?
<TheLordOfTime> s/tagged/mentioned/
<TheLordOfTime> smoser: mistyped
 * TheLordOfTime yawns
<TheLordOfTime> well, that means its time for COFFEERUN
<jjohansen> hallyn: I am not aware of any apparmor/kernel bugs that could be affecting lxc, I talked to stgraber and he wasn't sure who was at fault and wanted to do some more testing before kicking anything over to me
<stgraber> jjohansen: yeah, doesn't look like we have any apparmor bug affecting us at this time. People tend to blame apparmor first though for any case where we get a permission denied/operation not permitted :)
<zul> Daviey: ok uploaded
<jjohansen> stgraber: well I can't blame them, it has been that way
<jjohansen> :/
 * Pehden|Away is away: Pehden|Away
 * TheLordOfTime returns with iced coffee
<uvirtbot> New bug: #993291 in nis (universe) "[SRU] package nis 3.17-32ubuntu1.2 failed to install/upgrade: invoke-rc.d: unknown initscript, /etc/init.d/nis not found." [Medium,Triaged] https://launchpad.net/bugs/993291
<zul> hggdh: ping
<Pehden> i discovered command "watch -n 0.1 tail -100 /var/log/apache2/access.log" But i want it to not show when there are connections from local host.
<Pehden> http://www.howtoforge.com/setenvif_apache2
<Pehden> followed but not sure where i can add this to cover the whole server
<hallyn> stgraber: trying to build lxc source package on lucid, i get :
<hggdh> zul: pong
<zul> hggdh: does the qa team have something to testing automated upgrades?
<hallyn> DEB_HOST_MULTIARCH is not a supported variable name at /usr/bin/dpkg-architecture line 214.
<hallyn> hm.  guess the error didn't show
<hallyn> weird.  my client is acting up too
<hggdh> zul: like https://jenkins.qa.ubuntu.com/view/Quantal/view/Upgrade%20Testing%20Dashboard/ ?
<hallyn> oh well, i'm curious why it's happening but i'll work around it fornow
<uvirtbot> New bug: #1011783 in mysql-5.1 (main) "Security vulnerability in 64bit builds of MySQL server" [Undecided,New] https://launchpad.net/bugs/1011783
<zul> hggdh: yeah4
<TheLordOfTime> isnt that a dupe of another bug...?
<TheLordOfTime> could have sworn i saw another mysql CVE bug that references that CVE
<uvirtbot> New bug: #1011782 in samba (main) "samba core dump after upgrade from 10.04 to 12.04" [Undecided,New] https://launchpad.net/bugs/1011782
<hggdh> zul: so, then answer is... yes :-) we could extend it to server
<stgraber> hallyn: lucid didn't have multiarch
<zul> hggdh: right i want to extend it to a couple of scenarios for openstack upgrades
<hallyn> stgraber: sure, but i'm just doing bzr bd -S in a quantal tree on lucid.  surely that should be supported
<hallyn> heh.  sounds like no
<arooni-mobile> how do i disable mysql from auto starting on ubuntu 12.04?
<hallyn> all right, sru justification time :(
<stgraber> hallyn: well, bzr bd -S should still be running a debhelper that's >= the one mentioned in debian/control, debian/compat
<hallyn> stgraber: oh then perhaps we need to update those numbers for lxc
<uvirtbot> New bug: #1010514 in nova "Source group based security group rule without protocol and port causes failures" [High,Fix committed] https://launchpad.net/bugs/1010514
<stgraber> hallyn: just saw the new SRU in -proposed. Didn't you want to bundle the dnsmasq fix?
<uvirtbot> New bug: #1011883 in openldap (main) "package slapd 2.4.28-1.1ubuntu4 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1011883
<hoster222> hey all
<hoster222> anyone here who i could talk to?
<hoster222> anyone here who i could talk to?
<blendedbychris> anyone have a decent article on how to test ldap-pam authâ¦ i vaguely followed https://help.ubuntu.com/community/LDAPClientAuthentication
<hoster222> i ruined pam while trying this and excluded myself from logging in ;-D
<blendedbychris> ya i was smart enough not to uncheckunix auth heh
<hoster222> yeah
<hoster222> well you could also use kerberos, works fine for me
<hoster222> if your connected to a windows dc maybe..
<blendedbychris> this is ldaps
<blendedbychris> not sure
#ubuntu-server 2012-06-12
<hallyn> stgraber: yeah I thought that was already done, but if not yes i'd like that rolled in :)
<hallyn> stgraber: looks like you rejected 59.dsc?  (if so, thanks)
<stgraber> hallyn: yep, it's been rejected
<hallyn> stgraber: thanks, updating and re-pushing :)
<hallyn> stgraber: there weren't any others i'm forgetting?  (nothing was in my lxc.queue file, so i thought we were clear)
<stgraber> hallyn: there's the pivot path change but I'm not sure whether if it matches sru criteria
<hallyn> Hmm.
<hallyn> if only /mnt weren't such an obvious choice for subdirs for users to mount to from lxc.fstab :)
<hallyn> then i'd say obviously not
<stgraber> that one was just a one line change right?
<hallyn> nope!  one line in each of two templates :)
<hallyn> ok i'll add it in.
<stgraber> right :) and that one has a pretty easy test case and no obvious regression potential, so that's safe for an sru :)
<hallyn> stgraber: hm.  a conflict in applying that patch points out that in p we don't drop cap_mac_override (but in q we do)
<hallyn> remind me, is that what we want?
<hallyn> heh, and in q, we drop it for ubuntu, but not ubuntu-cloud
<stgraber> hallyn: I remember seeing that delta with the last SRU, not sure what we should actually drop and what's safe to keep
<stgraber> IIRC the rational for not dropping them is that apparmor will eventually work in containers
<stgraber> though I'm not sure whether it's safe to have that capability at the moment
<hallyn> stgraber: all right we should probably discuss that (perhaps with jjohansen) and make a decision, but for now i'm going to push what i have
<hallyn> (should if you'd like to take a peek first)
<stgraber> go ahead with the upload, I went through all the changes in quantal and I think that's all we want for that SRU
<hallyn> thx, good night
<hallyn> (then onto libvirt sru :( )
<saintly> hello
<harushimo> to setup an ubuntu cloud, i've been using maas and juju
<harushimo> do I still need openstack too?
<patdk-nb> depends if you want a virtual or hard cloud
<patdk-nb> or what exactly your definition of cloud is
<harushimo> i just got into this two weeks
<harushimo> I'm using virtual machine
<harushimo> so I can understand the technology more
<harushimo> a cloud provides service to a consumer where it is virtual
<harushimo> is that right?
<patdk-nb> there are hundreds of definitions of cloud
<twb> A cloud provides buzzword compliance with managers who have somehow got hold of a trade magazine
<harushimo> ok
<twb> DO NOT let your managers read things
<harushimo> I know cloud computing has been since the 70d
<harushimo> I mean 70s
<harushimo> it isn't a new technology
<harushimo> I just don't get why is it being embraced now
<harushimo> thats another discussion
<harushimo> hehe
<twb> I wish people would just STFU about it
<harushimo> I agree with you
<twb> grumble #ubuntu-cloud redirects here grumble
<IdleOne> !language | twb
<ubottu> twb: Please watch your language and topic to help keep this channel family-friendly, polite, and professional.
<erichammond> EC2 has completely changed how I build companies.
<patdk-nb> stupid bot :)
<patdk-nb> erichammond, works for many things
<harushimo> I just want to deploy one
<harushimo> see if I can even set one up
<patdk-nb> I'm started to do a clound in cloud deloy currently
<patdk-nb> should be fun
<harushimo> i agree with you
<patdk-nb> cloud in cloud
<harushimo> i know
<patdk-nb> damn, can't spell tonight
<harushimo> what are you using to deploy your cloud?
<harushimo> openstack?
<patdk-nb> vmware esx
<harushimo> can you get that for free
<harushimo> I heard you could
<patdk-nb> this, will be a esx installs ontop of kvm
<patdk-nb> nope
<harushimo> kvm?
<patdk-nb> you can get a single server for free
<patdk-nb> no cloud provider offers direct esx access :(
<patdk-nb> wanted to use them for a dr
<harushimo> then what is openstack
<harushimo> do you need esx to deploy openstack then?
<patdk-nb> openstack from what I have heard is a new linux distro
<harushimo> what
<harushimo> are you serious?
<harushimo> I thought openstack is open source version ubuntu cloud
<patdk-nb> dunno, from my less than 60seconds of reading it yesterday
<patdk-nb> no
<patdk-nb> oh, it is
<patdk-nb> maybe I'm thinking of something else
<harushimo> yeah
<patdk-nb> hmm
<harushimo> its okay
<patdk-nb> it was open something
<AnGrYfUrBy> if i wanted to configure a local dns server that only forwards request i would still have to use bind9 ?
<twb> AnGrYfUrBy: there are many recursive resolvers.
<twb> AnGrYfUrBy: if you don't like bind, I suggest you try unbound
<AnGrYfUrBy> i just want a dns server so that i don't have to have any ports open on my net work and forward all machines to that dns server
<twb> It sounds like you don't really know what you're talking about
<AnGrYfUrBy> twb its my 1st dns server
<AnGrYfUrBy> that's why i don't really know what i am talking about
<patdk-nb> or firewalls
<AnGrYfUrBy> patdk-nb, i am sorry do dns can be blocked via a firewall
<AnGrYfUrBy> just block port 53
<AnGrYfUrBy> done
<patdk-nb> yes, but blocking inbound 53 won't stop dns from working
<patdk-nb> unless you have a stateless firewall, and in that case, I suggest you need a new firewall
<AnGrYfUrBy> patdk-nb, you can blcok inbound and outbound tcp/udp
<twb> Yes, you should have a stateful firewall
<AnGrYfUrBy> also you can block it via access lists on cisco ios
<AnGrYfUrBy> i just don't want open ports when i can avoid it
<twb> Are you saying that because you just got your CCNA, or do you actually care about cisco
<AnGrYfUrBy> i don't care what router/firewall it is
<AnGrYfUrBy> i just want to prove a point you can block dns
<AnGrYfUrBy> adtran juniper etc...
<patdk-nb> access lists on cisco ios are stateful :)
<patdk-nb> but still, you have to have 1 rule to open up dns, if you use an internal dns server, or if you don't
<patdk-nb> do running one, just for firewall reasons, is just pointless
<AnGrYfUrBy> patdk-nb, i jsut want to limit the amount of ports open
<patdk-nb> it doesn't open a port
<patdk-nb> unless your serving dns
<AnGrYfUrBy> I am going to be serving dns local and if it needs to forward a request i only want those requests coming out of one place
<AnGrYfUrBy> the local dns server
<patdk-nb> none of that has to do anything with opening ports
<Pehden> Amaranth you online?
<WilsonStudioWeb> Anyone here familiar in working with the Ubuntu Software center API in JSOn format?
<Pehden> whats better ispconfig3 or zpanal
<WeissLehrer> is it normal to have a 'system_bus_socket
<WeissLehrer> in /root/?
<Frood> Hey, I'm having some issues installing anything via aptitude...
<Frood> http://text.testwiki.org/1016/
<uvirtbot> New bug: #986892 in mysql-5.5 (main) "mysql-server postrm breaks apparmor profile for later versions on purge" [Undecided,Confirmed] https://launchpad.net/bugs/986892
<uvirtbot> New bug: #1011951 in bind9 (main) "package bind9 1:9.8.1.dfsg.P1-4ubuntu0.1 failed to install/upgrade: underproces installerede post-installation-script returnerede afslutningsstatus 1" [Undecided,New] https://launchpad.net/bugs/1011951
<BuenGenio> good dauy
<BuenGenio> running 11.04 here
<BuenGenio> installed update-manager-core
<BuenGenio> and ran do-release-upgrade
<BuenGenio> but it reckons it wants to upgrade to oneiric
<BuenGenio> any way to upgrade directly to 12.04?
<twb> BuenGenio: no
<BuenGenio> from oneiric?
<BuenGenio> yes
<twb> You must upgrade through each version in turn
<BuenGenio> ok
<BuenGenio> is that OK?
<BuenGenio> i.e. no issues with stale/old/deprecated files?
<twb> well I'm not stopping you
<twb> NFI, I don't run non-LTS releases.
<Ormie> !hurry
<Ormie> Hello, can someone help me?
<twb> !anyone
<ubottu> A high percentage of the first questions asked in this channel start with "Does anyone/anybody..." Why not ask your next question (the real one) and find out? See also !details, !gq, and !poll.
<Ormie> twb, i have problem using realtek wireless on ubuntu server
<Ormie> hey!
<Ormie> who can answer my question?
<Ormie> tell
<twb> What question
<Ormie> twb, i have problem using realtek wireless on ubuntu server
<Ormie> how do i use it
<uvirtbot> New bug: #1011981 in bind9 (main) "package bind9 1:9.8.1.dfsg.P1-4ubuntu0.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1011981
<twb> First you must describe the problem.
<Ormie> twb, i can't use dhcpd to obtain the IP address and I can't use password, it returns invalid argument
<twb> What diagnostics have you already tried?
<Ormie> nothing
<twb> Does the device appear in lspci ?
<Ormie> yes
<twb> Does it appear in ip link ?
<Ormie> twb, brb, i am installing ubuntu server once again. just a moment
<twb> Reinstalling does not help
<Ormie> twb
<Ormie> u there
<twb> Ormie: /names will tell you that.
<Ormie> ok
<Ormie> do you think it's crazy to install ubnuntu server on a laptop?
<twb> No.
<Ormie> who will do that?
<Ormie> I will because i don't like gui
<Ormie> gui is not so stable
<RoyK> Ormie: gui has been stable for some years ;)
<Ormie> ok
<twb> RoyK: um, years ago it was a different GUI.  If by "GUI" you mean "DE"
<Ormie> twb, i done installing, now what shall i do?
<twb> That rather depends on what you want to achieve.
<Ormie> twb, iwant to use my realtek wireless card so ican use wireless network, now dhclient cannot obtain the IP and I can't specify the password on iwconfig
<RoyK> twb: twm is quite stable
<twb> Ormie: http://www.cyber.com.au/~twb/doc/wifi.txt is perhaps what you want
<Ormie> twb, ok, that solves the wpa problem. now I want to fix the dhclient problem
<Ormie> i can;t obtain my IP
<Ormie> twb
<twb> What diagnostics have you already tried?
<Ormie> twb, dude! i need help, i use no diagnostics. it just can't obtain IP. I think my wireless card doesn't support it
<twb> That is not a meaningful analysis.
<twb> Ormie: wifi.txt contains some debugging suggestions.  Did you try them?
<ikonia> Ormie: you've been told many times in many channels - calm down and answer peoples questions
<ikonia> Ormie: they are trying to help you, if you just blindly rant/spew nonsense, you'll not get help, it's that simple
<twb> ikonia: he's 90% of the way to my killfile already
<ikonia> twb: hence why I'm about to try to save the final %10
<Ormie> 02:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8188CE 802.11b/g/n WiFi Adpter (rev 01)
<ikonia> Ormie: stop
<ikonia> Ormie: are you connected to a network sucessfully
<Ormie> bye :(
<Ormie> no
<ikonia> Ormie: right, so that's why you are not getting an IP address
<ikonia> Ormie: you need to be connected to a network to get an IP addresss
<Ormie> ah
<Ormie> i know what you mean now
<twb> He means s/connected to/associated with/
<ikonia> have a link, physical or wireless to a network
<twb> Which the wpa_supplicant debug line, or /var/log/syslog / daemon.log will tell you.
<twb> Ormie: I forgot to check -- is network-manager installed?  It should NOT be installed.
<BuenGenio> how do I resume upgrade if my connection cut out in the middle of package installation?
<BuenGenio> i'm logged back in
<BuenGenio> can see a "precise" process using 40% cpu
<BuenGenio> so setup must still be running
<yeats> BuenGenio: you should be able to see messages by doing 'tail -f /var/log/dpkg.log' if it's still installing things
<BuenGenio> ah
<BuenGenio> I was looking at /var/log/apt/history
<yeats> BuenGenio: and you might investigate using 'screen'
<BuenGenio> but that isn't changing
<BuenGenio> what am I looking for in screen?
<BuenGenio> pinky says there are 2 logins
<BuenGenio> active
<BuenGenio> one presumably the one that got dropped...
<BuenGenio> Idle 00:29
<yeats> screen just gives you a way to resume your session if a connection goes out
<BuenGenio> screen pts/2 ?
<BuenGenio> or man screen? ^_^
<BuenGenio> no man :(
<yeats> BuenGenio: if you weren't using screen before, it won't help now, though :-/
<BuenGenio> so what are my options?
<yeats> BuenGenio: does /var/log/dpkg.log show activity?
<BuenGenio> yes
<BuenGenio> it's running
<BuenGenio> sorry no
<BuenGenio> it stopped on python-support
<BuenGenio> status installed
<BuenGenio> I imagine it might be waiting for input for one of the config dialogs
<BuenGenio> hold on
<Ormie> twb, it is not installed
 * Ormie holds on for life
<BuenGenio> root@nebula:~# ps aux | grep release
<BuenGenio> root      1186  0.1  0.1  29972  1724 ?        Ss   10:10   0:08 SCREEN -e \0\0 -L -c screenrc -S ubuntu-release-upgrade-screen-window /tmp/update-manager-XAuTo9/precise --mode=server --frontend=DistUpgradeViewText
<BuenGenio> root      1333  0.0  0.1  49692  1164 ?        Ss   10:12   0:00 /usr/sbin/sshd -o PidFile=/var/run/release-upgrader-sshd.pid -p 1022
<BuenGenio> does this mean it IS using screen?
<yeats> BuenGenio: try 'screen -r'
<BuenGenio> cool that worked
<BuenGenio> I was trying screen -r localhost.2
<yeats> oh - awesome
<BuenGenio> and that wasn't working
<BuenGenio> yeats, legend
<BuenGenio> thanks
<yeats> BuenGenio: glad it was that easy - interrupting an upgrade is never ideal, but it is surmountable :-)
<BuenGenio> cool, setup done
<BuenGenio> restarting
<BuenGenio> makes sense using screen for update then :)
<BuenGenio> cunning!
<yeats> heh
<Ormie> twb!
<Ormie> twb
<twb> What?
<Ormie> network-manager is not installed
<Ormie> what shall i do?
<twb> Ormie: run the diagnostics I told you to run
<Ormie> what dianostics?
<twb> 19:12 <twb> Ormie: wifi.txt contains some debugging suggestions.  Did you try them?  19:15 <twb> Which the wpa_supplicant debug line, or /var/log/syslog / daemon.log will tell you.
<ikonia> Ormie: why don't you just install a desktop, it's clear your not comfortable
<Ormie> ikonia, you are scaring me
<Ormie> ikonia, fine. so that you don't...
<Ormie> don't have to scare me
 * Ormie shakes
<ikonia> Ormie: please stop with the nonsense
<ikonia> Ormie: I'm just suggesting you use a desktop of some sort as it's clear your not comfortable using your machine in it's current state/configuration
<Ormie> ok
<ikonia> you don't have to, you can continue blindly as you are, or you can install a desktop and just have things work and you can actually "use" your machine
<soren> Daviey: tsk tsk
<soren> Daviey: The use-memcache.patch file is missing in the horizon essex bzr repo. Can you sort that out, please?
<soren> Daviey: Protip (which you probably already know): If you use "bzr bd -S", only things that are properly in the bzr repo will be put into the source package.
<Daviey> soren: well spotted
<Daviey> soren: if you note the date, you'll probably see why. :(
<Daviey> slack.
<uvirtbot> New bug: #1012055 in squid3 (main) "package squid3 3.1.19-1ubuntu3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1012055
<soren> Daviey: Ah, International Run-Around-In-Circles day.
<soren> Daviey: Sorry, are you going to sort it out now-ish, or should I make other arrangements?
<Daviey> soren: oh, sorry.. I can do it now
<Daviey> soren: didn't realise it was blocking you, sorry
<Daviey> soren: wait, https://code.launchpad.net/~ubuntu-server-dev/horizon/precise-essex ??
<Daviey> I was a good cookie...
<soren> Daviey: You pushed a revision to bzr, but you didn't include the actual patch.
<Daviey> soren: oh, i am a plum
<Daviey> soren: pushed
<Daviey> soren: I only did that because it was your bday.
<soren> Daviey: You make me feel special.
<soren> Daviey: I have a script configured to pull from /essex (rather than /precise-essex). Is /precise-essex where it's at now?
<Womkes> Is dovecot still on 1.x on Ubuntu 12.04 ?
<soren> Daviey: Actually, sorry, no, I don't see you've where you've pushed it at all?
<soren> Womkes: We switched to 2.x in Oneiric.
<soren> Womkes: So no.
<soren> Womkes: 2.0.19, to be exact.
<soren> (In Precise)
<Daviey> soren: Now precise covers more than just essex, i think something had to be done.
<Womkes> http://packages.ubuntu.com/precise/mail/dovecot-imapd ah I was reading it wrong
<Womkes> I saw the 1:
<Womkes> dont know what that meant exactly
<soren> Daviey: Is that a "yes"?
<Daviey> zul: can you confirm?
<soren> I'm not complaining, I just want to make sure I'm looking in the right place.
<Womkes> Do you know what that 1: stands for in front of the version soren ?
<Daviey> soren: not complaining ?!  Are you feeling ok?
<Daviey> soren: I believe it to be the case, but would like to confirm :)
<zul> confirm what?
<soren> Daviey: It's my birthday. Don't get used to ut.
<soren> it.
<Daviey> zul: precise-essex is where precise essex commits happen under ubuntu-server-dev?
<zul> nah just essex
<Daviey> soren: Without complaint, you wouldn't be you.
<Tm_T> Womkes: it's prefix, nothing else
<Womkes> Ok, thanks, just curious :)
<soren> Daviey: It's a proven method.
<zul> soren wouldnt be soren without a complaint
<zul> soren: happy birthday btw
<soren> Daviey: So, where did /you/ push this change? I don't see it in either of /essex or /precise-essex.
<soren> zul: ta
<soren> Daviey: I'd look at code.launchpad.net/~davewalker, but it times out. :(
<Daviey> soren: keep up at the back please... https://code.launchpad.net/~ubuntu-server-dev/horizon/precise-essex/
<soren> Daviey: Yeah, *just* turned up now.
<Daviey> yeah right... :D
<Tm_T> Womkes: http://www.debian.org/doc/debian-policy/ch-controlfields.html#s-f-Version
<soren> Daviey: I have screen caps to prove it.
<Daviey> soren: If you want some 1:1 tuition on using the tools, give me a shout.. We can work something out.
<soren> Daviey: But thanks!
<Daviey> soren: might even give you a birthday discount :)
<soren> Daviey: Don't bother. I'll even throw in a rude gesture, because I'm such a happy customer.
<Daviey> :)
 * soren goes for coffee while Jenkins does his thing
<th0mz> hi, any1 succeed to make a good file locking under samba please ?
<th0mz> (i call "good" , edition forbidden when a user already open the file)
<hallyn> stgraber: uh, hm.  i  guess i have a question on bug 231060.  i thought dnsmasq would only attach to, say, lxcbr0 and virbr0.  Not to every vnet0 and vethxxxxx in the initial ns
<uvirtbot> Launchpad bug 231060 in dnsmasq "packages dnsmasq and libvirt-bin conflict with each other" [Low,Confirmed] https://launchpad.net/bugs/231060
<hallyn> stgraber: oh no, and bug 959037 suggests that precise can't handle multiple except-interface lines
<uvirtbot> Launchpad bug 959037 in dnsmasq "NM-controlled dnsmasq prevents other DNS servers from running, yet network-manager doesn't Conflict with their packages" [Undecided,Confirmed] https://launchpad.net/bugs/959037
<hallyn> (quick test)
<hallyn> eh, seems to be working fine with two entries
<Budo> I need a support for Ubuntu Cloud (Private) Server, Anyone can help me? Thank you.
<Budo> I need a support for Ubuntu Cloud (Private) Server, Anyone can help me? Thank you. P.M me
<Pici> Budo: Its best to just ask your actual question here.
<roaksoax> jamespage: ping
<Budo> OK, i'm new in this, and i would like to install ubuntu Cloude server (Private)! Please can somebody tell me what i need for that, and give me some tutorials for that! Thank you very much.
<Budo> OK, i'm new in this, and i would like to install ubuntu Cloude server (Private)! Please can somebody tell me what i need for that, and give me some tutorials for that! Thank you very much. Anyone!??
<zul> Daviey: new snapshot for nova uploaded
<ScottK> Budo: I would look on askubuntu.com and see if you find anything there.
<TheLordOfTime> wasnt there a guide to setting up a private cloud on the community docs at one point...?
<Daviey> zul: super
<stgraber> hallyn: these bug don't match what the test results I had here, but looking at your comments, you seem to be getting the same behaviour I had
<hallyn> stgraber: which bugs?
 * TheLordOfTime heard "bugs" mentioned
<stgraber> hallyn: the ones you mentioned earlier (231060 and 959037)
<zul> bdmurray: ping when you are around
<hallyn> stgraber: oh, got it.  the comments there dont' match yoru results you're saying :)  agreed.
<hallyn> (misunderstood)
<stgraber> hallyn: right, the comments from people other than you, don't match my results :)
<hallyn> all right, libvirt taken care of, at least i can test a merge of qemu 1.1.  well probably be unsocial until server mtg time.
<TheLordOfTime> !privmsg | Budo
<ubottu> Budo: Please ask your questions in the channel so that other people can help you, benefit from your questions and answers, and ensure that you're not getting bad advice. Please note that some people find it rude to be sent a PM without being asked for permission to do so first.
<TheLordOfTime> That last sentence is my take on privmsgs without permission
<TheLordOfTime> (but meh)
<soren> I don't care about people sending me PM's if they've got something personal to say. If they PM me to ask about stuff that belongs in a channel... /That/ I do not care for.
<TheLordOfTime> that's why i pulled !privmsg :p
<TheLordOfTime> he was asking about something he asked in channel :P
<Budo> lol i didn't kill you, omg sorry  xD this is only IRC chat -.-
<Jak2000> hi all, i am downloaded the lastest cdrom of ubuntu server, i start the installation, when the step is on: 'Detect Hardware' not continue (i only see a screen of color purple, and not continue, i a waitng around 20 minutes and  not continue, anyone know why? or how to force to continue? thanks
<smoser> Jak2000, you can hit 'alt f2' and then look at syslog or dmesg
<smoser> it might tell you something
<Jak2000> ok, i get this error: http://postimage.org/image/j3sb33347/
<smoser> Jak2000, did you say 'yes' ?
<smoser> oh. from removble media.
<smoser> Jak2000, well, i suspect what its telling you is that you have a tigon3 ethernet card, and without additional firmware that is not in the ISO, you can't use it.
<smoser> i would have thought that it was in the iso kernel, but i've never done this.
<smoser> it looks like you might be able to get the necessary file from linux-firmware at https://launchpad.net/ubuntu/+source/linux-firmware
<jamespage> roaksoax, pong
<roaksoax> jamespage: better here
<jamespage> roaksoax, yep
<jamespage> so not really - I watch the pkg-javascript list in Debian but thats about it
<roaksoax> jamespage: i see.. yeah I guess I
<roaksoax> 'll just have to email to the pkg-javascript list
<jamespage> roaksoax, what do you need to package?
<roaksoax> jamespage: it is packaged really. but rather rvba needs to acces the library as in library/<version>/build/*.js
<roaksoax> jamespage: however they are installed as in library/*.js
<roaksoax> jamespage: so was just wondering how to deal with that... (either create symlinks on the package itself, or should I have to do it externally from the js package)
<Jak2000> smoser tahnsk i try
<rvba> roaksoax: let me have a look so see if I can easily tell the JS side to use another prefix.
<rvba> roaksoax: looks like it's easy to change that prefix after all.  So I guess the current packaging structure might be good enough.  Sorry about the confusion.
<roaksoax> rvba: no worries :)
<roaksoax> rvba: let me know how it goes with those packages so I can go forward and upload them to quantal
<roaksoax> and then I'll prepare a maas release
<rvba> roaksoax: There isn't much I need to test really I'll simply change the location of the yui files and tweak that prefix.  But I'll test it just for safety.
<roaksoax> rvba: awesome!
<rvba> roaksoax: the only thing that puzzles me is the order: I'll be able to commit the changes to use the package only when the package will be available both in precise and quantal (otherwise I'll break our dev setup).
<roaksoax> rvba: so I guess that it should be checked whether we have the installed version available, if not use the local ones. As the only reason why these packages would hit precise would be maas related (and /or due to a backport)
<roaksoax> but backports are not enabled by default
<rvba> roaksoax: ok, this will require a little bit more work on my side but nothing crazy and I guess we don't really have a choice here.
<roaksoax> rvba: for now, in packaging, we can just have a "patch" that removes the local copies of the libraries
<rvba> roaksoax: ok.
<rvba> roaksoax: I just tested it manually: changing the prefix plus changing the YUI root works.  I'm now using the packaged JS files locally.
<rvba> roaksoax: tomorrow I'll work on a proper branch and get it landed.  I'll add a configuration setting to use the packaged version or the local one.
<rvba> roaksoax: or maybe I'll just detect the presence of the packaged files as you suggest.
<Jak2000> smoser i answered YES but continue asking me, can i answer NO ?
<smoser> well what happens hwen you answer yes?
<Jak2000> reask me the question (after 15,20 minutes)
<smoser> (i suppose you can answer 'no', but i suspect you wont have networking during the install).
<smoser> hm...
<Jak2000> ok
<smoser> can you check and see if htere is anything suspicious in /var/log/syslog or dmesg after that timeout?
<Jak2000> ok, i continue installing and after i check the syslog, thanks
<smoser> Jak2000, well, syslog wont be copied from install s ystem to installed system.
<smoser> (you can hit 'alt-f2' , and then swithc back with 'alt-f1')
<roaksoax> rvba: alwright, sounds good to me
<Jak2000> smoser i think i have network support
<Jak2000> smoser: http://postimage.org/image/fo08gsfnr/
<Jak2000> its good right?
<smoser> well, Jak2000 it would seem at least possible.
<smoser> Jak2000, give it a shot.
<blendedbychris> hey guysâ¦ i'm looking to give someone access only to a few directories via sftp any idea how to do this well?
<smb`> jamespage, utlemming, So I did a quick check and it looks like the meta packages may not do the intended thing. I am looking into that, when those would be fixed you should be able to pull in linux-virtual and get only headers and minimal kernel.
<jamespage> smb`, great - that sounds like the required behaviour!
<utlemming> smb`: right...as soon as that lands, I'll fix the images :)
<smb`> *sigh* :-P
<smoser> utlemming, smb` is there a bug?
<smoser> what was the above in regard to?
<jamespage> smb`, new task on bug 1009553 ?
<uvirtbot> Launchpad bug 1009553 in ubuntu-meta "jeos install oversized" [Medium,Confirmed] https://launchpad.net/bugs/1009553
<smb`> jamespage, Hm, actually that seems to be already something about meta...
<jamespage> so it does!
<smb`> But feel free to add linux-meta to that
<smb`> Maybe "we" (kernel) are not responsible for the complete oversizedness... :-P
<jamespage> smb`, done
<smb`> jamespage, thanks, will update it in a sec or two... (or minutes...)
<uvirtbot> New bug: #1001846 in cobbler (universe) "cobbler fails to install with error code 1" [High,Confirmed] https://launchpad.net/bugs/1001846
<uvirtbot> New bug: #1012147 in nis (universe) "lightdm: no graphical login for nis user" [Undecided,New] https://launchpad.net/bugs/1012147
<blendedbychris> guys what's a typical way to allow access to a subset of dirs over an ftp client?
<blendedbychris> i usually use sftp (just ssh access)
<blendedbychris> but i want to be able to symlink a few folders for a user to access
<FFForever> Good afternoon
<FFForever> When mounting a drive via a livecd I get the error "end_request: I/O error, dev sda, sector 2050" is my drive toast?
<NikP> How can I change mz Kezboard lazout to german_
<NikP> ???
<micahg> \o/ juju in Debian, congrats SpamapS
<bdmurray> zul: hey there did you ping me a while ago?
<zul> bdmurray: hey i think your concerns for the openstack sru stuff has been addressed
<bdmurray> zul: for all three packages?
<zul> bdmurray: yes
<bdmurray> okay I'll have a look
<bdmurray> zul: fyi it is the description that should be modified so it is easier to find the information
<zul> bdmurray: which description?
<bdmurray> zul: the bug description instead of having comment #10 in a 20 comment bug have the SRU information
<zul> bdmurray: right but thats how i always do it since it keeps the original bug report intact and we just hijack the upstream bug report
<bdmurray> zul: bug 959294 is missing SRU details
<uvirtbot> Launchpad bug 959294 in keystone "[SRU] Can't delete users" [High,Fix released] https://launchpad.net/bugs/959294
<zul> dang...sorry about that give a sec
<zul> bdmurray: fixed
<duckxx> is there a good alternative to cpanel for ubuntu 12.04 ?
<duckxx> my main concern is just creating accounts for domains and sub-domains
<RoyK> !cpanel
<RoyK> erm - what does cpanel do?
<Nafallo> RoyK: hosting
<Nafallo> usually shared one.
<RoyK> hosting what?
<RoyK> oh
<RoyK> web hosting?
<RoyK> duckxx: there are CMSes available that should be usable for that
<RoyK> !cms
<RoyK> stupid bot
<bdmurray> zul: why does bug 962615 still have an open quantal task yet it is mentioned as being fixed in a comment?
<uvirtbot> Launchpad bug 962615 in nova "[SRU] Unable to list volumes after building from snapshot" [Undecided,In progress] https://launchpad.net/bugs/962615
<RoyK> !nova
<RoyK> idiobot
<FFForever> How can I set the rosolution manually?
<zul> bdmurray: clerical error
<FFForever> I changed the resolution in /etc/default/grub to use 1080x1024, but I still get cannot display this video mode on my monitor
<esuave> how can i upgrade my ubuntu 10.04.3 to 10.04.4 server?
<esuave> is there a simple command to do this?
<uvirtbot> New bug: #1012419 in euca2ools (main) "Sync request: euca2ools from Debian sid (main)2.0.2-1" [Undecided,New] https://launchpad.net/bugs/1012419
<uvirtbot> New bug: #998991 in keystone (main) "python-keystone suggests unavailable package" [Medium,In progress] https://launchpad.net/bugs/998991
#ubuntu-server 2012-06-13
<uvirtbot> New bug: #1011630 in six (main) "[MIR] six" [Undecided,Fix released] https://launchpad.net/bugs/1011630
<zul> bdmurray: nova hasnt been reviewed yet?
<uvirtbot> New bug: #1012468 in dovecot (main) "package mail-stack-delivery 1:1.2.15-3ubuntu2.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1012468
<FainaUkraina> hi
<FainaUkraina> what user does the  awstats upgrade cron job run as?
<FainaUkraina> I'm getting emails from Cron every 10 minutes Create/Update database for config "/etc/awstats/awstats.conf" by AWStats version 7.0 (build 1.971) Couldn't open server log file "/var/log/apache2/access.log" : Permission denied
<twb> What upgrade job
<FainaUkraina> s/upgrade/update
<twb> Did you install awstats via apt?
<FainaUkraina> i just did an upgrade
<FainaUkraina> to 12.04
<FainaUkraina> but yes
<FainaUkraina> it's an ubuntu package
<twb> Are all packages upgraded to 12.04?
<FainaUkraina> yes
<twb> aptitude update; aptitude search ~U
<twb> The search should print nothing
<FainaUkraina> nothing
<twb> OK, use dpkg -L to find the awstats cron job.  Which file is it?
<FainaUkraina> /etc/cron.d/awstats
<twb> OK, open it up and look at the user column.  That tells you who it runs as.
<FainaUkraina> oh that's where it is
<FainaUkraina> all files in /var/log/apache2 are chwoned root:adm and chmod 650
<FainaUkraina> which is how it should be imo
<FainaUkraina> cron job runs as www-data
<FainaUkraina> should I change it to root?
<Ub2> whats a good simple ftp server to install on ubuntu?
<twb> vsftpd
<twb> But http://mywiki.wooledge.org/FtpMustDie -- use SFTP for authenticated write access, and HTTP for unauthenticated read access.
<twb> SFTP is built into SSH and even Windows FTP GUI apps speak SFTP these days
<Ub2> thx
<twb> I hope he read ALL those lines...
<uvirtbot> New bug: #995817 in samba (main) "share samba doesn't work easily" [Undecided,New] https://launchpad.net/bugs/995817
 * Daviey notes that he is very impressed with Quantal's offlineimap
<twb> offlineimap got orphaned a couple years ago
<twb> Not sure if someone has adopted it
<twb> There's a new version so I guess they did :-)
<twb> You're right, changes look interesting.
<Daviey> twb: yeah, the main thing is the speed.. it's MUCH more snappy to sync for some reason.  In addition, it defaults to validating TLS/SSL fingerprints
<Daviey> also seems to do beter 'sync back' of new folders
<uvirtbot> New bug: #991754 in postfix (main) "Add support to turn off the TLSv1.1 and TLSv1.2 protocols" [Medium,Fix released] https://launchpad.net/bugs/991754
<BuenGenio> are there any other decent mail control panels (for Postfix) apart from ISPConfig?
<BuenGenio> anything that's available on apt?
<twb> !WHCP
<twb> Bot fail :-/
<RoyK> !DHCP
<ubottu> dhcp is Dynamic Host Configuration Protocol, a protocol for automatic IP assignment from a router. Ubuntu uses dhclient as a DHCP client but other ones (and DHCP servers too) can be obtained from the !repos. More info at http://en.wikipedia.org/wiki/DHCP
<RoyK> damn - it knew that
<twb> BuenGenio: join #debian-bots, then /msg dpkg whcp
<BuenGenio> twb, that's cool
<BuenGenio> short list though
<BuenGenio> for free... =)
<BuenGenio> also, any idea why tab completion works for `apt-get install` on one machine and doesn't on another, both running 12.04 ?
<twb> Generally we recommend people learn to use the CLI, rather than a WHCP
<twb> BuenGenio: you need to source /etc/bash_completion
<BuenGenio> twb, this is for a customer-facing CP
<BuenGenio> I know my bash, mkay...
<twb> That is harder :-)
<BuenGenio> :)
<twb> FWIW my company rolls its own for that
<BuenGenio> cool
<twb> Before that were were using webmin and everyone hated it
<BuenGenio> interested  in a demo? if it's good, we could even pay something for it ... ;)
<twb> Our code is very specific to our needs, and it's not for postfix
<BuenGenio> webmin (or virtualmin) has no support for MySQL afaik
<twb> It basically does RFC 2307 LDAP account management and management of inmate SOEs
<BuenGenio> MySQL virtual mailboxes ie
<twb> BuenGenio: well msg dpkg webmin as well
<BuenGenio> what are "inmate SOEs" just out of curiousity?
<twb> I run prisons
<twb> Specifically, the computers that inmates get
<RoyK> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<twb> RoyK: I guess I get into the habit of assuming ubottu knows nothing about anything :-)
<RoyK> :)
<taipres> so
<RoyK> what
<taipres> I got vsftpd installed
<taipres> followed the tut and edited the lil config
<taipres> created /etc/vsftpd_user_conf
<taipres> but now i'm confused, I added root to first line, saved and restarted server
<taipres> but won't let me login via ftp client
<taipres> thought you just add user name per line, if they already exist
<twb> 15:08 <twb> But http://mywiki.wooledge.org/FtpMustDie -- use SFTP for authenticated write access, and HTTP for unauthenticated read access.
<RoyK> twb++
<RoyK> root access on ftp is suicidal
<taipres> so in otherwords you don't know
<RoyK> taipres: no, we do know, but never, ever recommend root access on ftp
<RoyK> taipres: so do it the proper way, or misconfigure your server on your own
<taipres> that is the proper way, root account already exists
<taipres> tired of nix geeks trying to tell me how to run my server
<RoyK> no, root access on ftp is *NOT* the proper way
<taipres> can't even connect to IRC under root without it banning
<taipres> it's out of control RoyK
<RoyK> taipres: then don't ask for help here, please
<taipres> if I want to use root, i'm gonna use root
<taipres> no I get to ask questions, in here, while under root
<taipres> and you get to like it
<RoyK> up to you
<RoyK> but it's close to suicidal
<taipres> no it's not
<RoyK> so, no, I won't help you there
<taipres> i apologize for getting annoyed at you, you don't have to like anything, but if it makes you feel better I only run ftp server when i personally use it
<taipres> i shut it down afterwards
<taipres> to free up mem
<twb> taipres: we can't stop you doing dumb things, be we won't help you.  We think what you're trying to do is a dumb thing.  We've suggested alternatives.  End of story.
 * RoyK accepts the apology and moves on to something a bit more interesting
<RoyK> like washing clothes
<twb> There are for-profit companies that will provide more help; we're volunteers
<taipres> twb you suggested yet another ftp server
<taipres> just like some other guy did when i first came in here
<taipres> i'm tired of new ftp servers, just admit you don't know how to add users to this one
<taipres> and stop acting like you holdin back the answer
<twb> SFTP is not FTP
<taipres> does same thing
<taipres> with "encryption" ooOOooo
<twb> Plonk.
<taipres> you realize probably 99% of forums in the world take your login credentials in plain text?
<taipres> lot of mail servers do too, as do IRC
<taipres> it's an unsecure internet my friend
<RoyK> taipres: FTP over SSH
<RoyK> taipres: stop it, please
<taipres> yes ftp with encryption, as I said
<taipres> nothing magical about it
<taipres> I want standard, FTP
<RoyK> and you're quite insane...
<taipres> why? someone gonna see me upload some css files?
<RoyK> taipres: call some contractor, and they will probably help you without questioning your sanity
<taipres> lol, they see those anyway when they visit my ste :P
<RoyK> taipres: as the root account???
<taipres> RoyK I shutdown the ftp server when im done
 * RoyK REALLY goes to do the laundry
<taipres> if anything my normal FTP server would be more secure than most other FTP servers out there
<taipres> simply because of the short windows its being ran
<taipres> do I see anyone saying, wow he's right, what a great idea
<taipres> no
<taipres> just no encryption, hes using root, let me freak out
<leonard__> Hello , How can I see/browse/navigate groups and users that I have on my Ubuntu server  12.04 using terminal? Thakns
<leonard__> I mean is there any "ls" command that browse groups? then "ls" that browse users inside of each group?
<leonard__> of course using terminal
<patdk-lap> getent
<Pici> leonard__: man groups, also take a look at getent
<leonard__> ok thanks
<uvirtbot> New bug: #1012649 in puppet (main) "package puppet-common 2.7.11-1ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/1012649
<zul> bdmurray: can you review nova sru when you get a chance? thanks
<Jak2000> if i type: apt-get install mysql-server (this install mysql server version 5.5  but exist a new version: 5.5.25 how to install the new version?
<TheLordOfTime> .
<TheLordOfTime> whoops
<rbasak> Jak2000: Ubuntu 12.04 has updates upto mysql 5.5.24. If you want 5.5.25 then you'll need to install from a third party source.
<rbasak> (or from the development version)
<resno> so, im considering getting a used sas card and going to sata or getting a pci-sata card. whats the diff?
<resno> any advanatage?
<tash> I need to be able to read an ext4 drive from Windows Server 2008.  Does anyone know how to do that?
<resno> i dont think you can tash
<tash> damn
<resno> im not 100% sure
<patdk-wk> you can read ext2, therefor ext3
<patdk-wk> but if you use ext4 extents, then no
<tash> I need to get all data off this external ext4 drive and onto this server 2008 box
<resno> patdk-wk: are ext2 and 3 that similar?
<patdk-wk> ext3 just adds a log
<patdk-wk> log/journal
<resno> tash: maybe this willhelp http://www.ubuntugeek.com/how-to-read-ext3ext4-linux-partition-from-windows-7.html
<tash> I've tried mounting the windows share on 1 ubuntu server, then mounting the usb drive on another ubuntu server and rsyncing bu the rsync just acts weird.
<resno> tash: i dont know anything aboutthe utility other then a quikc google search
<resno> RoyK: ping
<ScottK> tash: Boot the server from a Linux live CD and copy from ext4 to NTFS using Linux.
<uvirtbot> New bug: #1007743 in mysql-5.1 (main) "package mysql-server-5.1 5.1.62-0ubuntu0.11.04.1 failed to install/upgrade: subproces installed post-installation script gaf een foutwaarde 1 terug" [Undecided,Invalid] https://launchpad.net/bugs/1007743
<AceFace1> hello all!
<uvirtbot> New bug: #1012771 in nmap (main) "Icon is in the wrong place after install." [Undecided,New] https://launchpad.net/bugs/1012771
<tash> does anyone know where samba stores its list of users?
<WeissLehrer> hey, I use my server as a router
<WeissLehrer> when the isp change de ip, i need to make sure the server restart it
<WeissLehrer> i have no idea how to do it
<sergevn> dhcp?
<sergevn> (client)
<tash> pdbedit -a -u <username> isn't working for me to add a user to the samba database
<WeissLehrer> yes
<tash> it prompts for password and when I type and confirm it, just says it Failed to add entry for user <username>
<tash> any thoughts?
<WeissLehrer> i need to renovate the ip address offered by isp's dhcp
<WeissLehrer> automatically
<WeissLehrer> so angry coworkers wont forcelly restart the server when the internet is not working in the morning
<WeissLehrer> for some reason the computer is not requesting a new ip when the current is invalid...
<slank> anyone up for a 'juju debug-hooks' question? My environment doesn't seem to be set up correctly.
<zul> bdmurray: ping
<RoyK> resno: pong?
<resno> RoyK: oh, question. going sas -> sata vs sata pci card. any big diff?
<resno> RoyK: you told about going lsi sas before, and im just curious in comparions
<patdk-wk> you can't
<patdk-wk> you can't plug sas drives into sata
<patdk-wk> sas and sata dont talk the same language
<RoyK> patdk-wk: erm... sata drives work perfectly on sas controllers, just not the other way around
 * RoyK has some 250 2TB SATA drives on SAS controllers/SAS expanders
<patdk-wk> royk, only if the sas controller supports sata, but ya, most do :)
<RoyK> patdk-wk: they do by definition
<patdk-wk> but then the sas controller isn't talking sas, it's talking sata
<RoyK> patdk-wk: SATA is a subset of SAS
<patdk-wk> you mean, stp is a subset of sas
<patdk-wk> sata-tunnelling-protocol
<RoyK> maybe... I was just told sata was a subset of sas, and I've never ever seen any sas controller not supporting sata
<patdk-wk> sas runs at double the voltage, double the cable lengths
<RoyK> ok
 * RoyK confesses he doesn't know shit about L1 on those
<resno> sas with a sata connetor - to four sata drives
<resno> or pci to sata card
 * resno refines his question
<RoyK> resno: what board?
<patdk-wk> sff8087?
<RoyK> that's the connector, I guess
<patdk-wk> if your going, sff8087 to 4 sata disks, it should work fine
<resno> something likethis http://www.newegg.com/Product/Product.aspx?Item=N82E16815256005
<resno> found quickly on newegg
<patdk-wk> going from a sas drive, to that, won't work
<resno> no sas drive
<patdk-wk> what is on the other end?
<resno> sata drives
<patdk-wk> well, sata to sata will work
<resno> so either sas card to sata or pci sata card ( like what i linked) to sata
<RoyK> resno: that's not a sas controller - what sas controller were you talking about?
<resno> sas card with a sas to sata cable/dongle thing
<resno> RoyK: nothing specially yet, looking at lsi 3 gblikely
<resno> specifically
<resno> i couldnt find anything stating benefits of one overthe other
<RoyK> resno: I know LSI 92xx works well with SATA both direct-connect and on supermicro's (that is, LSI's) SAS expanders
<RoyK> just don't use WD drives on those expanders
<patdk-wk> there are no real benifits of one vs the other
<patdk-wk> cause your still using sata on both
<patdk-wk> now if 16x drives per card is a benifit
<RoyK> patdk-wk: using direct attach with 80 drives will be quite a mess ;)
<patdk-wk> I dunno he spec'd 80 drives
<patdk-wk> considering he is talking about a 2 port pcie card
 * RoyK was just referring to his own setups
<resno> yea, its not anything major yet.
<resno> im having someissues with speed, and im setting up a new server to help.
<RoyK> resno: for anything < 16 drives (or so), just use direct attach
<resno> s/help/replace/
<RoyK> for a large setup, use something like LSI's SAS expanders, as found in supermicro machines
<RoyK> several others have similar hardware
<resno> RoyK: with that many drives do you use like raid10?
<resno> or multiple raids
<patdk-wk> that all depends on what you need
<patdk-wk> but normally it's raid10, or raid6 with like 10-20 disks per set
<RoyK> resno: one box is striped mirrors, 38 mirrors (IIRC) - this is a high-traffic fileserver, that's got a backup box with four large raidz3 VDEVs, slow on writes, but hell, it's a backup. the last two others are using 7-drive raidz2-VDEVs (backup target)
<resno> that just blows my mind
<RoyK> :D
<RoyK> ZFS FTW!
<resno> but it doesnt work on ubunturight?
<RoyK> no
<resno> its an bsd thang
<RoyK> openindiana
<RoyK> which is a solaris thing
<resno> ah, you're a openindiana guy
 * RoyK is
<marut> http://zfsonlinux.org/
<RoyK> yeah, but who dares run that in production?
<resno> ive read its not really solid on linux yet
<zul> bdmurray: ping
<resno> seems to be indevelopment on ubuntu, but same end effect
<Daviey> bdmurray: How are the openstack SRU's looking?
<RoyK> resno: with half a petabyte of storage, you don't want to think it might be somewhat stable...
<resno> someone might just be a little angry
<RoyK> :D
<resno> i didnt know they made sas drives
<resno> i figured sas was a method to connect to backplanes, etc
<RoyK> resno: it's a very nice method for connecting drives to more backplanes ;)
<RoyK> sata can only connect to a single controller
<patdk-wk> sas is also nice, cause it's bi-directional
<resno> well thanks RoyK and patdk-wk learned a bit more
<RoyK> patdk-wk: bi-directional how?
<patdk-wk> sata goes 3g or 6g, one way at a time
<patdk-wk> sas goes both ways at the same time
<RoyK> erm, so sata is half duplex and sas is full?
<patdk-wk> yep
 * RoyK didn't know
<resno> with sas do you use scsi drives?
<patdk-wk> you use sas disks
<RoyK> no, sas drivers
<patdk-wk> sas talks scsi
<RoyK> erm, sas drives :)
<patdk-wk> sata talks ata
<resno> oh, i was lookingon newegg didnt see sas drives
<RoyK> the signalling is SCSI
<patdk-wk> look under enterprise disks maybe :)
<RoyK> resno: it works with SATA drives too
<RoyK> but if you're using enterprise drives, SAS drives cost about the same as enterprise SATA drives
<RoyK> which cost about the double as SATA desktop drives
<resno> uhm hmm
<resno> verypricey indeed
<RoyK> yes, but you get what you're paying for. I talked to this ex-sun^Woracle employee and he said they had ran tests on thousands of SATA drives in large setups and he never wanted to touch it again. with SAS it just worked. With SATA there was all sorts of timing (and other) issues
<esuave> question.. so i updated /etc/resolv.conf and i cannot still ping DNS names
<esuave> such as google etc..
<RoyK> esuave: pastebin current /etc/resolv.conf (it might be updated automatically)
<esuave> well the odd thing is.. after i did the ubuntu install, there was no resolv.conf
<esuave> i had to create one
<RoyK> static ip?
<RoyK> set in /etc/network/interfaces?
<esuave> basically all i have in there is : search domain.com and nameserver 1.1.1.1... <-- example.. not real ips
<esuave> yeah static IP
<patdk-wk> esuave, what version of ubuntu?
<esuave> 10.04
<RoyK> esuave: add 'dns-nameservers x.y.z.Ã¦' in the iface eth0 block
<RoyK> (or whatever nic you use)
<esuave> ok
<RoyK> and possibly dns-search my.tld
<esuave> yeah still didnt work..
<esuave> i think i might know the issue though
<esuave> a nslookup shows a refused to my DNS server
<RoyK> esuave: restart networking after that
<esuave> RoyK: i did
<RoyK> esuave: was /etc/resolv.conf updated?
<esuave> it still looks the same from what i set before
<esuave> ah yeah i found the issue.. my DNS server was not allowing lookups
<esuave> for that specific server
<esuave> sorry guys, thanks for the helpz though
<esuave> :D
<adam_g> zul: https://jenkins.qa.ubuntu.com/view/Openstack%20Testing/view/Openstack%20Precise/view/Overview/job/precise-openstack-essex-proposed-deploy/
<adam_g> and https://jenkins.qa.ubuntu.com/view/Openstack%20Testing/view/Openstack%20Precise/view/Overview/job/precise-openstack-essex-test/567/console
<zul> sweet whats this?
<adam_g> zul: theres some coverage of whats made it to -proposed so far (keystone and glance)
<zul> adam_g: yeah still waiting for nova
<adam_g> zul: its the same deploy and tests we normally do but installed directly from precise-proposed
<zul> adam_g: muhahaha..
<esuave> how can i do a package upgrade from 10.04.3 to 10.04.4?
<henkjan> apt-get update && apt-get dist-upgrade
<esuave> thanks henkjan
<Jak2000> wich is the name of the release: http://pastebin.com/sGckmGXY
<DDemon> I seem to be having a problem with my ubuntu server, were the load should be 0.00 it will be 0.5 at least, sometimes spiking to 1. CPU use is 0 and mem use is 8%, there is also little I/O activety, this started today after a reboot (upon ssh login it mentioned it needed a reboot). Does anyone have any idea what this issue might be?
<uvirtbot> New bug: #1012854 in cloud-init "cloud-config should support simple file writing" [Low,Triaged] https://launchpad.net/bugs/1012854
<Jak2000> http://pastebin.com/YNx7rX3j   apt-get install -t <name of release>    wich is the name of the release ?
<zul> bdmurray: ping
<IdleOne> !guidelines > RoyK
<ubottu> RoyK, please see my private message
<IdleOne> !coc > RoyK
<IdleOne> there are the rules
<RoyK> IdleOne: I know the rules, but since you threaten to ban me from the channel because of swearing, I need to know which words or phrases are banned, since there is no clear distinction between a power expression and swearing in the English language, this distinction is by definition a cultural thing
<RoyK> IdleOne: and since you obviously have a regex looking for "bad" words in here, could you please post that somewhere so that we could have the openness in the rules, as well as the ubuntu source code?
<RoyK> IdleOne: this would be much appreciated
<IdleOne> RoyK: You are acting like this is the first time you get warned about your use of bad language. You will not be getting anymore warnings.
<RoyK> IdleOne: why can't you just give me (or us) that regex? is it a secret?
<ikonia> RoyK: please join us in #ubuntu-ops for a moment please.
<patdk-wk> hmm, coc says nothing about use of bad words
<patdk-wk> as long as your not using it to be disrespectful of someone or their work
<IdleOne> the guidelines do
<patdk-wk> I can't locate the guide lines, via ubuntu webpage about irc support
<IdleOne> !guidelines
<ubottu> The guidelines for using the Ubuntu channels can be found here: http://wiki.ubuntu.com/IRC/Guidelines
<patdk-wk> maybe that should be linked somewhere? so it can actually be located?
<jmarsden|work> patdk-wk: You mean somewhere like in the /topic of the channel? It is there :)
<Myrtti> patdk-wk: it is linked in the entrymsg that chanserv sends when you join the channel
<Myrtti> also in the topic
 * IdleOne orders a flashing neon sign. 
<IdleOne> 40' tall should be enough?
<IdleOne> I apologize for being sarcastic
<patdk-wk> so they are in the TOS guide, but even the tos guide isn't linked to the ubuntu irc web page
<fraterm> Someone fall into the sarchasm?
 * ScottK can't figure out what the fuss was about.
<utlemming> FYI -- us-east-1's EC2 mirror is now using S3. If you encounter any problems, please see https://lists.ubuntu.com/archives/ubuntu-cloud-announce/2012-April/000025.html
<leojrfs> hi, what file system do you recomend for a raid5 nas?
<patdk-lap> leojrfs, any
<leojrfs> patdk-lap: my problem is that it is a raid5 with 3 disk
<leojrfs> and another 2 are coming next month
<patdk-lap> I don't see the *problem*
<leojrfs> so i will have to grow the partition
<leojrfs> with xfs
<leojrfs> i only do a md0
<patdk-lap> why with xfs?
<patdk-lap> you can grow anything
<leojrfs> and then i add an device to array
<leojrfs> and do xfs_grow
<patdk-lap> xfs, ext2/3/4, ntfs, fat32, ...
<leojrfs> with ext4, i do not know how to do the same
<leojrfs> some say i have to use lvm
<patdk-lap> resizefs
<patdk-lap> lvm just adds another layer on top of things, to get in the way
<patdk-lap> lvm has nothing at all to do with this
<leojrfs> thats why i dont get why to put lvm on top of it
<leojrfs> sure
<patdk-lap> don't use lvm
<leojrfs> let me explain de full situation
<patdk-lap> if you don't want to use lvm, don't use it, that simple :)
<leojrfs> i have 1 disk for the OS
<leojrfs> ubuntu LTS
<leojrfs> i whant to use the other 3 disks  (+2), to make an /Data
<leojrfs> and symlink of /home
<leojrfs> thats it
<patdk-lap> well, use whatever filesystem you think would be best for your *data*
<uvirtbot> New bug: #1012911 in libcommons-cli-java (main) "package libcommons-cli-java (not installed) failed to install/upgrade: ErrorMessage: cannot access archive: No such file or directory" [Undecided,New] https://launchpad.net/bugs/1012911
<patdk-lap> be it, xfs, ext2/3/4
<leojrfs> patdk-lap: ok, i want to use ext4 then (performance =D), how simple will it be growing the partition comparing to xfs_grow?
<leojrfs> xfs_grow just grows the partition to the max unalocated space avalable
<patdk-lap> same for ext4
<patdk-lap> just as easy to shrink it also
<patdk-lap> though, you can grow while using the it, but you can't shrink it while using it
<leojrfs> xfs cant shrink thats the problem
<leojrfs> so
<leojrfs> i just mkfs.ext4 on my /dev/md0
<leojrfs> and do my stuff
<leojrfs> no lvm on the mux
<leojrfs> mix
<patdk-lap> sure
<patdk-lap> if you wanted to *partition* it, then you would mix in lvm
<leojrfs> thats the only case to use lvm then?
<patdk-lap> no
<leojrfs> i dont get why ppl always recomend lvm
<leojrfs> xD
<patdk-lap> if you wanted to do snapshots
<patdk-lap> or do some other things
<patdk-lap> I used lvm for my iscsi system
<patdk-lap> to dynamically allocate luns of various sizes
<patdk-lap> but I firmly believe lvm gets in the way, more than it helps
<patdk-lap> but there are many places where it helps good, and many places where it's a pain
#ubuntu-server 2012-06-14
<leojrfs> patdk-lap: hmm, ok
<leojrfs> patdk-lap: in my case its a simple 5x2TB NAS
<patdk-lap> in you case, unless you have a use for lvm, I wouldn't bother
<leojrfs> i wanted to use raid6 but im using mdamd and the speed will be a pain
<patdk-lap> you need to make accurate point in time backups? with degraded performance during the backup?
<patdk-lap> hmm, raid6 wouldn't be a pain
<patdk-lap> unless your doing this on like an atom cpu
<jcastro> utlemming: syndicated
<jcastro> utlemming: hey are you carrying precise-security too?
<leojrfs> patdk-lap: nope, just simple uploads and downloads not frequent (3/4 clients only), transmission torrent service, samba
<leojrfs> yeah
<leojrfs> im doing it on a amd e-350
<leojrfs> xD
<leojrfs> low power FTW
<patdk-lap> transmission will rape that poor raid5/6
<leojrfs> with all 5 disks it was getting 90W max
<leojrfs> patdk-lap: but there's no alternative
<patdk-lap> give it lots of ram :)
<leojrfs> 4GB
<patdk-lap> any torrent program, will rape disks
<leojrfs> DDR3
<patdk-lap> you gave transmission 4gigs?
<leojrfs> patdk-lap: i didnt understand
<leojrfs> 4GB DDR3
<leojrfs> im talking about ram
<patdk-lap> I don't understand what talking about how much ram you have, has to do with how much ram you gave transmission
<leojrfs> i dont understand giving ram to transmission =P
<patdk-lap> "cache-size-mb"
<leojrfs> ah, i dont know, i didnt modified that field in my last config
<leojrfs> patdk-lap: now that we are talking about that, how much do u recomend?
<leojrfs> i have 4gb as i said
<nineteen67comet> Hello .. I'm a long time Ubuntu Server user (since around 2005'ish) .. but I've never attempted LVM before. Right now I've got three hard drives (40, 60 & 80 gig). I would like the base OS to run off the 40 and my /var/www be loaded onto an LVM of the 60 and 80 gig hard drives .. is this possible?
<patdk-lap> nineteen67comet, anything is possible
<patdk-lap> but do you really want to do that? if one disk fails, you loose it all
<nineteen67comet> patdk-lap: is there a way to raid the 60 and 80 (mirror) since they are different sizes?
<patdk-lap> sure
<leojrfs> raid6
<leojrfs> or
<leojrfs> raid5 with the 80 drive using a 60gb partition
<patdk-lap> if you raid different sizes, you just get the smaller size
<patdk-lap> leojrfs, no, raid1
<nineteen67comet> Raid1 is the mirror raid with 2 hdd's .. I'll get to googling .
<leojrfs> raid1 he will be using only 60gb of the 60 and 80 drives all together
<patdk-lap> leojrfs, and what do you think a raid5 of the 80 and 60 will do? the same thing, but SLOWER
<nineteen67comet> I assumed I'll mirror the smaller of the two since the other way around would cause some "issues" lol
<nineteen67comet> I'm digging around the BIOS to see if it'll raid via that route ..
<patdk-lap> I wouldn't
<patdk-lap> the bios raid, is still software based
<patdk-lap> unless you have a real raid card, and I doubt that
<nineteen67comet> It's an older Dell Xeon processor machine a drafting company used to use .. (it's pretty old though) ..
<nineteen67comet> Had a Zip in it when I got it .. lol
<patdk-lap> I would say, no, and no
<leojrfs> patdk-lap: well, ur right =P
<patdk-lap> it won't support anything
<patdk-lap> unless those happen to be scsi disks :)
<nineteen67comet> grin .. I wish
<leojrfs> patdk-lap: raid5 will end up with 60gb anyways
<patdk-lap> leojrfs, yes, with the overhead of calculating the parity info, and decoding the parity info on disk failure
<patdk-lap> where raid1 has no overhead
<patdk-lap> and you can split the reads over both disks, and you can't with raid5
<nineteen67comet> Might just dedicate the 80 gig to my sites, and the 60 gig to all the others (I tend to load mine up with junk faster)
<args[0]> hi
<leojrfs> well
<leojrfs> patdk-lap: tnks
<leojrfs> u were very helpfull
<leojrfs> go to go, bb
<skorv> hi... maybe you can help me...
<patdk-lap> no
<patdk-lap> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<skorv> i host 2 webservers in my server farm and i want www to go to webserver1 and subdomain to go to webserver2
<skorv> how do i do that?
<skorv> router nat forwards 80 and 443 to webserver1... how do i make it forward subdomain to webserver2 is what i'm after
<uvirtbot> New bug: #1012921 in bind9 (main) "package bind9 1:9.8.1.dfsg.P1-4ubuntu0.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1012921
<leojrfs> padk-lap, still there?
<leojrfs> what options to mount the ext4 fs on the raid5 setup do you recommend?
<patdk-lap> mount options? whatever you would normally use
<patdk-lap> there is no different mount options
<leojrfs> i normally do the raid setup and partition on the installation, so its all auto
<leojrfs> i never realize
<leojrfs> what options are default
<oddshocks> Hey there, we have a headless server and no way of seeing any output (we do have a keyboard). After a hard reset, we found that we were no longer able to SSH into the box. We did not change any system stuff at all since the last boot. We are getting refusals on ssh, http, telnet, but pings are successful. Any ideas?
<oddshocks> We thought it could be an IP conflict, so we gave it a new IP, no luck.
<twb> Go get a monitor
<qman__> probably stuck at fsck or similar
<qman__> when my file server is doing its three hour fsck, it's in that state
<oddshocks> qman__: Ahhhh, that could be it! We didn't even think of that. What keyboard stroke would cancel the fsck at startup?
<oddshocks> twb: It's on its way, two more days ;)
<qman__> none that I'm aware
<qman__> if you have no disk activity, that means there was some kind of error
<qman__> if you do have disk activity, let it go until you don't anymore
<cwillu_at_work> oddshocks, you can't steal a monitor from... any other computer in the city? :p
<twb> oddshocks: IME you cannot fix fsck in 10.04 without a live CD
<twb> cwillu_at_work: he might be in a national park
<cwillu_at_work> twb, that's a 3 day drive from anything else?
<twb> cwillu_at_work: I had that problem once :-/  Stupid on-site rent-a-engineers
<twb> cwillu_at_work: well he was in Kakadu.  It's a big park.
<twb> 20kmÂ²
<cwillu_at_work> it takes 3 days to travel across something 20kmÂ²?
<oddshocks> Yeah, I'm sorry we're killing you guys here. We really should have a monitor. This is just a crappy box that we've been playing with. The disk activity light doesn't even work. And we have 11.10 for the record.
<twb> So I guess if you were doing 100kmph (which is unrealistic in bush) you would be out in a day
<cwillu_at_work> oddshocks, it could be anything from a bios prompt to a kernel panic
<oddshocks> We're just gonna let it run for a while and see if anything sorts itself out. I appreciate the help!
<cwillu_at_work> oddshocks, probably worth configuring a serial console in the future
<cwillu_at_work> then you can just hook a laptop up with a 5$ serial-usb cable to investigate
<oddshocks> cwillu_at_work: Got it. And good advice. We're going to see if we can steal a monitor from somewhere, like you suggested
<arooni-mobile> i'm trying to use curl to download a bunch of pdfs from getabstract.com before my subscriptoin ends.  apparently cookies are used to auth sessions.  i've got curl hooked up with cookies; but when i try to curl a pdf i see: "There is no getAbstract summary for this title. For available summaries, please browse the categories on the right or enter a key word in the search engine."  which is baloney because i can paste that same url into my br
<arooni-mobile> owser window and it'll download just fine.  what gives?
<blendedbychris> if i have an interface that is using NAT to end up with a public ip address do i need to/can i declare the public ip as an alias? ie eth0:1
<twb> interfaces do not have aliases.
<twb> Stop using ifconfig.
<blendedbychris> virtual interface?
<twb> cwillu_at_work: good idea re serial cable
<soren> The problem with serial cables is that they need to be connected when the problem occurs. You can't scroll up to see the kernel panic that caused the server to die.
<twb> soren: ah, well, then you want serial to UDP
<twb> modprobe netconsole blah blah
<twb> ...of which I am a Big Fan although I haven't used it recently
<lynxman> morning o/
<freesbie_> hey, anyone having problems with the latest kernel package ? im getting 'linux-image-3.2.0-25-generic' is missing final newline
<twb> freesbie_: uh, context?
<freesbie_> sorry, Ã¡when im tring to remove it again
<freesbie_> it couldnt load ext2 module, so i had to rollback
<freesbie_> the .list files in /var/lib/dpkg/ was garbage for linux-image and linux-headers
<freesbie_> had to copy from another machine, really strange
<twb> You should not be poking in /var/lib/dpkg unless you know what you're doing.
<freesbie_> the .list file had 1 line with ^@ only ..
<twb> That sounds like your HDD or filesystem is trashed
<freesbie_> turns out the original .deb file from the de. repo was broken but still installed
<freesbie_> well, we did resize the qcow2 image, havent resized the lv in the volumegroup yet, but that might be the reason
<freesbie_> luckily this wasnt a machine in production yet
<freesbie_> ok, so you shouldnt resize a qcow2 image of a running machine :)
<twb> resize it how?
<twb> using qemu-img ?
<freesbie_> yeah, just a qemu-img resize file +XG
<twb> Hum.  I'd have thought that would work, but the guest OS would not notice the resize until a restart
<twb> I've never tried it myself
<freesbie_> exactly, actually had to do a cold boot before pvdisplay showed the new size
<twb> That part I expect
<uvirtbot> New bug: #480530 in bacula (main) "package bacula-director-mysql 2.4.4-1ubuntu9 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 (dup-of: 321091)" [Undecided,New] https://launchpad.net/bugs/480530
<uvirtbot> New bug: #508371 in bacula (main) "bacula does not create database (dup-of: 321091)" [Undecided,New] https://launchpad.net/bugs/508371
<uvirtbot> New bug: #991808 in bacula (main) "package bacula-director-mysql 5.2.5-0ubuntu6 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 (dup-of: 321091)" [Low,Incomplete] https://launchpad.net/bugs/991808
<WeissLehrer> for some reason the dhclient is not asking for a new ip after lease... any idea?
<twb> Define "after lease"
<RoyK> WeissLehrer: it should ask for a renew after (what?) half the least time has elapsed
<rbasak> Zero new/undecided bugs?
 * rbasak wonders if there's something wrong with the report
<uvirtbot> New bug: #969088 in keystone "Role conflict when importing nova auth" [Undecided,In progress] https://launchpad.net/bugs/969088
<tol> hey guys, is it possible to wake up a server behind router/NAT with wakeonlan and port forwarding?
<ikonia> tol: as long as the magic packet is forwarded, sure
<tol> ikonia: i've tried with multiple ports but my server dont want to wake up. btw from internal lan its working perfectly
<tol> ikonia: i think my server doesn't like me. My desktop boots when i wake it from WAN but my server does not :/
<railsraider> anyone knows how to add nf_conntrack_udp to 10.04?
<patdk-lap> you can't, it doesn't exist
<chmac> Any idea if nullmailer listens on port 25? It doesn't seem to on my system, but I'm not sure if it's a firewall / other issue or not.
<ikonia> chmac: telnet locally, test it
<chmac> ikonia: Doesn't appear to work, but `service status nullmailer` suggest it's running, hence my question.
<chmac> It may be just a sendmail replacement, without the ability to receive mail via SMTP
<chmac> Documentation is a little thin though, couldn't find an obvious answer there.
<ikonia> chmac: use netstat to see if it's listening
<ikonia> chmac: do you actually know what it is/does ?
<ikonia> chmac: did you install it ?
<chmac> ikonia: Yes, I mostly understand it's function, and I did install it.
<ikonia> chmac: what is it's function
<chmac> ikonia: It's a very lightweight mailer that forwards all system mail to a remote "smart relay" in postfix terms. Avoids having to install the likes of postfix just to get mail delivered from the system to a remote SMTP server.
<chmac> ikonia: I figured it accepted mail by SMTP, but apparently it only does so via the sendmail command.
<chmac> I'll probably have to install postfix instead, as on our other servers, we send mail to localhost:25 from a few places.
<ikonia> chmac: sounds like it should be listening on 25
<ikonia> chmac: check with netstat if anything is listening on 25
<chmac> ikonia: I'm pretty sure it's not, `sudo ufw disable && telnet localhost 25` throws an error.
<chmac> ikonia: How do I check with netstat?
<ikonia> chmac: netstat -a | grep LIST
<ikonia> see if anything is listening on 25
<ikonia> chmac: if it's a mail relay it will need to be listening on 25
<chmac> ikonia: Nope, nothing listening on 25.
<chmac> This is nullmailer, a sendmail/qmail/etc replacement MTA for hosts which relay to a fixed set of smart relays.
<chmac> ikonia: Anyway, I'll get round to resolving that issue another day, thanks for your input, I appreciate it.
<ikonia> chmac: no problem, sounds like it's not running if it's not listening on 25
<ikonia> chmac: does ps show it running as a process
<chmac> ikonia: Yeah, it's running, so `echo "blah" | sendmail chmac` works, I receive the mail
<WeissLehrer> there is something wrong with my dhclient, /var/lib/dhcp3/ does not exist tought it seems to be using that path to the leases file
<WeissLehrer> so the client dont ask for a new ip after the lease
<hallyn> zul: smoser: kirkland: any interest at all in looking over a debdiff to merge debian experimental's qemu-kvm-1.1 package to quantal?
<hallyn> it's working on basic things.  I'll run testsuite, and probably push it tonight
<hallyn> oh, hm, i guess i need to check that it doesn't break qemu-linaro too
<zul> hallyn: whats so experimental about it?
<hallyn> uh, it's from "debian experimental"
<zul> is there like a changelog i can look at
<hallyn> there's a whole debdiff!  with changelog at the top
<hallyn> http://people.canonical.com/~serge/exp.to.q.debdiff.6
<uvirtbot> New bug: #969545 in nova/essex "missing quotas on security group rules" [High,Fix committed] https://launchpad.net/bugs/969545
<zul> uvirtbot: i dont have a problem with it
<uvirtbot> zul: Error: "i" is not a valid command.
<zul> hallyn: i dont have a problem with it
<Amina> Hi, I have /proc/sys/net/ipv6/all/forwarding set to 1, but IPv6 routing still doesn't work. Any idea about reason (IPv4 routing works fine)
<uvirtbot> New bug: #1013221 in samba (main) "package winbind 2:3.6.3-2ubuntu2.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 (dup-of: 1009747)" [Undecided,New] https://launchpad.net/bugs/1013221
<hallyn> zul: awesome, thanks for looking
<nullm0dem> Having some issues with dpkg. I am familiar with basic apt use but this sitution alittle over my head. I was told to fix an instance of ubuntu server running as a guest in xen. It is configured to boot a rhel xen kernel. I found the machine unable to update with a dpkg --configure -a messag. anyone available to help?
<smoser> hallyn, thanks for taking the time to do a good job on the changelog
<smoser> hallyn, so we're trying to get back to using debian package, right? as opposed to kind of having our own ? (well, debian package and delta necessary)
<hallyn> right
<hallyn> want to at least share source.  i will open a bug with debian for each patch we still carry
<hallyn> note, i realize i inapproriately split some work between debian/rules and debian/*.links etc
<hallyn> (bbl)
<RixiM> I am just learning about ubuntu cloud infrastructure and I am trying to understand where the redundancy is in the system... does it make sense to mirror drives in the nodes or do the nodes provide redundancy?
<RixiM> Also, if I want something like software raid in used in mysql nodes, do I define that in my own mysql juju?
<RixiM> errr
<RixiM> charm.
<claude2> hey hey everyone
<claude2> anyone have any tips on how to troubleshoot a diskless pxeboot setup?
<claude2> my client is getting an ip, and getting the initrd from tftp
<claude2> but when it tries to nfs mount the root, i get an error
<claude2> VFS: cannot open root device "(null)"
<saveme> Anyone experienced with ddrescue? I started this 2h ago, and its been stuck on "splitting failing blocks" ever since. With 0 succesful reads
<patdk-wk> it can't read
<patdk-wk> and you probably have it set for infinite retries
<patdk-wk> oh he left
<koolhead17> zul, hello thetre
<zul> koolhead17: hi
<koolhead17> zul, you got anything for me? i should test
<zul> koolhead17: nope
<Captain_Proton> anyone work with danguardian. I trying to  Time limiting  to keep my kids off youtube all day. Do I create a page the time limits and create a page for the site? or something else. I have looked at there wiki and have not found anything
<Captain_Proton> Thanks anyway. I will check in ubuntu
<bdmurray> zul: are your or your team planning on doing the verification of the nova SRUs?  I find some of the test cases to be less verbose than I'd like.
<zul> bdmurray: yep we have a whole lab dedicated to it :)
<bdmurray> zul: and bug 997014 has a test case of None?
<uvirtbot> Launchpad bug 997014 in nova "[SRU] Memory is not correctly computed for Xen+libvirt" [Undecided,In progress] https://launchpad.net/bugs/997014
<zul> bdmurray: yes because we dont support it currently
<bdmurray> that would be useful information to have had in the bug
<zul> bdmurray: sorry will do it for next time
<bdmurray> bug 975043 is missing a test case
<uvirtbot> Launchpad bug 975043 in nova "[SRU] Cloudpipe VPN instance can loose connectivity after starting openvpn" [Undecided,In progress] https://launchpad.net/bugs/975043
<bdmurray> zul: ^
<zul> bdmurray: we have no way of testing that internally should i update that bug?
<bdmurray> zul: well it currently looks like the test case section was just forgotten / neglected
<bdmurray> zul: so yes please
<zul> bdmurray: ack
<zul> bdmurray: updated
<okwa> hi
<okwa> im the first time messing around with chroot
<okwa> host: xubuntu precise           target: ubuntu minimal precise
<okwa> im entering the chroot via schroot
<okwa> i managed to install firefox and im able to run it
<okwa> but when i run it out of the chroot
<okwa> i can see the history of the hostsystems firefox and i can even brows in the downloads folder of the host
<okwa> whats wrong here?  can anybody help me?
<smoser> ok.
<smoser> stupid question
<smoser> 'aptitude update' is that going to basically be the same as 'apt-get update'?
<LordOfTime> smoser: slightly different but the end result is the same
<smoser> by the same, i'm specifically wondering if it will respect 'Acquire::http::Pipeline-Depth' from apt.conf
<okwa> anyone?
<smoser> http://code.google.com/p/chromium/issues/detail?id=38608 seems to imply that aptitude will respect that setting (comment 8)
<smoser> okwa, 1 of 2 things is happening
<smoser> a.) $HOME is being put into the chroot by schroot for you as a convenience.
<smoser> b.) when you run firefox in the chroot, you already have a running firefox.
<okwa> b
<smoser>   instead of running a new copy, it asks a currently running copy to create a new window.
<smoser> you can tell firefox not to do that with 'firefox --no-remote'
<okwa> so there is still somehow a connection from chroot to host?
<patdk-wk> chroot only limits diskspace, not shared ram, or other things
<okwa> ah
<okwa> is my encryption passphrase, user pwd   ect    readable in the ram?
<patdk-wk> it has to be made available :) not just anything in ram is accessable
<patdk-wk> but chroot doesn't limit it, anymore than a normal program would have access to it
<smoser> okwa, well, the connection is done likely through unix socket. i'm not sure how it works exactly.
<okwa> firefox --no-remote   gives back        (process:26542): Gtk-WARNING **: Locale not supported by C library. 	Using the fallback 'C' locale.
<okwa> so chroot is really nothing for security...
<okwa> virtualbox  eats processor
<patdk-wk> chroot secures access to disk
<patdk-wk> if you want to make sure it doesn't access anything ondisk outside of x, then it's fine
<patdk-wk> but no, it's not a replacement for like, lxc or vm's
<nullm0dem> okwa If you had a powerfull enough machine you could use a xen instance for each application, build a minimal guest for each.
<okwa> i have a powerfull machine
 * patdk-wk does this
<smoser> patdk-wk, well, it also limits filesystem access.
<smoser> not "just disksapce"
<patdk-wk> well ya, vfs access :)
<patdk-wk> hmm, my firefox has some 20+ unix sockets open
<okwa> the possibillities are        chroot,lxc, like, virtualbox, Xen
<okwa> here is a pentium 5   2.7gHz quadcore  4gb ram    intel grafics
<okwa> patdk-wk:  what do you think? Xen?
<patdk-wk> well, xen would do it, without too much overhead, if using paravirt mode
<patdk-wk> issue is, keeping it updated
<patdk-wk> I haven't used lxc myself yet
<patdk-wk> what is the use-case of this?
<patdk-wk> doing something like, vmware view?
<okwa> i want something to be able to use securely unsecure software
<patdk-wk> that is very broad
<patdk-wk> the only way to do that, install it on a server, and put that server in a vault, with no power or network access
<zul> hggdh: ping again
<hggdh> zul: pong again
<okwa> .)
<zul> hggdh: hey are we doing any testing with piuparts?
<hggdh> zul: not to my knowledge
<zul> hggdh: ok....what scripts do we use for packaging automated installation testing
<okwa> thx   kisses
<hggdh> zul: I guess (if I understood you) you are talking about the USIT
<zul> usit? linky link?
<hggdh> zul: bzr+ssh://bazaar.launchpad.net/%2Bbranch/ubuntu-server-iso-testing/
<hggdh> zul: but we are starting the move from usit to utah
<zul> ah.....and utah is?
<zul> besides being a state
<hggdh> zul: apart from the state it is ubuntu testing automation harness
<zul> ok gotcha
<Daviey> .
<LordOfTime> :
<Daviey> â®
<LordOfTime> ::
<LordOfTime> :P
<LordOfTime> Daviey: we must be bored as heck today xD
<Daviey> LordOfTime: yep, â 
<LordOfTime> error: 5 has triggered the countdown.  4... 3... 2... 1... *SEGFAULT*
 * hggdh sits down and watches Braille
<thebwt>  how does one add a certfile.pem to the compiled certs in /etc/ssl/certs/
<zul> bdmurray: where are we with the nova sru?
<smoser> zul, woot! https://review.openstack.org/#/c/8267/
<zul> smoser: getting there
<smoser> zul, 2 things i thought of.
<smoser> a.) you still dont have the flag, which i think is actually necessary on the nova-compute node (to manually set the stuff versus letting libvirt decide)
<smoser> b.) i think it might make more sense to have the nova-compute node say "i support i386, i586, i686" than have the scheduler know "oh, you say you support i686, but I know that means you can do i386"
<smoser> i'll add these to the review, but i will not suggest that they should nack
<smoser> are you otherwise happy with that patch
<zul> yeah i think they can be added later
<skorv> would like to chat with someone who handles multiple web server inside a single serverfarm, it regards url redirection inside the network using only one wan ip
<patdk-wk> skorv, learn what, reverse proxy, is
<hpux> How can I be sure that i have mounted correctly my NTFS partion, because Samba is working not very smoothly
<RoyK> hpux: samba != ntfs
<RoyK> hpux: samba is for sharing files over SMB/CIFS, NTFS is for local access to a disk or partition with an NTFS filesystem
<hpux> RoyK: yep, i have an ntfs partion which is shared via samba. However whenever I try to make big read/writes, the application I use (for example loading music libary, or working on a VM), hangs as not responsive . I can see that smbd is taking 95% of the processor
<hpux> RoyK: so I'm guessing that either samba is having some trouble or that I have incorrectly mounted my fs
<uvirtbot> New bug: #939122 in nova "floating ips do not display in 'nova list' after association to instance" [Medium,In progress] https://launchpad.net/bugs/939122
<RoyK> hpux: why do you use ntfs on linux in the first place?
<hpux> windows clients...
<genii-around> If you're using samba to share the fs, the clients don't care about the backend filesystem anyhow
<RoyK> hpux: window clients only see a share. what's underneath that doesn't matter
<RoyK> hpux: like genii-around said
<RoyK> hpux: use ext4 or something of preference, don't use alien filesystems unless you have a very good reason to do so
<genii-around> hpux: I've had pretty good success using XFS for shares, there's no "hiccup" when streaming large files for instance ( which happens with ntfs and ext )
<hpux> genii-around: RoyK, I'm aware of that, however occasionally I have to physically remove the hard disk from the system and bring it over to windows machines.
<RoyK> hpux: why would you need that?
<RoyK> that's what networks are for ;)
<RoyK> hpux: anyway - using ntfs in such a setup is not supported and probably won't *be* supported on ubuntu or any other linux distro
<hpux> RoyK: not if you live in third world country in europe, working for global corporation which still have 10mb/s network equipment in the main server room, and big part of the workforce is using WYSE 50 terminals still on RS232 ports
<RoyK> hm.. ic
<RoyK> hpux: which country, btw?
<hpux> Bulgaria
<RoyK> would you need some 100Mbps switches with 1Gbps uplink? ;)
<RoyK> I think we have a few old ones that hasn't been discarded yet
<hpux> RoyK: you'll have to provide power consumption specifications to my manager, because they may be more expensive to run that the old ones :)
<RoyK> I don't do that, but I can provide the model numbers
<hpux> :D
<hpux> my manager is super mingy
<RoyK> anyway - for your setup, I'd use a USB drive to move data around
<RoyK> I'd *not* use NTFS on the server
<RoyK> except perhaps at gunpoint
<hpux> RoyK: this is kind of the situation :D 32 GB flashdrives are super expensive, and don't talk about external hdd..
<RoyK> with a usb drive, the server will be operative during large data moves
<hpux> RoyK: uptime is not an issue
<RoyK> you can get a 500GB drive quite cheap from ebay, and the usb to sata interface is *dead* cheap
<hpux> RoyK: yea, but it's a matter of principle, i don't want to pay from my pocket to do my job correctly
<RoyK> hpux: 1. don't use ntfs on linux in production, 2. if you want to anyway, see 1., 3. if you have a very good reason, see 2.
<hpux> but maybe i I'll be better bend the knee..
<RoyK> hpux: it's not supported, and it won't be supported
<RoyK> face it
<RoyK> you may make it work, somehow, but it will suck, and if it gets broken by some update, it still won't be supported
<hpux> RoyK: totaly agree with you
<RoyK> then tell your boss I said so - I've only been using linux since 1994 or so, but I think I know a few things ;)
<hpux> RoyK: old school hacker :)
<RoyK> yeah, and been working in operations since, what, 1996 or so
<hpux> RoyK: what exactly you do day to day?
<genii-around> You could get some filesystem driver for your Windows boxes to support like ext4, etc
<RoyK> http://driesve.tumblr.com/post/1560794187/how-to-mount-an-ext4-drive-in-windows-7
<RoyK> or google
<genii-around> Night, i have errands to run
<RoyK> hpux: linux things, storage things, network things, fortran things, perl things, python things, windows things at gunpoint, even some DOS things at times, helping scientists fix their problems
<hallyn> smoser: all right qemu-kvm is built in ppa:serge-hallyn/virt.  i'll probably push it in the morning, it's treating me well here
#ubuntu-server 2012-06-15
<marvelouzone> was wondering if someone could help me with a strange problem
<marvelouzone> anybody on?
<genii-around> !details
<ubottu> Please give us full details. For example: "I have a problem with ..., I'm running Ubuntu version .... When I try to do ..., I get the following output: ..., but I expected it to do ..."
<smw> genii-around, I like !ask better
<smw> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
 * genii-around makes more coffee and waits for the strange problem specifics
<marvelouzone> I have a problem with all passwords stop working the only thing I have installed is zentyal. if I try to log in it tells me incorrect password, on both user accounts that I have. if I do sudo nano, it ask me for password, I enter correct password, and it just drops back to prompt with no error message, if I do plain nano it works, this happensa with any command I put sudo or gksu in
<marvelouzone> front of. I cant log in through ssh, ttyl, etc.. I'm lost, Ive been searching for answers for hours..
<marvelouzone> I have checked to make sure I'm in the admin group, and I am
<marvelouzone> I'm running 12.04
<ChmEarl> marvelouzone, sudo -s;grep admin /etc/sudoers
<JanC> marvelouzone: are you in the sudoers group too?
<marvelouzone> yes
<uvirtbot> New bug: #1013457 in juju (universe) "twistd still autostarted for juju after juju is removed from system" [Undecided,New] https://launchpad.net/bugs/1013457
<twb> http://paste.debian.net/174600/ WTF?
<twb> Oh, never mind, I can't read
<twb> Apparently the aptitude full-upgrade I ran five minutes ago, didn't actually run
<twb> Ah, because I forgot to teach apt to mount /boot read-write when it is upgrading a kernel
<twb> In lucid, what turns on rp_filter?
<twb> Because it's on by default AFAICT, but it's commented out in sysctl.conf
<twb> Never mind, I can't tell when I'm logged into two hosts at once
<twb> MOAR COFFEE
<samba35> if i want to use MAAS on thin client what kind of hardware i should have
<twb> Sorry, I am not buzzword compliant.
<twb> I run netboot end-user Ubuntu 10.04 desktops on diskless machines with an Atom n4xx CPU and 1GB of RAM.  2GB is preferable, but not necessary.
<twb> The netboot server is usually an ordinary $1500-ish server and can serve around 100 to 255 desktops.  It would have 7200 SATAs in an md RAID1 or RAID5, one to four gigE NICs bonded together, and 4GB to 16GB of RAM.  I don't know offhand where the bottlenecks are.
<twb> If you are netbooting over the internet, obviously that would be the bottleneck.
<RoyK> twb: how many drives? in what config? linux md?
<twb> RoyK: two (RAID1) or three/four (RAID5).  md, unless I am overruled.
<samba35> ok
<samba35> do you use boot rom or any other method ? if i want to boot over internet what kind of nic i should use ?
<RoyK> twb: k
<twb> If you copy the OS into the desktop's RAM, obviously that means you need to increase the desktop's available RAM by the image size (anything from 80MB to 4GB), and that will also severly limit your ability to turn on all the desktops at once.  OTOH it does mean that the desktops can operate stand-alone without network, as long as they don't lose power.
<twb> You can guard against transient issues my having the desktop mount the OS partition -o hard instead of -o soft.
<twb> But you should understand the full implications of that change before you run with it...
<twb> samba35: what nic you use doesn't matter a damn, other than 1) if it's 100MB of gige; and 2) if it has a PXE ROM
<twb> I suppose it must also be supported by the kernel.
<samba35> ok
<twb> You can only PXE boot off the local network, so you will need an on-site device that can act as the DHCP and TFTP server.  Once the kernel and ramdisk are loaded, you can pull the OS down using e.g. HTTP
<twb> I would not run NFS over the public internet.
<twb> Also I strongly recommend you roll out 12.04, not 10.04.  And use live-initramfs, not casper.
<twb> The casper/10.04 stack can be made to work, but it's far more annoying.
<samba35> so in nutshell if i want to boot ubuntu i should have some storage space /local boot
<samba35> for thin clinet stup
<twb> What is your end goal?
<samba35> if i want to put ubuntu to boot over internet
<twb> But why do you want that
<samba35> school student can use this at thier home
<samba35> not a good idea ?
<twb> What kind of internet connection do they have?
<samba35> 512 kb
<twb> Guarateed or maximum?
<samba35> max
<twb> It would be better to just give them a USB key with a live Ubuntu on it, I think
<twb> A 2GB USB key will cost perhaps $5, and that's a one-time cost.
<samba35> ohh that is good idea and use ltsp
<samba35> yes very much true
<twb> If you need to periodically update the image, you could do that when they come on site.
<twb> e.g. have them hand in their keys once a month for updating
<samba35> ok
<twb> I am surprised you're talking about LTSP instead of just havnig everything be web-apps
<twb> But LTSP will probably be OK over 512kB provided that the school has a decent pipe
<samba35> 8 mb for 100 students
<twb> if your school also has say 512kbps down / 64kbps up, you are not going to be able to have more than a handful of LTSP users at once
<twb> Also it is definitely worth talking to the LTSP people about use NX, because that can significantly reduce bandwidth costs
<twb> I do not know if LTSP can do NX yet
<samba35> ic
<twb> Although really you don't need LTSP, you can just have a live CD that uses normal remote X (or NX) over SSH.
<twb> So that would be a bit like having a citrix client on a windows laptop
<samba35> ok
<twb> It depends how much of the desktop you want to be hosted on the local machine, and how much remote.  Since they're (presumably) going to be running fat client hardware, it makes sense for e.g. the window manager and so on the be hosted on the live USB key, and to only remotely host the app itself on the school app server
<samba35> ok
<twb> If the app server is a Unix system and has each student as a normal shell account, the only real hard part would be teaching the students to use key-based SSH securely
<twb> Otherwise they can use essentially a stock standard ubuntu live CD and then just basically run ssh -X <student account>@<your app server> <the app name>
<samba35> students are about 10-15 year age
<twb> So probably what you'd do is set up the keypair in advance on the live USB key
<samba35> ok
<twb> Maybe also print the passphrase on a sticker on the side of the USB key
<twb> It's suboptimal, since then *YOU* would also have their keypair, but if they are nontechnical there is not much else you can do
<twb> Well you could use password-based auth and forego keys entirely, but I don't like that
<samba35> this project is on planning stage once i get some thin clients i will get in touch with you
<twb> samba35: are you also givng the students specific hardware?
<samba35> may be next week
<twb> If so what is your hw budget per student
<lynxman> morning o/
<twb> Ballpark, I mean -- $100, $500, $1000 or $5000
<samba35> if they have already a pc then as you sugguested usb of they cant  pay for then rent
<samba35> i was reading more about thin client and arm based thin client are costing around 100 -200 usd that is around 5500 - 11000 indian rupee
<twb> Renting would be a pain.  You can get previous-generation netbooks for about $300 new, probably a bit less if you have a bulk buy.  If that is within budget, I would suggest that
<samba35> plus key and monitor and mouse
<twb> I suggest you stick to x86 (e.g. atom) and avoid ARM unless you have time to fix all the exciting hardware issues that ARM usually has
<samba35> so arond 300 us $
<twb> For the use case you describe, I would recommend netbook rather than traditional thin client, because it has keyboard/mouse/screen/ups built in
<samba35> ok i will go with atom
<twb> Since you are a school you might be able to ring up a vendor and get them to do a deal where they get good press in return for a discount
<samba35> yes very much true netbook is good option ,they will able to travell also with in school
<twb> Also if they are netbooks, you can just flash the netbook instead of using USB keys
<samba35> yes
<twb> Hmm, current listings seem to be giving *current* generation 10" and 11" netbooks at around AU$330, new
<samba35> do you have link so i will also get idea about hardware and software
<twb> A link about what?
<samba35> netbook price
<twb> Well I just went to jbhifi.com.au
<samba35> ok
<samba35> thanks
<twb> Obviously if you are in india, you will need a different site :-)
<samba35> yes i just want the make and hardware spec
<samba35> did you played with MAAS ?
<twb> No
<twb> Like I said, I do not do buzzwords
<uvirtbot> New bug: #1013549 in lxc (universe) "lxc-clone fails for xfs fs on lvm" [Undecided,New] https://launchpad.net/bugs/1013549
<Zanzacar> I keep getting errors that read Assuming drive Cache: write through and failed
<Zanzacar> I am not sure why it keeps saying this and there is no way I can do much work since everything is view the terminal
<Zanzacar> through not view*
<Zanzacar> it appears that it is related to a sdcard reader
<uvirtbot> New bug: #1013471 in samba (main) "swat goes blank on button click and logs panic internal error" [Undecided,New] https://launchpad.net/bugs/1013471
<ttx> jamespage: around ?
<jamespage> ttx: yep
<ttx> jamespage: was wondering about progress on your OpenStack PPAs front
<ttx> I'm in a hurry to deprecate our own (stale) PPAs
<ttx> jamespage: what's the current state ?
<jamespage> ttx, let me just check - I think its all running now
<jamespage> ttx: https://wiki.ubuntu.com/ServerTeam/OpenStack
<jamespage> folsom on quantal is up and running
<jamespage> but it would appear that folsom on precise is not yet
<ttx> looking
<jamespage> I would need to check with zul as to when he expects that to start happening - its linked in with the cloud-archive work
<ttx> jamespage: we also need "PPA tracking tip of (Folsom) milestone-proposed on Precise"
<ttx> so that we can completely replace the current state @ http://wiki.openstack.org/PPAs
<jamespage> ttx, OK - I need to check with zul and adam_g on plans for dealing with milestone-proposed - but we will do something
<ttx> jamespage: was supposed to help with producing the cloud archive Folsom updates
<ttx> and would replace our "milestone-proposed" testing PPAs
<jamespage> ttx, I'm sure you are right (have been working on other things so not as close to what zul and adam_g are doing as I have been)
<ttx> jamespage: ok, we'll wait for them
<Daviey> ttx: Can i clarify what you are expecting ?
<ttx> Daviey: my expectations are well summarized in my May 22 email
<ttx> If we have a spot for everything, we can completely deprecate our own setup
<Daviey> ttx: I'll re-read and circle back.
<ttx> Daviey: awesome, thanks.
 * ttx lunches
<freddyb> hiya. I just noticed that some lxc problem I have is fixed in precise-proposed and precise updates. when will they arrive on my 12.04 lts server via normal updates?
<freddyb> how safe is it to just get the .deb for precise proposed and install manually? i.e. what side-effects would it have?
<jamespage> freddyb, you will get 0.7.5-3ubuntu58 as part of you regular server updates
<freddyb> the normal apt-get updates, apt-get upgrades?
<freddyb> I didn't see it yet. maybe my mirror is just slow then?
<freddyb> my hosted server is using a local mirror for apt ;)
<freddyb> jamespage? --^
<jamespage> freddyb, could be - what do you see with 'apt-get policy lxc' ?
<freddyb> E: Invalid operation policy
<freddyb> oh cache. nvm :P
<freddyb> 0.7.5-3ubuntu58 for Installed and Candidate
<freddyb> hm
<freddyb> the problem I have looks fixed as of this bug, which went into 53. https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/993706
<uvirtbot> Launchpad bug 993706 in lxc "Fix lxc-execute without rootfs failing apparmor transitions" [Medium,Fix released]
<freddyb> maybe it's another bug I am seeing.
<freddyb> lxc-create fails for me, it says permission denied when it mounts proc into the container
<freddyb> let's see. I reported it as #1013618
<uvirtbot> New bug: #1013618 in lxc (universe) "lxc-create fails when trying to moung proc into chroot" [Undecided,New] https://launchpad.net/bugs/1013618
<Anomie21> Can anyone help with this cronjob?, I know its the positioning of my quotation marks, but don't know how to fix it, I tried escaping them (as you can see by the /'s) but its still not working  http://bpaste.net/show/WWp04DgpgszmGARPE7rg/
<ikonia> Anomie21: please don't cross post your question in multiple ubuntu channels (please)
<Anomie21> ikonia: Why not? I remembered about this channel after I made my post in #ubuntu and didnt get a response
<ikonia> Anomie21: it was less than 2 minutes after posting it
<ikonia> it dilutes the channel, please try to pick the best channel for your needs and focus your questions there
<zul> good morning
<pmatulis> morning
<hallyn> smoser: would you say qemu-io belongs in qemu-kvm or qemu-utils?
<hallyn> it's been in qemu-kvm.  i was going to move it, but now i'm thinking it doesn't really belong in qemu-utils after all
 * smoser types 'man qemu-io'
<smoser> i wouldn't move it from wherever debian has it.
<hallyn> ok thanks
<zul> jamespage: back from lunch yet?
<jamespage> zul: yep!
<zul> jamespage:  so im doing some openstack-qa stuff today and working on package installation testing and thinking of using piuparts
<jamespage> zul, +1
<jamespage> that would be fantastic
<jamespage> zul: oh great - https://merges.ubuntu.com/b/bacula/REPORT
<zul> jamespage:  i would like to get all of keysone rather than testing than individual deb
<zul> jamespage: yeah i saw want me to merge it?
<zul> jamespage: since its a workload type merge ;)
<jamespage> zul, I'm actually wondering whether we can just sync it....
<zul> jamespage: ack
<jamespage> bacula is broken in precise ATM - uploaded the fixes yesterday hence my name is against that merge
<jamespage> sorry - upgrade to bacula in precise are broken - not fresh installs
<zul> jamespage:  *sigh*
<jamespage> zul, anyway - back to openstack qa
<zul> jamespage: yes!
<jamespage> "i would like to get all of keysone rather than testing than individual deb"
<zul> jamespage:  try to distract me...*nngnh*
<jamespage> not sure I understand
<zul> well looking at the piuparts it does invidual debs unless im reading it wrong
<jamespage> zul, you can pass it a .changes file I think
<jamespage> that way it will test all of the debs for a given build
<zul> jamespage: ah yes
<zul> thats better
<jamespage> zul, you can also select the packages as well from .changes - we would need todo that for nova
<jamespage> nova-compute-kvm | nova-compute-lxc | nova.....
<zul> jamespage: so i was thinking the script grabs the source, generates the changes and then runs piuparts
<jamespage> zul, why would we not just integrate it into the upstream triggered package build process?
<jamespage> or is that what you mean?
<zul> jamespage thats the other option i was thinking
<zul> yeah thats what im going to do
<jamespage> sounds good
<jamespage> hmm - but
<jamespage> having something we can use for general install testing would be good
 * jamespage goes to check with jibel that we don;t already have something
<zul> jamespage: thats what i was thinking
<jamespage> zul, I'd actually like to test the installability of all server related packages regularly during the dev cycle
<zul> jamespage: so a python script that queries the packages ubuntu-server is subscribed to or just grab the seeds and just run piupart
<jamespage> zul, +1
<jamespage> I guess we need some way to tune each piuparts run
<jamespage> Debian do this sort of stuff regularly
<zul> yeah i was looking at collab-qa to see if i could find something but they use perl..*grin*
<smb> zul, Not wanting to rush in any way. I am just not sure how well just subscribing you is really getting to your attention. Did you see my merge request for xen?
<zul> smb: yeah ill get to it today
<smb> zul, Oh, only if it really looks good. There are a few questions (and puzzles) for the reviewer, you know.
<zul> smb: gee thanks :)
<smb> zul, Always ready to entertain. :)
<Daviey> jamespage: re-install testing.. i started doing this a couple of weeks ago.. rebuild testing, and instability of all packages in our set
<jamespage> Daviey, marvellous
<Daviey> jamespage: i was mainly working on the infrastructure
<Daviey> jamespage: wasn't jenkins based.. do you feel it should be?
<jamespage> jibel say's he'll stick it in the QA lab whenever
<jamespage> Daviey, what is is based on?
<Daviey> jamespage: django, celery, sbuild and piuparts :)
<jamespage> Daviey, hmm
<jamespage> whats the django and celery stuff used for?
<Daviey> jamespage: the approach i went for scaled out to N nodes.
<Daviey> jamespage: django as the datastore and viewer, celery as the job dispatcher and workers for nodes
<jamespage> Daviey, so pretty much what jenkins does for all the other QA activity we do?
<Daviey> uses rabbitmq for pushing out jobs
<Daviey> jamespage: yes
<Daviey> jamespage: if you think it should be moved to jenkins, i'd be happy with that.
<jamespage> Daviey, I think it would make sense - mainly due to the investment we have already made in jenkins deployments to execute testing activity
<zul> Daviey: you have a bit too much time on your hands :)
<jamespage> we would be able to leverage the existing infrastructure and publish results alongside everything else QA related at jenkins.qa.ubuntu.com
<Daviey> zul: this was a few weeks ago.. as a weekend hobby project.
<jamespage> lol
<zul> hehe
<Daviey> jamespage: i agree.
<jamespage> Daviey, we can scale out by using jenkins slaves so I think we get the same characteristics
<jamespage> it will just be about setting up the jobs in the right way more than anything else
<jibel> Hi :)
<jamespage> Daviey, zul: I asked jibel to drop by to discuss durther
<zul> heylo
<jamespage> jibel: Daviey has been working on a tool todo this
<jamespage> we where just discussing django/celery vs jenkins - but as we already do alot of jenkins in QA that seemed to make sense
<jamespage> Daviey: what state is your work in today?
<Daviey> jamespage: it's crap.. it was basically a POC.. I was mainly working on mimicking the buildd infrastructure.. making use of /CurrentlyBuilding etc
<jamespage> Daviey: do we actually need to build the packages? or just test that they install from the distro itself during development?
<Daviey> jamespage: One of the other motivations was to also have an area people can dput signed packages.. run through some validation, if passes - upload it to the archive.
<jamespage> Daviey, actually that is quite nice
<jamespage> we could do that with Merge Proposals as well
<zul> i think for my use case just the installability
<Kagee> &part
<Daviey> yeah, that wasn't something i was thinking.. but yes, that sounds valid.
<Daviey> zul: in your case, it's the buildability :P
<zul> Daviey: i already have buildablitiy :P
<jamespage> jibel: are we doing anything in QA re automate build and install testing of projects?
<jibel> Daviey, we have this for example which seems to match your description https://wiki.ubuntu.com/QATeam/AutomatedTesting/UnityAutolandingSetup
<jibel> it's called 'unity' put can be used for any project in bzr
 * Daviey stabs vmbuilder
<Daviey> vmbuilder AND pbuilder.
 * Daviey cries
 * LordOfTime hands Daviey a tissue
<jibel> for package builds there is an infrastructure based on pbuilder that we uses to build and tests libreoffice for exmaple
<Daviey> jibel: So the thing i was working on would have differing sources.list for main/universe packages.. and do the pkgmangler crap.
 * SpamapS points at sbuild
<SpamapS> buildd in a box :)
<jibel> :)
<Daviey> Yeah, i am kinda suprised pbuilder was used.
<Daviey> sbuild even has much nicer build logs :)
<SpamapS> and it is 3 higher in ASCII
<SpamapS> *3*
<SpamapS> S totally kicks P's rear
<LordOfTime> SpamapS: is sbuild what is used on the LP PPA builders?
<Daviey> SpamapS: P does kick S in morse IMO.. S is so boring
<SpamapS> true
<Daviey> LordOfTime: an old, forked version of sbuild which only does part of it.
<SpamapS> Daviey: in semaphore tho.. P is really annoying and tiring.. while S lets you rest a bit
<zul> bah
<Daviey> SpamapS: inversely, P is more uniformed than S in Braille
 * Daviey likes uniformed.
<zul> guys focus...installation testing :)
<robbiew> seriously bad when zul tells you to "focus"
<robbiew> lol
<zul> :p
<robbiew> ;)
<Daviey> hah
<zul> that wouldnt hurt so much if it wasnt so true :)
<feisar> hi, what's the name of the script that secures a mysql install?
<feisar>  I've used it but can't remember what it was called - it's installed by default
<Daviey> jamespage: how is https://blueprints.launchpad.net/ubuntu/+spec/servercloud-q-tomcat7 working out?
<Daviey> zul: are you driving https://blueprints.launchpad.net/ubuntu/+spec/servercloud-q-openstack-deployment-on-arm ?
<jamespage> Daviey, I got distracted by other things this week
<jamespage> but it was going OK
<zul> Daviey: yeah
<jamespage> it WILL be done for a2
<Daviey> smoser: any progress on https://blueprints.launchpad.net/ubuntu/+spec/servercloud-q-apt-improvements ?
<Daviey> jamespage: super
<jamespage> Daviey, beer all round if I don't make it
<Daviey> jamespage: \o/
<smoser> robbiew, ^
<smoser> i was hoping to get robbiew to look at that today
<robbiew> ok...I looked at it...done
<Daviey> lol
<robbiew> and by "done", I mean I set a priority...hard work
<smoser> robbiew, sorry.
<smoser> brain failure
<smoser> rbasak, ^
<robbiew> lol...I kinda figured that...but kept trolling
<Daviey> hah
 * robbiew knows the low to nothing value he now brings to blueprint evaluation
<robbiew> ...and by the silence I see you all are in 100% agreement
<robbiew> lol
<Daviey> robbiew: Oh no.. you are most valuable ! :)
<robbiew> ass
<robbiew> Daviey: I have little kids too, you know
<robbiew> "oh no...that's a beautiful drawing"
<Daviey> robbiew: haha
<Daviey> robbiew: You are also my favourite princess in the whole wide world.
<robbiew> yeah...yeah...I got your princess alright
<rbasak> smoser: I've been working on apt today. It's slow going because the code path is really twisted
<rbasak> I think I've identified a place to get a PoC in
<rbasak> So making some progress, but slowly
<smoser> rbasak, thank you, kind sir.
<smoser> let me know if you need anything
<rbasak> Will do
<rbasak> I haven't even looked at debootstrap yet. I don't see how a debootstrap patch could possibly be harder than the apt one, though :)
<rbasak> I had to fire up eclipse to help me make sense of the apt code :-(
<uvirtbot> New bug: #1013719 in php5 (main) "package php5-cgi 5.3.5-1ubuntu7.8 failed to install/upgrade: subprocess installed post-installation script returned error exit status 10" [Undecided,New] https://launchpad.net/bugs/1013719
<uvirtbot> New bug: #1013724 in multipath-tools (main) "Setting "prio const" in multipath.conf has no effect" [Undecided,New] https://launchpad.net/bugs/1013724
<zul> jamespage: : looks sane? http://bazaar.launchpad.net/~zulcss/+junk/piuparts/revision/70
<uvirtbot> New bug: #1006898 in dnsmasq (main) "[SRU] dnsmasq fails at leasing issues when using vlan mode" [Medium,Fix released] https://launchpad.net/bugs/1006898
<zul> jamespage:  did you eod on me?
<jamespage> zul, nah - sorry - just trying to get something done before I do in 20 mins
 * jamespage looks
<zul> jamespage: im suggesting we use piuparts to do upgrade tests after this
<jamespage> zul, OK
<jamespage> I'm not sure but we may want to create tarballs or make piuparts use schroots for speed
<jamespage> I've not used it for a while TBH so would need to grok it
<zul> jamespage: yeah lemme worry about that :)
<jamespage> zul, we do need to consider configuring which packages to test from changes as well
<jamespage> it will fail for some with 'default' options is my guess
<zul> jamesapge: for the upgrade test?
<jamespage> zul, and for the install test as well
<jamespage> I think
<smb> smoser, utlemming, Just a heads up that today was a patch committed to the Quantal kernel that is replacing one we were carrying to fix an early crash on some EC2 instances with old Xen versions. Not that I would expect it but _if_ there are early crashes again, please let me know asap.
<utlemming> smb: ack
<utlemming> smb: has that landed in the archives yet?
<smb> utlemming, No it just went into git today
<utlemming> smb: okay, I'll be sure to beat up the quantal build from Sunday night
<smb> utlemming, I am not sure when exactly the next upload happens. The changelog for it would have "UBUNTU: SAUCE: Mask CR4 writes on older Xen hypervisors" in it
<koolhead17> hi all
<RoyK> hi
<zul> smb: whats the bug number for the xen merge again?
<uvirtbot> New bug: #1013782 in nova (main) "Stop/start a KVM instance with volumes attached produces an error state" [Undecided,New] https://launchpad.net/bugs/1013782
<hallyn> jdstrand: I'm (so far) holding up the qemu-kvm 1.1 push bc it mysteriously makes libvirt qrt fail.  But it fails having a test user do virsh define (at line 1841), but when i manualy do sudo -H -u tUQmyVnL virsh define /tmp/bad.
<hallyn> xml I succeed
<hallyn> does this ring a bell at all?
<hallyn> /dev/kvm is root:kvm...
<jdstrand> hallyn: not otoh. might check the libvirt groups in /etc/libvirt/qemu.conf
<hallyn> jdstrand: same libvirt with quantal's qemu-kvm (1.0) has no errors
<jdstrand> hmm
<hallyn> i just can't imagine what's different
<jdstrand> did you try the complicated "su -c 'sudo -H -u <user> -c <uri> define <xml>'"
<hallyn> heh, only the sudo part
<jdstrand> that is what the script is doing for I don't remember what reason
<jdstrand> I can say it was intentional
<hallyn> what does '-H' to su do i wonder?  it's not int he man page
<hallyn> oh.  nm
<jdstrand> sets HOME
<hallyn> i was thinking that was part of the su command
<hallyn> still succeeds
<hallyn> (except i'm not giving the uri)
<smoser> ok. i feel stupid.
<smoser> $ echo "ls /tmp >/tmp/log 2>&1" | atq
<smoser> 2	Fri Jun 15 15:15:00 2012 a smoser
<smoser> er...
<smoser> echo "ls /tmp >/tmp/log 2>&1" | at 00:00
<smoser> $ atq
<smoser> 2	Fri Jun 15 15:15:00 2012 a smoser
<smoser> how can i later see what is actually *in* job 2 ?
<smoser> its a file in /var/spool/cron/atjobs/ , but as a normal user, i can't even list that directory (or view the file explicitly)
<greppy> ls /tmp 2>&1 > /tmp/tmp.txt
<smoser> greppy, it was just an example of a command.
<smoser> i want to see "details" about my atq
<greppy> smoser: ah, sorry, I thought you were trying to get the contents into the file :)
 * greppy should go to sleep.
<zul> smoser: what do you mean by details?
<smoser> zul, after i've ran:
<smoser>  echo "echo hi mom" | at 00:00
<smoser> how do i see that the job it created (say job '2')
<uvirtbot> New bug: #1013804 in openvswitch (universe) "package openvswitch-pki 1.4.0-1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1013804
<smoser> how do i see the content of that 'job 2'
<smoser> i forgot that i said "hi mom" and want to remember
<smoser> if i'm root, i can cat that file
<zul> smoser: ah....i have no idea
<leojrfs> what did change in samba or samba default conf? i cant get clients to login
<leojrfs> security is set to user
<leojrfs> but no login required for the clients
<leojrfs> im using 12.04
<hallyn> jdstrand: yeah, i know have test-libvirt.py print out the command it tried and failed to do, then sleep 1000 seconds; then i try it by hand, and it succeeds.
<jdstrand> only thing I can think of is there is a race of some sort or it is terminal related
<TheLordOfTime> any idea if php 5.4.x will be included in quantal?
<blendedbychris> what's the proper way to add a apt source? It's not a ppaâ¦ i noticed there is a sources.list.d should i put it there?
<guntbert> blendedbychris: what are you trying to add?
<blendedbychris> http://projects.puppetlabs.com/projects/1/wiki/Puppet_Ubuntu
<blendedbychris> but it seems that's actually might be a ppa
<blendedbychris> ah no nm ya apt.puppetlabs.com ?
<blendedbychris> guntbert: ?
<guntbert> blendedbychris: just sudo apt-get install puppetmaster
<guntbert> it is in the repos
<blendedbychris> guntbert: i need 2.7.16 or whatever
<blendedbychris> because my lucid client is 2.7.16 it's a bitch
<guntbert> !info puppetmaster
<ubottu> puppetmaster (source: puppet): Centralized configuration management - master startup and compatibility scripts. In component main, is optional. Version 2.7.11-1ubuntu2 (precise), package size 12 kB, installed size 330 kB
<hallyn> jdstrand: your hunch about a race was right.  when I add a time.sleep(2) before the virsh define, it passes
<jdstrand> huh, weird
<hallyn> leaving just 3 failures, maybe all stemming from some difference in shutoff behavior
<hallyn> (test-qemu all passes, btw;  i really did not expect test-libvirt failures)
<gary_poster> hallyn, do you happen to know any reason why we could not start a relatively large number (we see this with approx >7 on a 16 core hyperthreaded machine) of lxc instances at once, and expect them to all be initialized, if io is not an issue (these are ephemeral instances, so disk is RAM)?  We're investigating, but wanted to make sure you didn't already know the answer :-)
<gary_poster> sorry, expect them all to be initialized within a minute or so
<gary_poster> cpu is not an issue according to load averages and vmstat
<hallyn> jdstrand: fooi, but next time it died there again.  (error: unknown OS type hvm)
<gary_poster> and neither is memory
<gary_poster> or io
<gary_poster> well, memory might be an issue if we are running into some bus issue I guess, but that seems unlikely
<hallyn> gary_poster: not really
<hallyn> are they all ubuntu containers, precise or above?
<hallyn> if not, it could be udev storm
<gary_poster> hallyn, lucid containers
<hallyn> could be udev storm.  try precise ones and see if they do better (for confirmation)
<gary_poster> ah, ok hallyn.  where would we look for an indication of that?
<gary_poster> ph ok
<gary_poster> oh ok
<hallyn> syslog on the host should be overflowing
<gary_poster> it is not really
<gary_poster> just dnsmasq stuff
<gary_poster> seems relatively normal stuff
<hallyn> maybe /var/log/udev.log?
<hallyn> /var/log/udev that is
<gary_poster> hallyn that is there.  It's just over 7000 lines and as far as we know nothing has happened since about 22 seconds since boot time ("UDEV [21.996436] add ... sda1
<gary_poster> ")
<rwb> Hi, I'm using Ubuntu 10.04LTS and everything is up to date, however, my squirrelmail program is at version 1.4.2  I would like to upgrade past 1.5.  Is there a way I can trick apt-get in order to get a newer version?  I don't want to manually install this.  I want to keep using apt-get...
<hallyn> gary_poster: how exactly are they failing?  do they come up badly, or just not come up?
<hallyn> gary_poster: it's possible there is something funky with overlayfs
<hallyn> could you clone 8 containers and start them all at once, and see if *that* succeeds?
<gary_poster> hallyn, they come up slowly.  So, the first 7 or so on this 32 core machine come up within, say, 10 or 20 seconds; then after about 2 or 3 minutes, the other 9 (in the case of 16) will come up within about 10 seconds of one another
<gary_poster> you can see this in the syslog from dnsmasq logs
<gary_poster> as well as from user experience
<hallyn> hm, 2 mins.  you're sure dnmasq isn't dying and restarting, and then containers continue?
<Daviey> hallyn: I can't remember what you said before, but are you handling the ipxe merge?
<hallyn> Daviey: the ipxe merge is as done as it's going to be
<gary_poster> hallyn no, we're not sure, we are only going by the syslog
<gary_poster> so you think we ought to get the pid of dnsmasq before and after maybe, ok
<hallyn> gary_poster: ok, i don't have any brilliant ideas.  if you'd like pls feel free to open a bug with the script and i'll try to reproduce
<Daviey> hallyn: we don't want, http://pb.daviey.com/X1bV/ ?
<gary_poster> ack hallyn thank you.  We'll try the lxc-clone test and the dnsmasq pid test and a few other things and then file the bug with the details.  thanks again
<hallyn> Daviey: i'd say ask lynxman about those
<Daviey> hallyn: ok, thanks
<hallyn> Daviey: we have our own version of 'disable banner timeout' which was what we wanted most
<hallyn> Daviey: if there is more we want, we'll cherrypick, but we don't want to merge from debian, and given that ipxe is currently working, we don't want to grab latest upstream (and have it break).  it's volatile stuff
<hallyn> Daviey: btw i'm open to arguments about that, those are just the conclusions we came to when lynxman and i talked about it
<nathwill> rwb, squirrelmail 1.4.2 is stable version, even in precise. even from the squirrelmail project download page...
<rwb> Yea, but I was over talking on the SM chat, and they are saying it is WAY out of date.
<rwb> I am basically having problems with the gpg plugin...
<rwb> I guess I will just wait it out...
<Daviey> hallyn: no, i'm happy with that.. just wanted to check in, making sure it was considered :)
<Daviey> hallyn: whilst i have you... what would you think about making libvirt default to providing a qemu/kvm watchdog?
<hallyn> hm
<hallyn> Daviey: not sure how we would do that by default,a s it's usually specified in xml
<hallyn> Daviey: unless it's already possible (which i don't think it is), we'd then have to check whether the xml already specifies one, and if not, then specify a watchdog model
<Daviey> hallyn: right, got that.. but can you see issues with using xml to 'opt out'?
<hallyn> how would xml opt out?
<hallyn> Daviey: I see no downsides
<hallyn> if the guest doesn't want to use it it doesn't ahve to use it
<Daviey> model='' i assumed
<hallyn> (guest kernel, that is)
<hallyn> Daviey: apart from potential ugliness in impelmentation, i'm certainly fine with it and see no problems
<Daviey> hallyn: thanks
<hallyn> Daviey: going to opena  bug?
<Daviey> hallyn: i'll dig into viability first.
<hallyn> Daviey: while *i* still have *you*, woudl you sai it's early enough in q cycle still to upload qemu-kvm-1.1 even though it seems to do something to libvirt testcases?
<hallyn> it *runs* fine.  i have no idea what the problemis.  but there's a problem.
<Daviey> hallyn: most certainly early enough.. i assume you've done some local testing :)
<hallyn> yeah, it works perfectly for me :)
<Daviey> ah, libvirt fails against it?
<hallyn> nope
<hallyn> libvirt qa-regression-test fails against it
<hallyn> but doing it all by hand, it works
<hallyn> *magic*
<Daviey> how odd :/
<Daviey> hallyn: maybe speak with zul/adam_g about trying it in the openstack-ci lab first, if you want it exercised ?
<hallyn> Daviey: good idea, thanks
<hallyn> (in that case i'll first upload one tweak to ppa)
<hallyn> zul: adam_g: is it possible, no, easy, to run the openstack-ci lab with a qemu-kvm from ppa (ppa:serge-hallyn/virt) ?
<hattorihanzo> hey, i just brought up 2x 12.04 box's
<hallyn> stgraber: for the lxc 'start' hook, do you think we should (a) expect the user to specify a script that exists in the container, or (b) copy the script into the container, run it, then delete it ?
<hattorihanzo> 1 box, easy_install pyzmq fails
<hattorihanzo> or just easy_install itself
<hallyn> (that detail aside, pre-start, mount, and post-stop hooks are working.  as is aid, the other stop hooks may not be possible, due to the way reboot/shtudown worksin the kernel for containers)
<stgraber> hallyn: OpenVZ does the later (or at least something that gives a similar behavior), so I think we should go for b)
<hallyn> heh, drat
<hallyn> ok
<stgraber> hallyn: would have to look at exactly how OpenVZ does it, but I wouldn't be surprised if they were opening the script before the chroot, then reading it and piping it to bash after the chroot() call. Avoiding the need to copy it (and the risk of the rootfs being read-only)
<hallyn> stgraber: how bad would it be to just run it out of mnt.put_old after pivot_root but before the umounts of mnt.put_old :)
<hallyn> stgraber: if what you say is true, and we follow that, then we'd be tying ourselves to bash scripts
<hallyn> no python, go, or c
<hallyn> dare i say it - not even haskell!
<stgraber> hmm, indeed and that'd be a bit annoying
<hallyn> course, some of that may not work due to missing libs either
<hallyn> so maybe a simple script is the best
<hattorihanzo> how can i have apt force a reinstall of python-setuptools
<stgraber> hallyn: I'm sure that if we restrict to only bash, people will be complaining (that and we can't guarantee that bash or even /bin/sh will always be there...)
<hallyn> stgraber: at the same time, i'm sure we'll have problems with users having incompatible libc bc they're specifying a program that's compiled on the host and in different distro/release in container
<hallyn> maybe for my POC patch i'll just say the script/program must be installed in the container
<hallyn> in a way it's the most sensible
<hallyn> (waiting for you to argue :)
<stgraber> well, I'd just argue that it'd be good to do it like OpenVZ did and changing behaviour later on will break everything, so it'd be best to do it "right" from the start
<stgraber> if we require for it to be in the container, there isn't much difference between that and an init script
<hallyn> i argue with 'like openvz did it' being 'right' by definition :)
<hallyn> i agree, which is why i 'm not sure we need that hook :)
<hallyn> but,
<stgraber> that's why I wrote it "right" ;)
<hallyn> the biggest difference is that this will run before init starts
<hallyn> could be valueable still
<hallyn> like an initramfs
<stgraber> hmm, one quick question on the subject, what will happen in that pid namespace, as init won't be exec() from that start script, will it still get pid 1?
<SpamapS> somebody who is an admin of the ubuntu-server team please add mysql-5.5 to the bug subscriptions
<hallyn> stgraber: i think so
<SpamapS> we are not triaging at all there
<SpamapS> very bad
<SpamapS> just noticed all the NEW bugs
<hallyn> Daviey: ^
<TheLordOfTime> SpamapS:  any idea on php 5.4 and when it'll be included into Ubuntu?
<TheLordOfTime> (Quantal)
<TheLordOfTime> last i checked its in Debian
<hallyn> stgraber: just tried it, i was pid 5
<hattorihanzo> whats the best way to reinstall python2.7? the dist-packages are broken one 1 of my boxes
<RoyK> apt-get purge?
<hallyn> stgraber: ok there are enough questions there it's probably worth asking on m-l
<stgraber> hallyn: sounds good
<hattorihanzo> python_debian-0.1.21ubuntu1.egg-info/top_level.txt/top_level.txt/top_level.txt
<hattorihanzo> the hell python
<stgraber> hallyn: the binding is 90% done, I have everything working, except for the arguments of start(). I'll need to write some magic to convert them all to chars, build an array of char pointers and pass that to start()
<hallyn> stgraber: why not just support startl() only?
<hallyn> startl pretty much only exists to make the python stuff easier
<stgraber> hallyn: well, I still need to convert everything to char* before sending them to startl :(
<stgraber> (and that's the tricky part, becaus of all the references and Unicode => Bytes => char* conversion...)
<hallyn> oh i see.  got it
<taipres> what's the deal with the mysql exploit
<taipres> has ubuntu released patched version yet?
<taipres> am using 11.04
<TheLordOfTime> taipres:  which exploit?
<erichammond> I wish rsync had an option to transfer the most recently modified files first.  Or a way of giving me the list of files that it's going to update and let me order them.
<taipres> @Time its the one that lets you get pass the login after certain number of trys
<taipres> some memcpy sse bug or somthing
<taipres> Flaw Grants Access to 900,000 Servers By Guessing Username A flaw in MySQL and MariaDB
<taipres> A flaw in MySQL and MariaDB databases allows someone to merely guess a username and be granted access to 900,000 Internet connected servers while able to attempt logging in 256 times. MySQL and MariaDB databases both assign an SHA-encrypted token to every user who logs in to the server so users only have to log in at the beginning of the session, not every time they send a request to
<taipres> the database. This flaw is due to an error when comparing the token to the expected value. Some editions of the database can not tell if the login is authentic or not, assumes that it is, and allows users access whether the password is correct or not.
<TheLordOfTime> taipres:  i meant a link to the thing, and a link to the CVE
<TheLordOfTime> (such a vulnerability must have a CVE)
<jdstrand> thatwas fixed in http://www.ubuntu.com/usn/usn-1467-1/
<TheLordOfTime> http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-2122.html  <-- yep
<uvirtbot> TheLordOfTime: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2122)
<TheLordOfTime> oh quiet you
<TheLordOfTime> did i mention how much i hate the bots that do that?
<TheLordOfTime> even in -hardened :/
<TheLordOfTime> for -bugs, its useful
<TheLordOfTime> for -* its not as useful
#ubuntu-server 2012-06-16
<Kevin__H> Hi there, I am trying to install ubuntu server 12.04, I've tried installing GUI interfaces, but I haven't had any luck, any suggestions?
<Kevin__H> I've tried, sudo apt-get install ubuntu-desktop, but it returns unable to locate package ubuntu-desktop, I've also done updates
<Kevin__H> Also, when I use tasksel, and try to install features such as Basic Ubuntu Server and Samba file server, I get "aptitude failed"
<uberdub> I was told to come in here about my machine refusing to suspend to ram in 11.1 or 12.04
<uberdub> works in 10.04
<uberdub> can anyone shed some light on this issue?
<uberdub> any one alive in here?
<riz0n> Hi, I recently set up a new Ubuntu 12 LTS server, and copied the Dovecot config file from my old 10.04 LTS server. When I try to start Dovecot, it is not starting (it acts like it is, but it immediately terminates) ... Can someone help me get Dovecot up and running?
<patdk-lap> riz0n, heh, that was fail
<patdk-lap> you should go to the dovecot website and read the dovecot 1.x to 2.x upgrade instructions
<riz0n> says ssl enabled, but ssl_cert not set. I don't have any ssl setting in my conf file. how can i disable that
<riz0n> i put ssl=disable in my file
<riz0n> when i did the 1.x to 2.x conversion
<riz0n> it claims no errors
<riz0n> still not booting
<riz0n> this is crazy
<riz0n> holy wow the dovecot conf is TOTALLY different than the old dovecot, it is split into like 20 separate files. thank goodness I found the "sample" files burried deep in ubuntu, copied them, made the couple of "minor" changes to pop3 (if i check my mail with pop3 and leave files on server, i dont want the messages marking as read for IMAP)
<riz0n> and now i can telnet localhost imap :)
<skreech_> How can you troubleshoot acpi issues?
<riz0n> ok so here is what i have accomplished. i got dovecot running, but i can only access it via localhost. any time i try to access it from another host, it fails (like its not wanting to bind to the network adapter)
<riz0n> OK Now I think I have dovecot squared away. I can access IMAP. But my SMTP (I guess that's postfix) is not wanting to send out mail. Says authentication failed.
<riz0n> I also copied the postconf folder from the old ubuntu install to the new server
<zul> hallyn: sure we can probably try it monday
<riz0n> i can see this just isn't going to work. i can't even send mail from gmail back in
<riz0n> what is the best way to migrate from one ubuntu server to another without having to pull the last of my hair out
<riz0n> i just plugged the ethernet back into the old linux server and all my email immediately delivered.
<riz0n> So for now I'm going to kill out this new ubuntu install, and try again later
<JJ-Neo> What's the eaiest way to setup ubuntu server + LAMP + mencoder
<JJ-Neo> *easiest
<JJ-Neo> sudo apt-get install lamp-server^ ?
<skreech_> and mencoder
<JJ-Neo> is the mencoder the stable release?
<riz0n> Hi, are any of you guys awake, and can help me solve a problem with Postfix and Ubuntu 12.04LTS? When I try to authenticate it just fails. Even if I do "web mail" and it says it sends the message, it doesn't deliver.
<RoyK> riz0n: if it doesn't deliver, it might be in queue, run "mailq"
<uvirtbot> New bug: #1014005 in ipxe (main) "Please generate and include ipxe.dsk to the ipxe binary package" [Undecided,New] https://launchpad.net/bugs/1014005
<uberdub> what does a noob do if they think they might have found a bug?
<EMKO> Get a debug log and report it
<EMKO> Oh nvm wrong channel
<uberdub> Yeah, havent narrowed it down that far yet.
<edgy> Hi, update-grub shows lots of "error: physical volume pv0 not found." as seen at http://pastebin.ca/2161784, any help?
<uvirtbot> New bug: #1014044 in php5 (main) "PHP5-FPM not reporting errors to web server (nginx)" [Undecided,New] https://launchpad.net/bugs/1014044
<hallyn> jdstrand: yay, found the problem.  my tcg fallback patch needed updating.  tests now pass 100%
<hallyn> will update later this weekend or monday
<hallyn> oh, zul said he was going to test monday, maybe i'll wait
<verbul> hello?
<DDemon> My 12.04 server is currently idle, but has a load of 1.25. (It used to be 0.00 most of the time as it runs light applications.) It has 0% CPU use, no zombie process and nothing in I/O wait. It also only uses 420mb of the 4 gig of memory. Does anyone know a reason why this might be happening?
<uvirtbot> New bug: #1014088 in bind9 (main) "package bind9 1:9.7.3.dfsg-1ubuntu2.4 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1014088
<RoyK> DDemon: do you have any processes in Z or D state?
<DDemon> None in D, I don't really know what you mean by Z, how do I look that up?
<RoyK> ps axf
<RoyK> just look at the process status
<DDemon> swap the letters, I ment none in Z :)
<RoyK> so one or two in D?
<DDemon> none
<RoyK> I've seen that on servers with a high uptime, load avg high, but nothing to do
<RoyK> high uptime being a year or two
<DDemon> I rebooted the server multiple times
<RoyK> can you pastebin ps axf output?
<DDemon> You can check the stats on http://dhdv.nl (Site is only used as system info site)
<DDemon> sure
<DDemon> give me a second please
<RoyK> didn't know atoms came with quadcore :)
<DDemon> dual core with hyperthreading :)
<RoyK> ah
<RoyK> turn off hyperthreading, then, it's usually better to let the linux scheduler handle that bit
<DDemon> http://pastebin.com/EpEG11GQ
<RoyK> so... nothing, just the teamspeak server doing a bit
<RoyK> have you tried mumble?
<DDemon> It used to run just fine with an avarage of 0.00, I fear it had an update do this awhile ago, but no idea what update it did
<DDemon> no, but even if I turn everything off it remains on a high load
<JanC> DDemon: also checked kernel threads?
<DDemon> no, I have not, how do you do this?
<JanC> hm, I usually use htop, where you enable/disable viewing them with "K" (capital k)
<JanC> seems like ps shows these anyway
<DDemon> ah, I see thanks, I'll paste the results of this to pastebin also, as I am not sure how to read this
<RoyK> DDemon: really, if the server's still responsive and works well, you can probably ignore it
<DDemon> http://pastebin.com/aN1YjHkQ
<DDemon> It is functioning properly yes, but it kindoff bugs me it displays a wrong load, can't tell if it's doing anything now
<RoyK> what is console-kit-daemon anyway?
<DDemon> I think it uses that to fill up the empty space
<RoyK> DDemon: as in the higgs boson? ;)
<JanC> RoyK: I'd certainly want to know what is causing thisâit could always be something hidden by a rootkit or such...  ;)
<RoyK> JanC: just download chkrootkit or something
<RoyK> for a start
<JanC> that's not exactly very useful
<RoyK> DDemon: ls -l /bin/ps
<DDemon> -rwxr-xr-x 1 root root 101240 Dec 12  2011 /bin/ps
<RoyK> so probably not changed lately
<JanC> not when run on a (potentially) compromised system; run from a live image it might be more useful, of course
<RoyK> (unless someone is nasty enough to hack into kernelspace to change mtime)
<JanC> otherwise it wouldn't be a rootkit  ;)
<RoyK> I don't think I've seen such a kit ;)
<JanC> I have
<JanC> on Windows & on linux
<DDemon> Perhaps it is best that I just do a fresh install then, the server itself only runs teamspeak and apache, so easy to reinstall
<JanC> and that was years ago
<RoyK> that changed a binary and kept the file date?
<JanC> it doesn't have to change ps if the kernel doesn't show the process to userspace...
<RoyK> DDemon: can you sha512sum /bin/ps ?
<DDemon> 4494c7e1d45b980ae2726151ce44d58f51481e281f4c946c5ed20bc2f44c3017220f7553f79a3183a82a1d2046f089e63ef752bacf1fd26e9a630a7ce272b976  /bin/ps
<JanC> and it can easily fake the filesystem
<RoyK> DDemon: amd64 precise?
<DDemon> There have been some breaking attempts on my server, but root is disabled and ssh is limited to IP
<DDemon> yes
<RoyK> 4494c7e1d45b980ae2726151ce44d58f51481e281f4c946c5ed20bc2f44c3017220f7553f79a3183a82a1d2046f089e63ef752bacf1fd26e9a630a7ce272b976  /bin/ps
<JanC> DDemon: I'm not saying there is something wrong, just that it is one possible explanation
<RoyK> possibly the same thing I've seen earlier, then
<RoyK> high load and no idea why
<RoyK> DDemon: try installing oprofile and start profiling
<JanC> one other thing is that ps gives you sort of a snapshot
<JanC> so if some process spikes at 100% (or more) very shortly, it might not show up in ps
<DDemon> Is it correct that oprofile is no ubuntu package? It does not seem to be able to locate it
<RoyK> a process spiking won't change load average
<RoyK> hrmf - seems they have dropped it
<RoyK> https://launchpad.net/ubuntu/precise/+package/oprofile
<RoyK> should be there, but isn't
<skreech_> uberdub: where is the bug?
<DDemon> RoyK, JanC. Thanks for your help with this problem, I have decided that I should just do a reinstall and hopefully fix it (should take 1 hour tops) If it does not get fixed I know it's not a software problem. :)
<JanC> could still be software then, just one that is a bug  ;)
<DDemon> true, will see :)
<DDemon> Is it smart to install ubuntu by the "guided and install LVM" when I only have 1 harddrive in the server? (ssd) Or should one just sellect "Guided use entire disk" ?
<RoyK> just use lvm
<RoyK> it doesn't hurt
<RoyK> or even better, do it manually with lvm
<RoyK> my standard setup is: small 1GB partition for /boot with ext2, the rest for physical partition for lvm, create swap and root there, minimal, say, 1GB swap and 10GB root
<RoyK> and expand later on demand
<RoyK> separate partition for /home is usually good
<RoyK> easier when you have to reinstall
<DDemon> ah, I was too quick, did not see you type manual, I had already started guided :s
<SpaceBass> hey folks
<DDemon> I regularly download the full /home to a different computer over a gigabit network though, and the server has very little data on it, so it's quick to backup to a different ocmputer on the network :)
<DDemon> Hello SPacebass
<SpaceBass> I have a sever that failed doing a release upgrade. Now apt and dpkg report errors processing base-files
<SpaceBass> http://pastebin.com/1cY3N2c1
<DDemon> I'm sure someone smarter has a better idea, but I googled some and found someone having the same issue. He fixed it by downloading the live CD (Can use USB) and upgrade using that. (Go to install then upgrade)
<DDemon> It's 1 option you could try if all else fails :)
<SpaceBass> thanks DDemon, will keep that in mind
<DDemon> RoyK, JanC? fresh install is having the same result unfortunantly :(
<com7> hi everyone
<com7> i want to transfer my home-ubuntu "playground" to something, maybe called a server
<com7> so im offered ubuntu server or debian, ubuntu i know a little, so id like to ask you
<com7> ubuntu server is - i hope - tha same thing like the last LTS version an without the x.
<com7> and maybe bind, sendmail, apache etc. by default installed
<axisys> on solaris eth0:1 .. eth0:8 for 8 instances of tacacs+ server all on same subnet was doing network lot better than in ubuntu lucid 64 bit
<axisys> does linux network under performs  by default? do I need some tweaking?
<RoyK> how did you measure this?
<RoyK> and why would you want several ip addresses for the same nic in the first place?
<DDemon> Hey RoyK, I tried the fresh install with the latest 12.04 server, it had the same issue, I then tried a different distro so I could find out if it really was something on my system, so I installed debian to test, sellected all packages to install so I could let it work abit, and it has been sitting on 0.0 0.10 load for the past half hour, So I'm thinking it's something in ubuntu :[
<RoyK> DDemon: there is very little difference between ubuntu and debian
<RoyK> DDemon: how long did you let the new ubuntu install rest?
<DDemon> I installed it and went for some tea, I'm thinking about 15 min orso
<DDemon> But the longer the system was on, the higher the load became
<DDemon> I will try ubuntu 10.04 lts and 12.04 on this computer as a VM, see if there are any differences
<axisys> RoyK: tacacs+ authentication was failing for scripts that wanted to login to about 200 juniper routers at the same time .. after switching it to linux.. we had to add delay to make the script not fail.. on solaris same script was working fine for 8 yrs.. no issue
<axisys> s/for scripts/for this script/
<axisys> we have to have 8 instances of tacacs+ server running on same subnet
<axisys> cisco talks to 192.168.0.20, juniper to .21 and so on
<axisys> the server has only two physical interfaces
<DDemon> RoyK: It's been 10min after install (12.04 server clean) and it has a load of 0.80 on an i7 machine with ssd, I will let it run for 10 more minutes see what it does then
#ubuntu-server 2012-06-17
<jdstrand> hallyn: nice! :)
<dcw329> !rules
<ubottu> The people here are volunteers, your attitude should reflect that. Answers are not always available. See http://wiki.ubuntu.com/IRC/Guidelines
<dcw329> is anybody active?
<lifeless> 'yes'
<RoyK> 'ish'
<uvirtbot> New bug: #1014257 in munin (main) "MySQL monitoring fails when used with Percona or MariaDB" [Undecided,Confirmed] https://launchpad.net/bugs/1014257
<braverock2> does anyone here know how to create an avahi iso ?  I can't get the usb image here: https://wiki.ubuntu.com/ServerTeam/MAAS/AvahiBoot to boot on any machine, so I want to try a CD.
 * braverock2 is trying to deploy MaaS nodes without controlling the dhcp server, which the documentation is still very limited on
<DDemon> Is it possible to downgrade to an older kernel in ubuntu server 12.04? for example the 3.0 one, and ifyes, what package should I be using? (The 3.2 kernel is giving me issues)
<DDemon> I want to run the 3.0.0-12-server kernel on my 12.04-server, what package should I take? (Not too femiliar with this)
<braverock2> you'll probably need to compile the kernel from the kernel sources package
<DDemon> There are some packages I can download, and I did one on a virtual machine to test, but I'm not entirely sure it was a correct kernel (was a .deb package) because those tutorials always mention generik ones, this one was the lucid version, is there a difference?
<genii-around> Interesting. Didn't know this was here before. http://kernel.ubuntu.com/~kernel-ppa/info/kernel-version-map.html
<three18ti> well, here goes nothing... upgrading my production ubuntu server from 11.10 to 12.04...
<three18ti> wish me luck.
<uvirtbot> New bug: #1014347 in nut (main) "NUT License prevents distribution of SSL-enabled builds" [Undecided,New] https://launchpad.net/bugs/1014347
 * koolhead17 wishes luck to three18ti 
<three18ti> and it seems everything went swimmingly.
<koolhead17> three18ti, awesome
<three18ti> :)
<three18ti> now to upgrade the chiliproject installation...
<uvirtbot> New bug: #1014359 in postfix (main) "package postfix 2.9.1-5 failed to install/upgrade: subprocess installed post-installation script returned error exit status 75 (dup-of: 1014360)" [Undecided,New] https://launchpad.net/bugs/1014359
<uvirtbot> New bug: #1014360 in postfix (main) "package postfix 2.9.1-5 failed to install/upgrade: subprocess installed post-installation script returned error exit status 75" [Undecided,New] https://launchpad.net/bugs/1014360
<harushimo> does anybody use juju
<harushimo> ?
<harushimo> I have an error message that I don't understand
<themgt> is it possible to install a precise kvm with vmbuilder on an oneiric box?
<themgt> I'm getting:
<themgt> 2012-06-17 14:08:49,900 ERROR   : Invalid suite: "precise". Valid suites are: dapper gutsy hardy intrepid jaunty karmic lucid maverick natty oneiric
<TheLordOfTime> themgt:  it might not have a rule for it
<harushimo> I keep getting this error for juju: Bootstrap aborted because file storage is not writeable: The supplied storage credentials were not accepted by the server.
<harushimo> what does that juju error message mean?
<themgt> looks like this basic process works, so far: http://askubuntu.com/questions/73706/using-vmbuilder-to-build-an-11-10-vm-from-10-04
<uvirtbot> New bug: #1014389 in apache2 (main) "package apache2.2-common 2.2.22-1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1014389
<uvirtbot> New bug: #995495 in openldap (main) "Upgrade from Ubuntu 11.10  to 12.04 breaks slapd  (dup-of: 990742)" [Medium,New] https://launchpad.net/bugs/995495
<Murilos---> Hello
<JoeCoder> should a user be able to access a folder if it does not have read permission to the parent folder?
<JoeCoder> I think it will need the execute bit set?
<zaitzev> anyone around?
<StevenR_> zaitzev: if you have a question, just go ahead and ask it. If someone knows, they'll speak up :)
<zaitzev> I'm having this weird problem on my 12.04 LTS server. The ethernet port (?) is hanging up, or something.. I can't really explain what happens, other than it loses connectivity completely
<zaitzev> I got a couple of photos off of the screen that shows the messages; http://i.imgur.com/oSAkj.jpg and http://i.imgur.com/peTgf.jpg
<StevenR_> zaitzev: looks like a driver fault
<zaitzev> and it happens randomly, I have no idea what would trigger such a thing. The only thing running 24/7 on the server is Cherokee and Deluge, both of which aren't using any noticeable bandwidth, at least not at the time of the hangup
<StevenR_> zaitzev: can you pastebin the output of lspci from the server?
<zaitzev> sec
<zaitzev> http://paste.ubuntu.com/1046266/
<StevenR_> zaitzev: server board, dual intel nics?
<StevenR_> zaitzev: physical server?
<zaitzev> yeah
<zaitzev> dell poweredge with 2x Intel Xeon 2.6 GHz
<zaitzev> any suggestions?
<StevenR_> hmmm.
<StevenR_> zaitzev: is your server up to date? There have been a number of kernel updates recently?
<zaitzev> I run update & upgrade regularly yes
<zaitzev> with kernel updates once or twice I guess
<StevenR_> zaitzev: you guess?  try  sudo apt-get update ; sudo apt-get dist-upgrade  does it want to update stuff?
<zaitzev> I did the update just minutes before logging onto irc ;)
<StevenR_> (apt-get upgrade doesn't seem to want to update everything for me, so I usually use dist-upgrade)
<StevenR_> (like kernel updates get withheld)
<zaitzev> I'll try that now then, see what it says
<zaitzev> yeah I see what you mean
<zaitzev> it's updating some kernel stuff now
<harushimo> hey everyone, I'm getting this aws_access_key_id whenever I'm trying to bootstrap juju
<zaitzev> what annoys me is that I can't replicate the problem
<harushimo> isn't aws for amazon web services?
<StevenR_> zaitzev: I used to have a problem with a DVB device on previous versions, never could find the trigger. Not had it since the upgrade to precise
<zaitzev> I'm running 12.04 LTS btw, didn't I say?
<StevenR_> zaitzev: it would go for weeks, then suddenly, blow away all my USB devices
<zaitzev> this stuff is typical first world problems, lol.
<StevenR_> zaitzev: yes. My point was that I'm running a different kernel to that previous version of ubuntu :)
<zaitzev> NEW packages: linux-headers-3.2.0-25 linux-headers-3.2.0-25-generic linux-image-3.2.0-25-generic
<zaitzev> not entirely sure what previous versions I had there, heh..
<zaitzev> oh nvm, i think it was 0-24 :p
<zaitzev> I'm gonna reboot this paperweight and cross my fingers for this crap to not happen again, brb.
<zaitzev> back
<zaitzev> what do you think can cause the hangup? faulty port or driver?
<StevenR_> zaitzev: if the issue continues, it would be helpful to file a bug (or contribute to one if you can find a bug that matches your issue)
<zaitzev> I'm gonna do what I can to replicate the issue, by doing whatever it is I do when it occurs
<zaitzev> I wonder what else fun I can use this server for
<harushimo> is there a way vm to communicate with another machine?
<harushimo> I'm running vm of ubuntu server. I want to setup samba share so I can setup files between my computer and the vm
<uvirtbot> New bug: #1007657 in juju "proposed origin does not work with local provider" [Undecided,Fix released] https://launchpad.net/bugs/1007657
<patdk-lap> harushimo, it's called, a network :)
<harushimo> haha
<harushimo> I know
<harushimo> what I'm trying to do is that some of the config files i'm writing on ubuntu-server aren't properly working
<harushimo> I was thinking about writing my config files on my desktop and then transferring it to my virtual machine server
<harushimo> quit being smart...I know its a network
<patdk-lap> I just don't get the question at all
<patdk-lap> want to setup samba to share? to a vm
<patdk-lap> setup samba, have network in vm, done
<patdk-lap> there is nothing else to it
<harushimo> when I type samba on the server, it says to install samba4
<harushimo> that is fine
<harushimo> I want the server
<harushimo> how do I get samba server?
<patdk-lap> samba isn't the name of anything, that is your problem
<patdk-lap> you want smbd likely
<patdk-lap> or smbclient, or mount
<patdk-lap> sounds like your question is, how do I install/setup samba
<harushimo> yes
<harushimo> I haven't done it on the server version. i have set it up on my desktop numerous times
<harushimo> I know when I first install server a couple weeks ago, there was an option for samba server
<harushimo> how do I install samba properly?
<harushimo> sudo apt-get install samba4? that is what terminal told me
<patdk-lap> https://help.ubuntu.com/11.04/serverguide/samba-fileserver.html
<harushimo> is it the same instructions for 12.04?
<patdk-lap> mostly
<patdk-lap> https://help.ubuntu.com/community/Samba/SambaServerGuide
<patdk-lap> would be currently, but it's missing the install via cli part :(
<patdk-lap> but ya, apt-get install samba or samba4 would do it
<harushimo> oh okay
<harushimo> thanks
<StevenR_> ls
<IdleOne> Permission Denied. This incident will be reported.
#ubuntu-server 2013-06-10
<madprops> would you name some advantages Ubuntu has over Debian as a server?
<patdk-lap> well, if you look at the delay of security patch rollout times between the two, there is no comparision
<patdk-lap> !compare
<patdk-lap> !best
<ubottu> Usually, there is no single "best" application to perform a given task. It's up to you to choose, depending on your preferences, features you require, and other factors. Do NOT take polls in the channel. If you insist on getting people's opinions, ask BestBot in #ubuntu-bots.
<ruben231> hi guys any idea on this error when i restart the ethernet card somehow, thanks ------> http://pastebin.com/skRrbH3C
<hxm> good morning
<hxm> what is the difference between df and du?
<ikonia> hxm: one is a directory listing the other is mount point, the man pages explain it
<vedic> Hey friends, I am trying to install Ubuntu 12.04 via USB stick (Unetbootin tool). Is there any way to do minimal install via this?
<vedic> It does provide a way to update the install string but I don't know what to mention in that string to install minimal system?
<Yamakasi> Hi Guys
<Yamakasi> I'm wondering if there is some centralized way of user management when you have server that you need to admin and let people login to. Would Ldap help me here ?
<greppy> Yamakasi: probably.
<Yamakasi> greppy: okay, but how ?
<greppy> Yamakasi: that I don't know for sure, I've never set it up :)
<Yamakasi> greppy: okay, you don't manage that much servers ?
<greppy> not currently, just a handfull and not ones that have common users, besides myself.
<yolanda> zul: https://code.launchpad.net/~yolanda.robla/quantum/havana/+merge/167230
<yolanda> or jamespage ^
<hexer4u> Hello! Anybody tried 12.04 VPS with namecheap.com? I want to setup a domain as main server domain and nameservers for it that can be used later on for other domains. Any pointers?
<pokds> Hello all, just a simple question, is posix ACL support enabled by default on ubuntu server 12.04.2 LTS using LVM?
<xnox> pokds: LVM is not a filesystem, hence doesn't have ACL. The default filesystem on 12.04.2 LTS (with or without LVM) is ext4 which does support posix ACL by default.
<pokds> xnox: ok I get it, thank you very much for the answer.
<RoyK> posix ACLs have been supported for gods know how long...
<rbasak> Supported, yes. But not enabled, if you mean user_xattr in /etc/fstab (AFAIK).
<rbasak> (nor acl in /etc/fstab)
<yolanda> zul, jamespage: https://code.launchpad.net/~yolanda.robla/python-quantumclient/havana/+merge/168396
<jamespage> yolanda, first MP tested and merged - second one needs a minor tweak but tested OK
<yolanda> jamespage,the quantum one?
<jamespage> yolanda, python-quantumclient
<jamespage> the changelog date/time format is broken
<jamespage> but the tests do run OK
<yolanda> oh, i see
<yolanda> missing 0
<yolanda> pushed
<yolanda> https://code.launchpad.net/~yolanda.robla/python-glanceclient/havana/+merge/168399
<yolanda> another one
<yolanda> jamespage: https://code.launchpad.net/~yolanda.robla/python-ceilometerclient/havana/+merge/168413
<Pac_Man> hola
<Pac_Man> hi?
<yolanda> jamespage: https://code.launchpad.net/~yolanda.robla/python-cinderclient/havana/+merge/168416
<Pac_Man> Hello, I have some problems with squid3 i do not know if anyone can help me?
<Pac_Man> I want to mount a proxy server, to have free internet in my cell, I do not know if anyone knows, already configure squid3 but I do not know how to enable that supports the connection of the phone
<Pac_Man> hi
<Pac_Man> anyone?
<Koheleth> is 12.04.2 LTS ok with php 5.4.16?
<RoyK> Koheleth: AFAICS, 12.04.2 uses 5.3.10
<RoyK> Koheleth: did you install 5.4 from a ppa?
<Koheleth> yeah I can see its 5.3.10 just got a client who wants the latest release, would it make it unstable?
<Koheleth> clients eh, never happy
<jamespage> yolanda, not sure I get "RET=$($client -h 2>&1 > /dev/null)"
<jamespage> I think that will always be empty no?
<yolanda> jamespage, if that fails it should be failing
<yolanda> the tests i mean
<jamespage> yolanda, but I don't see how that detects the failure
<jamespage> all that does is run the client and redirect all output to /dev/null
<yolanda> if the call gives an error it should be sending output to RET, am i wrong?
<jamespage> yolanda, not with "2>&1 > /dev/null"
<jamespage> that redirects all output to /dev/null
<yolanda> mm, so i have this in all the tests
<jamespage> yolanda, you should really be checking the return code
<jamespage> yolanda, yeah - I just looked at the quantumclient one again
<jamespage> sorry - I should have spotted that
<yolanda> i think i also have it in other merged tests, i was wrong then
<jamespage> yolanda, this one is OK I think - https://code.launchpad.net/~yolanda.robla/quantum/havana/+merge/167230
<jamespage> yolanda, you do something similar when checking the python import
<yolanda> yes
<jamespage> but as you print output when it fails the test does fail
<jamespage> yolanda, for the clients you need to check the return code
<jamespage> anything other that 0 indicates some sort of failure
<yolanda> jamespage, i tested that with the ceilometerclient and if the test for client is giving failure, it's giving error anyway
<yolanda> but best way is to do something like that? result=$(command_to_test 2>&1) ???
<jamespage> yolanda, no
<Pupeno> Does anybody know about a saas third party service that would parse my logs and give me some info, like awstats?
<jamespage> yolanda, http://paste.ubuntu.com/5751419/
<RoyK> Koheleth: heh - I'd give the client a small VM for that use to avoid having to install non-lts packages on the server
<yolanda> ok, i'll modify my tests for the clients. However, maybe by chance, but my checks were also failing if for example i use an incorrect option instead of -h, or i try to call an unexisting client
<RoyK> anyone that knows if iscsi multipath can utilize all links for a single read or write request? For instance copying 50GB in or out of the SAN
<RoyK> or is this implementation specific?
<spidernik84> hello there. Any decent kvm webgui to suggest? Managing it via virt-manager over X forwarding is kinda... slow
<RoyK> spidernik84: works well if you have decent internet access :)
<spidernik84> indeed. Not so much if you are trying to reach a kvm host in Sydney... from Sweden :o)
<spidernik84> and it needs many dependencies
<RoyK> otherwise, perhaps try freenx
<andol> spidernik84: Why would you do the x-forwarding, instead of running virt-manager locally?
<RoyK> that's more of a remote desktop thing, though
<spidernik84> andol: do you use it via ssh?
<jpds> spidernik84: Yes, standard, qemu+ssh://hostip/system connection.
<jpds> spidernik84: ie, virt-manager on your computer can connect to libvirtd on the remote host
<spidernik84> in my case, root access via ssh is disabled on the remote host
<spidernik84> it would be nice to use it. I guess I just need to add the right groups
<jpds> spidernik84: Doesn't have to be root, just has to be a user in the libvirtd group.
<spidernik84> do you see any limitation in virt-manager? Would you consider it enough for vm administration?
<jpds> spidernik84: Decide that for yourself. :)
<spidernik84> :)
<jpds> Does everything I need it to do.
<spidernik84> jpds, perfect, thanks
<spidernik84> still kinda slow but I guess it's not really its fault
<spidernik84> more a connection speed
<andol> spidernik84: You couldn't find anywhere further away from Sweden than Sydney to place the servers? :-)
<spidernik84> :D
<spidernik84> it's doing some cdn-like stuff
<spidernik84> so it needs to be close to our australian customers :P
<andol> spidernik84: Yeah, that is kind of hard to get around :)
<yolanda> jamespage, i updated client: https://code.launchpad.net/~yolanda.robla/python-novaclient/havana_client_fix/+merge/168436
<yolanda> jamespage, another one: https://code.launchpad.net/~yolanda.robla/python-keystoneclient/havana_client_fix/+merge/168457
<zul> jamespage:  http://people.canonical.com/~chucks/ca/
<jamespage> zul: +1
<jamespage> yolanda, sorry - not had time to look at your MP's yet
<jamespage> zul, can you pick some up?
<zul> jamespage:  sure
<yolanda> lots of mps in queue :)
<codepython777> salt/puppet/chef/...? Which is the easiest to learn and use?
<zul> jamespage:  can we let havana-1 bake in the cloud-archive until thursday and push it out?
<zul> i mean in the ppa
<jamespage> zul, yeah I guess so
<jamespage> we can pre-flight it before pushing to proposed
<zul> jamespage:  yeah i dont expect anyone to use it
<yolanda> zul https://code.launchpad.net/~yolanda.robla/python-glanceclient/havana/+merge/168399
<smoser> utlemming, on azure.... do you happen to know what might be running 'start networking' ?
<utlemming> smoser: the images are configured to autostart eth0
<smoser> how?
<utlemming> smoser: look in /etc/network/interfaces
<utlemming> "auto eth0"
<smoser> right. but nothing should run 'start networking'
<smoser> but something is
<utlemming> why do you say so?
<smoser> http://paste.ubuntu.com/5752208/
<smoser> can i get console (ttyS0) output on those ?
<utlemming> yup, call MS support
<smoser> hyperscale!
<utlemming> lol
<smoser> this is part of why it takes 120 seconds to come up on boot
<smoser> as seen https://bugs.launchpad.net/ubuntu/+source/walinuxagent/+bug/1189521
<uvirtbot> Launchpad bug 1189521 in walinuxagent "ifdown thinks interface is not up" [Undecided,New]
<utlemming> smoser: ack, digging on this
<smoser> so, i'm not sure why networking gets run.
<smoser> but it takes 2 minutes to boot because dhclient fails on the dhcp response
<utlemming> smoser: I'm firing up a precise instance to see if that is the story there too.
<utlemming> smoser: RTNETLINK answers: File exists
<utlemming> smoser: that is from /var/log/upstart/networking.log
<smoser> well, thats because it does.
<smoser> :)
<utlemming> smoser: here's a potential working hyptothesis: walinuxagent starts on runlevel 2. It setups up its own DHCP client listening on port 63. If the agent and dhclient try to run at the same time, that could cause the failure.
<utlemming> smoser: also of note, 12.04 instances _have_ dhclient running.
<smoser> the agent's dhclient shouldnt affect anything really.
<utlemming> if both bind attempt to bind on port 68?
<smoser> and as seen in /var/log/network-interface-eth0.log, dhclient fails well before walinux runs
<smoser> so i'm pretty sure that waagent's dhcp is what is actually bringing up networking (such that you can ssh in), but i'm not sure what is running 'start networking'
<utlemming> smoser: I just don't know where in the code that could be happening
<smoser> i dont know either.
 * smoser tried to ocnfigure my 13.10 with statick networking (rather than dhcp) and it seems DOA
<utlemming> smoser: on my instance I see a 15 second difference between when the agent did its work the networking started. After putting a comment, I can see that the DHCP socket for the agent should have closed 14 seconds before the networking start was issued. So my hypothesis, as you stated, is wrong
<smoser> i tihnk something down the failsafe path is doing it
<smoser> but i dont know what
<utlemming> smoser: bingo. See line 1739 http://paste.ubuntu.com/
<utlemming> smoser: If I am following the code right, it flaps the connection a few times
<smoser> pastebinit failed :)
<smoser> or your copy and paste did
<utlemming> smoser: user error, try http://paste.ubuntu.com/5752320/
<smoser> but that actually shouldn't cause 'networking' job to run
<utlemming> smoser: the first call is at line 2473, which does a flap for no reason, other than to give the instance a name of 'localhost.localdomain'
<utlemming> smoser: right...and it doesn't explain why the if status shows down
<smoser> well, if shows down because dhclient failed
<smoser> its a stupid state
<smoser> it just knows that *it* didn't bring it up
<smoser> so its down from its perspective
<smoser> (well, it tried and it failed)
<hallyn> anyone know what scratchbox-devkit-qemu is?
<smoser> Scratchbox is a framework to help developers with cross-compilation of Linux software
<smoser> (but other than that, no)
<hallyn> interesting - thanks
<adam_g_> zul, any chance you can take a look at the 2013.1.2 grizzly branch update proposals?
<zul> adam_g_:  sure url?
<adam_g_> zul, https://code.launchpad.net/~openstack-ubuntu-testing/+activereviews
<zul> adam_g_:  done
<adam_g_> zul, okay thanks.
<utlemming> smoser: I think that this might be a bug in the lease time. Doing a "ip addr del ... dev eth0 & restart networking" yield a message about "Unable to set up timer: out of range". Googling this, I found https://bugzilla.redhat.com/show_bug.cgi?id=789601
<uvirtbot> utlemming: Error: Could not parse XML returned by bugzilla.redhat.com: HTTP Error 404: Not Found
<smoser> utlemming, right
<utlemming> smoser: it looks this might be the insanely long lese time
<utlemming> er, lease time
<smoser> that "out of range" is why it fails
<smoser> (well, the first time. i'm not sure if its that our the route-exists the second time)
<smoser> but it doesn't really matter
<smoser> utlemming, http://www.informit.com/articles/article.aspx?p=30874&seqNum=3
<smoser> that, paired with /var/log/dhcp/dhclient.eth0.leases having:
<smoser>   renew 4 2149/07/17 23:25:05;
<smoser>   rebind 4 2149/07/17 23:25:05;
<smoser>   expire 4 2149/07/17 23:25:05;
<smoser> makes me suspect a off-by-one(ish) error
<utlemming> yeah, the max lease should be 2048/07/17
<utlemming> so then, obviously I file a ticket with MS....do we need to do something in the meantime? I am curious why this works on 12.04 and not in 13.04
<smoser> well
<smoser> $ date --date="now + $(echo "2^32 - 2" | bc) seconds" --utc
<smoser> Fri Jul 18 00:00:36 UTC 2149
<utlemming> per your link, the max lease is roughly 135 years
<smoser> so its very close to right.
<smoser> well, either that guy's math or bc's is wrong
<smoser> and between the two of them, i trust bc
<smoser> (and gnu date)
<utlemming> right
<utlemming> smoser: I just applied, build and tested the RH bug fix, and this is a match.
<utlemming> smoser: I'm uploading my tree now, and it look like this will need SRU review
<luminous> hello! if you add an init/upstart script to /etc/init/foo.conf - do you need to do anything else before you can "start foo" ?
<utlemming> smoser: I just proposed a merge for the DHCP fix.
<smoser> utlemming, lets open a specific bug for that
<smoser> as the one i opened has many other things. to sort out.
<utlemming> smoser: already did :)
<utlemming> smoser: Bug 1189571
<smoser> number?
<uvirtbot> Launchpad bug 1189571 in isc-dhcp "isc-dhcp client "Unable to set up timer: out of range" caused by bad 64_bit timer" [Undecided,Confirmed] https://launchpad.net/bugs/1189571
<utlemming> smoser: I tested the fix...and I have a MP out for Saucy
<smoser> utlemming, put a patch header in
<smoser> dep 3
<utlemming> smoser: on it
<utlemming> smoser: uploaded with patch header
<smoser> utlemming, that improves booth time by like 4 minutes
<chadmandoo> Hey all.  I have a question regarding the best way to implement a mail server.  I have some website I am hosting ona  self managed server but I understand the issue with spam.  I am wanting to possibly redirect my mail to a known server for relay.  What is the best way of doing this?  I have looked into using postfix + gmail
<utlemming> smoser: can you confirm the fix in the LP bug?
<RoyK> this one is rather ugly bug 1189567
<uvirtbot> Launchpad bug 1189567 in xfsprogs "xfs_repair fails to repair filesystem" [Undecided,New] https://launchpad.net/bugs/1189567
<smoser> utlemming, it is confirmed...
<utlemming> thank you kindly
<smoser> i will upload shortly
<smoser> to saucy
<smoser> utlemming, its kind of nice to reboot a system nad have it come back in 30 seconds rather than 4 mintues ;)
<utlemming> smoser: I am frankly really surprised this hasn't been an issue yet, but I am definately happy that they are faster boots
<utlemming> smoser: after the upload, it should land in the next daily for saucy. I'll verify the fix in the next daily, and then proceed to get that SRU'd
<smoser> i just uploaded
<utlemming> smoser: ack
<smoser> i made a white space change in yoru patch.
<smoser> and removed the in-file reference to redhat bug
<smoser> basically just re-using verbatum fedora's patch
<smoser> (you had whitespace indentation rather than tab)
<utlemming> smoser: oh, thanks
<jacobw> !ops
<ubottu> Help! Channel emergency! soren, lamont, mathiaz, Pici, Daviey, Tm_T or pmatulis
<soren> 'sup?
<soren> jacobw: ?
<jacobw> Max SendQ exceed * many
<jacobw> Just, not right now :|
 * soren crawls back under his rock
 * hallyn waves toward soren's rock
<smoser> utlemming, bug 1189571 is relavent to 12.04, no?
<uvirtbot> Launchpad bug 1189571 in isc-dhcp "isc-dhcp client "Unable to set up timer: out of range" caused by bad 64_bit timer" [Medium,Confirmed] https://launchpad.net/bugs/1189571
<utlemming> smoser: negative. I confirmed that it doesn not affect 12.04 or 12.10
<smoser> that seems unlikely, dont you think ?
<utlemming> smoser: that's what I thought....I checked on a new instance of each
<utlemming> smoser: I'll throw up another pair now
<utlemming> smoser: I'll use the latest dailies for that
<smoser> utlemming, https://launchpad.net/ubuntu/+source/isc-dhcp
<smoser> it would seem like it would *have* to affect quantal
<smoser> (ie, same usptream version 4.2.4)
<utlemming> smoser: yeah....looks that way
<smoser> i hvae to run.
<utlemming> smoser: you're right, looks like I started two precise instance, so it does affect 12.10 too
<genii> Hm. Only Precise and Saucy images now in http://cdimage.ubuntu.com/ubuntu-server/  ? I wanted to wget 13.04 but it doesn't work with the redirection URLs at http://www.ubuntu.com/download/server
<diegobiavati> test
<sarnold> diegobiavati: irc tends to be quiet until someone has something to say.. :)
 * genii just downloads Saucy instead
<genii> ( since I'm trying to test Hockeypuck which doesn't come in Precise )
<Slyboots> Evening folks.  Im curious anyone had any experiance with this new fs btrfs?
<sarnold> Slyboots: at least a handful of folks here have btrfs in their testing setups.. I'm not sure it's quite production ready, but it sure looks promising
<Slyboots> Mm, Im just thinking of using it in my home NAS but slightly confused.
<Slyboots> I take it you use brfs instead of mdadm for a RAID/LVM
<Slyboots> And *not* on top of those
<xnox> Slyboots: correct.
<Slyboots> Bugger, going to have to start again then heh..
<xnox> Slyboots: the installer doesn't offer out-of-the-box setup of raid levels though.
<Slyboots> Im sure I can muddle my way though the setup
<Slyboots> So brfs is quite like zfs it sounds
<xnox> they are similar in many aspects/concepts
<xnox> "class" / "generation" of filesystems.
<Slyboots> Okay, Well I'll give this a good reading and a tinkering, I was just curiuos if people had used it and if its considered "Safe" enough for general use
<Slyboots> I wouldnt put it on a production server of course, but I think for my home NAS it'll do the job :)
<sarnold> excellent :) feedback from enthusiastic users is what moves it along :)
<Slyboots> :D
<jcastro> I use it on my home NAS
<jcastro> no problems
<jcastro> just make sure you have a newer kernel
<jcastro> I use a backported kernel for 12.04
<Slyboots> jcastro, hm?
<sarnold> jcastro: quantal or raring? .. can you recall off the top of your head what changed between them and precise?
<jcastro> the updates to btrfs are in the kernel
<jcastro> so you can snag either quantal or raring kernels for 12.04 if you want a new kernel but stable userspace
<jcastro> linux-generic-lts-raring and linux-generic-lts-quantal
<Slyboots> Ahh..
<jcastro> sarnold: it's a huge version jump to each one
<jcastro> so I just tend to run the newest
<sarnold> jcastro: aha
<jcastro> I used to run the mainline kernels but at some point the supported kernels caught up
<jcastro> oh, and you'll need to build btrfs-tools from like git but it's just an easy `make`
<jcastro> other than tha, no problems!
#ubuntu-server 2013-06-11
<adam_g_> jamespage, on-the-fly stable branch changelog generation happening in bzr now for folsom and grizzly, eg: lp:~openstack-ubuntu-testing/nova/folsom-commit-tracking
<ccssnet> what sense does it make to have a pae only install cd kernel!?!?
<ccssnet> someone using 32bit, should later update to pae kernel if they need it. the install cd apears useless as is
<adam_g_> Daviey, if you have a minute the latest openstack stable stuff (2013.1.2) is in-queue for raring-proposed
<hallyn> stgraber: do you think you'll be pushing any fixes to saucy/lxc in the next week?  if so i'd like to sneak the lxc-stop exit code fix in there with it
<stgraber> hallyn: pretty busy with the Ubuntu Touch image updater at the moment and don't have anything urgent on my lxc todolist, so I'm unlikely to have an upload to do
<stgraber> hallyn: oh, though I still need to take a quick look at that merge proposal of yours, I guess you could bundle the lxc-stop fix with that
<stgraber> hallyn: MP processed, sorry for the delay there, forgot to put it on my todolist...
<hallyn> stgraber: cool, thanks
<Chunky56> I have a software RAID 5 array where one of the hard drives died--I got a replacement hard drive, but do I need to initialize it before I try to add it into my array? I ask because I tried to add it into my array and it is not automatically resyncing
<zul> jamespage:  https://code.launchpad.net/~zulcss/heat/ubuntu-refresh/+merge/168517
<koolhead17> zul: salute
<zul> koolhead17: hey
<koolhead17> zul: how are things sir? long time
<zul> koolhead17:  busy
<koolhead17> zul: hopefully things would have gone much easier now
<zul> koolhead17:  you would think so ;)
<koolhead17> i mean better than before for sure. See am not making much noise here
<koolhead17> :D
<zul> neither am i
<koolhead17> zul: is that not evident we are in peace :P
<zul> hallyn:  i havent had a chance to run the libvirt qa testsuite but 1.0.7 works ok for me
<hallyn> zul: ok, cool
<mardraum> 1.0.7? o.O
<hallyn> i suspect he meant 1.0.6?
<mardraum> ok, thought maybe I blacked out for a few weeks :P
<mardraum> hallyn: it's not in your ppa right?
<mardraum> 1.0.6 has fixed the migration issues for other distros users I have talked to
<zul> yeah 1.0.6
<hallyn> mardraum: not in mine, nope
<zul> jamespage:  http://people.canonical.com/~chucks/ca/
<AtuM> Hi. After upgrading to 13.04 I see no cursor in any of the installed desktops (fwmm, wdm, fluxbox).. Xorg reports no errors - the mouse works fine
<AtuM> default wm is wdm
<zul> AtuM: #ubuntu please
<AtuM> zul, that's on the server distro.. desktop guys point me to this channel.. besides.. with the earlier kernel version (3.5.x) mouse cursor is seen.. with the latest one it is not
<AtuM> is there a way to get a newer kernel installed?
<jamespage> zul, bug 1189909
<uvirtbot> Launchpad bug 1189909 in quantum "dhcp-agent does not provide IP address for instances with re-cycled IP addresses." [Undecided,New] https://launchpad.net/bugs/1189909
<jamespage> gah
<jamespage> zul, took me a while to track that one down
<zul> jamespage:  awesome! ;)
<AtuM> using 3.8.0.23 the cursor is inivisble, using 3.8.0.22 the keyboard and mouse don't work.. system freezes (using usb keyboard, no ps2 port). will try an even older version
<Pici> AtuM: Ubuntu server doesn't have any gui at all, you should be asking in #ubuntu
<AtuM> Pici.. so installation of fwwm uses desktop repos?
<Pici> AtuM: Both -server and -desktop share the same repositories.
<AtuM> Pici, then how come i have 3.8.0-19 as the latest kernel.. and the server has 3.8.0-23 ?
<Pici> AtuM: Sounds like you don't have the -updates or -security repositories activated. 3.8.0-19 was the version that was provided when 13.04 was released.
<AtuM> Pici, thanks. hope I get this issue solved in #ubuntu ;)
<genii> !info hockeypuck precise-backports
<ubottu> Package hockeypuck does not exist in precise-backports
<genii> Meh.
<genii> !info hockeypuck quantal-backports
<ubottu> Package hockeypuck does not exist in quantal-backports
<genii> So just Raring onwards.
<smoser> roaksoax, you asked about simplestreams and download for maas..
<smoser> utlemming, are the maas simplestreams ready ? i think there is still work there, right?
<roaksoax> smoser: yeah
<smoser> so there is work to get the streams correct on maas.ubuntu.com/images
<utlemming> smoser: yeah, I was just looking
<roaksoax> ok
<utlemming> smoser: its being generated...just not correctly, I think
<utlemming> smoser: I can get that done this week
<smoser> roaksoax, but my plan was to use the command-sync tool 'sstream-sync'
<roaksoax> smoser: ok, so replace maas-import-ephemerals to use sstream-sync instead?
<smoser> thats the basic idea, yeah. and also we'll have data for pxe files too
<roaksoax> smoser: ok, so that would replace maas-import-pxe-files and maas-import-ephemerals all together
<smoser> tools/hook-image-id in lp:simplestreams might be a start.
<roaksoax> smoser: and what about the root images? are we still looking into generating them from a script?
<smoser> tools/hook-check-downloads too
<smoser> roaksoax, i'm still not sure what to do there...
<smoser> i really dont towice
<smoser> i really dont want to download the same data twice
<roaksoax> smoser: yeah
<roaksoax> makes sense
<smoser> the path that sabdfl wants is to just use the ephemeral image for the source
<smoser> by 'cp /'
<roaksoax> right
<jamespage> zul: just testing this stuff now prior to upload for staging - http://people.canonical.com/~jamespage/ca-updates/
<jamespage> the json-* ones also need a look
<jamespage> zul, http://reqorts.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/havana_versions.html
<zul> jamespage:  +1
<Will> anyone have a upto date guide on making a ubuntu web server with zpanel or webim?
<jamespage> zul, OK - once they have build tested I'll upload
<zul> sweet
<EDocToor> Hi
<Will> hello
<Nishok> Hello everyone, I am having issues starting my MySQL server after I have restarted my VDS, here is a screenshot of the SSH: http://therealnishok.com/screensnapr/2013-06-11_1730.png Does anyone have any idea?
<dlloyd> check syslog for more error messages
<rbasak> /var/log/mysql for mysql-specific errors on Ubuntu IIRC
<Nishok> dlloyd and rbasak: http://therealnishok.com/screensnapr/2013-06-11_1748.png
<Nishok> (ignore "ls /var/log/syslog", was a typo :P)
<dlloyd> are there any messages in syslog relating to mysql?
<Nishok> cat isn't showing anything for syslog.. is it empty?? http://therealnishok.com/screensnapr/2013-06-11_1753.png
<Nishok> dlloyd
<dlloyd> looks that way
<Daviey> adam_g jamespage zul smoser, why is hallyn up as the next chair?
<jamespage> Daviey, no idea
<smoser> why should he not be?
<zul> no idea
<smoser> i did last week
<jamespage> smoser, ah - I see
<Daviey> smoser: he is embedded in the middle of the queue
<smoser> "Char Candidates" != "queue"
<Daviey> it always used to be..
<smoser> well, i did last week
<smoser> i dont know who did the week before that
<smoser> i think zul
<zul> i did the week before smoser
<Daviey> ugh
<smoser> i could tell you, but no one uploaded meeting minutes btween 0423 and last week
<smoser> :)
<Daviey> When did people stop moving their name to the tail of the list?
<smoser> https://wiki.ubuntu.com/MeetingLogs/Server
<jamespage> adam_g_, zul: I'm really hoping one of you spotted the missing epoch from the 2013.1.2 updates prior to upload
<adam_g_> jamespage, where?
<jamespage> adam_g_, for example - https://code.launchpad.net/~gandelman-a/ubuntu/raring/cinder/2013.1.2/+merge/168177
<adam_g_> jamespage, oh ya, i caught that after i merged but before uploading
<adam_g_> jamespage, https://launchpad.net/ubuntu/raring/+queue?queue_state=1
<Daviey> well, it would have got rejected :)
<adam_g_> need to push corrections back
<jamespage> adam_g_, good-oh
<adam_g_> oh actually i fixed them in the merge
<jamespage> zul: most of those uploaded
<jamespage> python-testtools needs a new dep
<zul> jamespage:  do you want me to do testtools?
<jamespage> zul, sure - that would be helpful
<utlemming> smoser: re Bug 1079897, would you have time to upload that to -propsed?
<uvirtbot> Launchpad bug 1079897 in walinuxagent "[SRU] walinuxagent mangles server identity and access on upgrade" [Critical,Fix released] https://launchpad.net/bugs/1079897
<zul> jamespage:  ack
<utlemming> smoser: I have the branches prepped.
<smoser> ?
<smoser> it is marked fix-released everywhere.
<utlemming> smoser: whoops, wrong bug :)
<utlemming> smoser: bug 1189571
<uvirtbot> Launchpad bug 1189571 in isc-dhcp "[SRU] "Unable to set up timer: out of range" caused by bad 64_bit timer" [Medium,Confirmed] https://launchpad.net/bugs/1189571
<hallyn> zul: all tests passed on 1.0.6!  woohoo.  now that was on ec2 without /dev/kvm...
<zul> hallyn:  good enough for me :)
<zul> jamespage:  need python-mimeparse as well
<EDocToor> All I wanted to do was to run one OPENSOURCE package called "ofbiz" and it seems that I have to be a Computer Technical wizard and learn EVERTHING server before I can even get started... I would love to quit windows.. but everytime I try to do anything in linux I am deluded by the overwhelming prospect of becoming a Scolar before I can do anything.. Ok, I have to choose between the Red Pill or the Blue Pill... I'll do more resear
<EDocToor> ch and return when I discover what my question is.. have a great day everyone ;-)
<utlemming> smoser, Daviey: I'm not sure if this a bug, but it look likes like libpam_modules no longer creates /etc/update-motd.d
<smoser> $ dpkg -S /etc/update-motd.d/
<smoser> base-files, update-notifier-common, ubuntu-release-upgrader-core: /etc/update-motd.d
<utlemming> smoser: take a look at the latest daily for the cloud images
<jamespage> zul: http://people.canonical.com/~jamespage/ca-updates/
<zul> jamespage:  http://people.canonical.com/~chucks/ca/
<zul> jamespage:  +1
<jamespage> zul, you need more -v
<utlemming> smoser: this is in regards to saucy
<zul> jamespage: doh..
<zul> jamespage:  but its the last changelog entry before the upload
<jamespage> zul, it really needs to be the changelog since the last upload to the CA
<zul> jamespage:  ah ok
<zul> jamespage:  and if its a new dep?
<jamespage> zul, -v since whats in precise
<utlemming> smoser: oh, never mind, it's there...but on first login you don't get anything
<zul> jamespage:  ack
<jamespage> zul, I though it was always like that
<jamespage> at least thats what my script does that I use
<zul> jamespage:  nope
<zul> im using adam_g_'s script in the openstack-ubunt-testing bzr branch
<smoser> utlemming,
<smoser> given http://paste.ubuntu.com/5755400/
<smoser> is there a way that i know what is "daily" and what is released?
<adam_g_> zul, you can specify how many changelog entries to include in .changes
<jamespage> adam_g_, zul: ooo - I have a bit of python which works out what the right version to -v from is
<jamespage> based on whats in the CA already
<zul> jamespage:  oooh
<utlemming> smoser: er, you should be seeing dailes...
<zul> that would be nice, mind throwing it in openstack-ubuntu-testing scripts
<smoser> utlemming, thats 'azure vm image list'
<smoser> i'm just confused as to what that represents. which thing is "released" and which is just a daily
<utlemming> smoser: the dailes are supposed to be something like Ubuntu_DAILY_BUILD-saucy-13_10-amd64-server-20130611-en-us-30GB
<smoser> it'd be really nice if they were named something like:
<smoser> ubuntu-saucy-daily-i386-server-20130611
<smoser> ie, consistent
<zul> adam_g_:  how?
<adam_g_> zul, -v
<zul> jamespage:  ok updated
<utlemming> smoser: okay, the dailies are public now
<utlemming> smoser: that was a builder error, that is now fixed
<smoser> utlemming, http://paste.ubuntu.com/5755460/
<smoser> i dont see saucy
<smoser> and is still am confused about which is released and which is daily
<utlemming> run it again...it looks like some of the end points haven't seen the publication flag yet
<utlemming> http://paste.ubuntu.com/5755466/
<hallyn> stgraber: I'm going to push the lock move patch to staging, as noone has reviewed it, fwiw.  we can always revert it
<stgraber> hallyn: must have missed that one
<stgraber> hallyn: was that the /run/lock change?
<hallyn> yeah
<hallyn> zul: could you accept the nomiation for series on bug https://bugs.launchpad.net/bugs/1188850 ?
<uvirtbot> Launchpad bug 1188850 in libcgroup "cgrulesengd cannot process symlinked executables" [High,Fix released]
<zul> hallyn:  done
<jcastro> utlemming: or smoser: who wants to field this? http://askubuntu.com/questions/306634/differences-between-aws-ubuntu-image-and-a-fresh-install
<hallyn> zul: thanks!
<stgraber> hallyn: I guess we already have code in there to recursively create the directories?
<hallyn> yes
<hallyn> that's the mkdir_p
<hallyn> oh yeah that's not in the patch context, i see
<stgraber> hallyn: yeah, that bit wasn't visible in the diff
<stgraber> right
<stgraber> ok, sending my ack now
<hallyn> thanks - ttyl
<zul> hallyn:  about to upload libvirt
<hallyn> zul: ok
<rbasak> mdeslaur: thanks for the php5-gd fix!
<mdeslaur> rbasak: np! :)
<Will> having trouble instaling zpanel to my ubuntu server
<zotta> hi
<Nishok> Hello everyone, I have installed MySQL-Server-5.5 but I can't start it by using "service mysql start", it gives the error "unrecognized service". Here is a screenshot of it being installed + trying to run it: http://therealnishok.com/screensnapr/2013-06-11_1945.png
<zotta> i want to uninstall bind9
<zotta> but it won't stop
<zotta> Error: /run/resolvconf/interface either does not exist or is not a directory
<zotta> when i do service bind9 stop
<zotta> how to uninstall it?
<sarnold> Nishok: what does ls -l /etc/init/mysql.conf give you?
<Nishok> zotta: apt-get purge bind9 should do the trick (it will remove everything of bind9)
<Nishok> sarnold: ls: cannot access /etc/init/mysql.conf: No such file or directory
<sarnold> Nishok: is mysql-server-5.5 installed?
<zotta> Removing bind9 ...
<zotta>  * Stopping domain name service... bind9                                                                           resolvconf: Error: /run/resolvconf/interface either does not exist or is not a directory
<zotta> invoke-rc.d: initscript bind9, action "stop" failed.
<zotta> dpkg: error processing bind9 (--purge):
<Nishok> sarnold: Yes, look at the screenshot to see the information of the mysql-server 5.5: http://therealnishok.com/screensnapr/2013-06-11_1945.png
<zotta> does not work
<sarnold> Nishok: that shows mysql-server is installed, but says nothing about mysql-server-5.5
<sarnold> zotta: this is a bit gross... but perhaps "sudo mkdir -p /var/resolvconf/interface ; sudo apt-get purge bind9"
<zotta> yay: killall named did the trick
<sarnold> oh better :)
<Nishok> sarnold: Well, I did "apt-get install mysql-server" and it installed, including asking me to keep the current root passwords or change them, etc.. :/
<sarnold> Nishok: hrm...
<sarnold> Nishok: what does dpkg -l 'mysql*' look like?
<Nishok> sarnold: http://therealnishok.com/screensnapr/2013-06-11_1952.png
<sarnold> Nishok: aha :) normal is 'ii', 'iU' indicates something is wrong.. try dpkg-reconfigure -a
<Nishok> sarnold: TIL :D
<Nishok> Anyways, here: http://therealnishok.com/screensnapr/2013-06-11_1953.png
<sarnold> Nishok: harumph. :)  okay, try "dpkg-reconfigure mysql-client-5.5 mysql-server mysql-server-core-5.5" ...
<Nishok> sarnold: http://therealnishok.com/screensnapr/2013-06-11_1957.png
<sw> What would be the tar command to put /dir1 /dir2 /dir3 in a .tar.gz called backup_YYYYMMDD?
<sarnold> Nishok: there might be a 'polite' way to fix this, but if this were mine, I'd copy the databases and configurations elsewhere, apt-get purge everything, and re-install.
<Nishok> I have a backup
<Nishok> sarnold: I have a backup of the whole /var/lib/mysql/ folder
<Nishok> Is that all I need?
<sarnold> Nishok: and probably /etc/my* something
<Nishok> sarnold: http://therealnishok.com/screensnapr/2013-06-11_2001.png
<sarnold> Nishok: uninstall mysql-server, mysql-server-5.5, and so forth, in the same command
<Nishok> sarnold: All clean: http://therealnishok.com/screensnapr/2013-06-11_2005.png
<Nishok> What is the best way to install them again?
<sarnold> Nishok: mysql-server-5.5 is still 'in', not 'un'... I'd do that one too
<Nishok> sarnold: Do I run the autoremove? http://therealnishok.com/screensnapr/2013-06-11_2006.png
<sarnold> Nishok: not yet, maybe later..
<Nishok> sarnold: Well, then the mysql-server-5.5 will stay "in"
<sarnold> Nishok: okay. now, hopefully "apt-get install mysql-server mysql-client" will do the right thing
<Nishok> sarnold: Ended with an error? http://therealnishok.com/screensnapr/2013-06-11_2010.png
<dlloyd> see the line about disk space?
<sarnold> Nishok: "no space left on device" for /var/cache --- you've got bigger problems to solve. :)
<sarnold> *sigh* once again, odd errors that don't look right --> should check disk space first. How many times do I have to learn that lesson?
<Nishok> sarnold: I already checked disk.. it has 9GB left D: http://therealnishok.com/screensnapr/2013-06-11_2012.png
<sarnold> Nishok: the important column is 'Avail' -- the nine gigs is actually held aside for root's exclusive use.
<Nishok> sarnold: Ah.. Give me a minute to remove some stuff then.
<genii> the 5% reserved, yadda yadda yadda
<sarnold> Nishok: tune2fs -m  can change the percentage.
<sarnold> Nishok: but don't change it too much, maybe 4 percent, just to get you back up and running, and then clear out space...
<sarnold> (without free space, the filesystem will fragment itself to death quickly)
<Nishok> sarnold: I already cleared 4.7GB (says Avail) and FTP is still going, so I am fine, no need to change % ^^
<Nishok> sarnold: Should I just type "apt-get install mysql-server mysql-client" again?
<sarnold> Nishok: yeah
<Nishok> sarnold: ugh, error because it is already partially installed. Give me a minute to remove them again xD
<Will> anyone have a recentish upto date guide on setting up a webserver with ubuntu? i've been following one but im returning some errors involving my sql root
<sarnold> Will: https://help.ubuntu.com/12.04/serverguide/web-servers.html
<Nishok> sarnold: Seems to be installed correctly, only I think the configs are gone (got deleted before I contacted you tho :S), how can I change the config to be able to connect? http://therealnishok.com/screensnapr/2013-06-11_2023.png
<sarnold> Nishok: oh nuts :/ that'll be /etc/my.conf or wherever the configuration is stored..
<Nishok> sarnold: Looks empty D:
<zotta> I have a self-compiled program (without a package, makefile, etc) and want it to be useable in console without specifying the path
<zotta> where should i put the elf?
<Nishok> sarnold: Got it ^^
<sarnold> zotta: I make a new ~/bin/ directory and add $HOME/bin to my PATH on every system I use...
<sarnold> Nishok: oh good :)
<zotta> sarnold: from other users
<sarnold> zotta: /usr/local/bin
<Nishok> sarnold: I assume bind-address is the IP I should change? (currently set to local: 127.0.0.1)
<sarnold> Nishok: yes, you may need to hcnage others too
<zotta> can i su to a user with /bin/false shell?
<zul> adam_g_:  http://people.canonical.com/~chucks/ca/
<Nishok> sarnold: W00T, got connection, thanks for all your help, holy shit I would have cried in a corner without you :)
<sarnold> Nishok: nice! ;) have fun ;)
<Nishok> ty ^^
<adam_g_> zul, lgtm
<zul> adam_g_:  thanks
<Will> sarnold: is there a step by step guide for this like http://ubuntuserverguide.com/2012/11/how-to-install-zpanelx-web-hosting-control-panel-on-ubuntu-server-12-04.html/2
<sarnold> Will: sorry, no idea on zpanel things..
<Will> i was looking into webim as thats the reccomended one
<adam_g_> smoser, i think ive hit saucy cloud-init terminating while installing packages across a bunch of machines. all logs end at the same place: http://paste.ubuntu.com/5755881/
<smoser> adam_g_, it just blocks ?
<smoser> you have /var/log/cloud-init.log ?
<adam_g_> smoser, no, i dont see anything blocking it.
<adam_g_> one sec
<adam_g_> smoser, http://paste.ubuntu.com/5755890/
<adam_g_> in any case, its runcmd is never running
<smoser> adam_g_, The following packages will be upgraded:
<smoser> ... upstart
<smoser> https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1124384
<uvirtbot> Launchpad bug 1124384 in cloud-init "Configuration reload clears event that others jobs may be waiting on" [High,Confirmed]
<adam_g_> smoser, ah
<adam_g_> zul, was pbr supposed to eliminate python-setuptools-git?
<Enich> I am running a lot of ubuntu minimal cd (machines) on a libvirt kvm installation.   And sometime experience that the servers hang in the grub menu.   I cannot seem to figure out the pattern behind it and wanted to know if someone out there has had the same experince
<zul> adam_g_:  no its a dependency checker thing
<adam_g_> zul, so its dependency on python-setuptools-git is valid?
<zul> yeah
<adam_g_> hmm
<adam_g_> bummer
<Enich> I gotta figure out how to get apt-cacher-ng to pick the fastest mirror, it seems it is currently by default just using us.archive.ubuntu.com   any idears ?
<andol> Enich: Does apt-cacher-ng even make any mirror selection by itself? Doesn't it just go to whatever your local sources.list is pointing it to?
<vlad_starkov> Question: I got a problem after apt-get upgrade on Ubuntu 12.04 with raid1+encryption+lvm. After reboot the LVM-passphrase is always wrong! Anyone know this issue?
<utlemming> vlad_starkov: did you follow the recommendation and backup the LUKS header?
<Slyboots> Evening
<vlad_starkov> utlemming: NO!
<vlad_starkov> utlemming: I just started reading about LUKS header...
<vlad_starkov> after this happened
<Slyboots> LUKS?
<vlad_starkov> on another exactly the same machine I made apt-get upgrade and reboot and it's fine...
<Enich> andol, Im not sure.. it seems like it has mirrors in the etc directory ..
<utlemming> vlad_starkov: I might suggest going to the #ubuntu-devel channel for this question. Off the bat, it sounds like the header may have been corrupted/damaged.
<Enich> it for some reason picks us mirrors despight im en europe
<vlad_starkov> utlemming: thnaks
<Slyboots> Huh.. you cant to RAID5/6 with Btrfs?
<vlad_starkov> utlemming: But I read that if I use dm-crypt there is no such a thing like header
<vlad_starkov> utlemming: how can I know what I use?
<madprops> I set up an ircd-irc2 server but it takes a lot of time to establish connection, is there a way to make this faster?
<utlemming> vlad_starkov: "cryptsetup isLuks <Device>"
<andol> Enich: From what I recall that mirror list is mostly to merge the cache files from different mirrors containing the same files.
<sarnold> madprops: probably disable identd lookups
<vlad_starkov> utlemming: If it is raid I should do in initramfs "cryptsetup isLuks /dev/md1" ?
<andol> Enich: No matter if apt-cacher-ng can do magic or not, you can definetly point it to a specific mirror using your sources.list entry, so why don't you just pick a good local mirror for now?
<vlad_starkov> utlemming: this command returns nothing
<utlemming> vlad_starkov: is the raid assembled? i.e. does /dev/md1 exist?
<vlad_starkov> utlemming: yes
<vlad_starkov> utlemming: and cat /proc/mdstat returns healthy result
<utlemming> vlad_starkov: I would go over #ubuntu-devel....you'll find the encryption experts hanging out there.
<Slyboots> Damn, this is a bit of a downer, weird taht btrfs doesnt support anything other than RAID1/10
<vlad_starkov> utlemming: Asked a question there. But there is silence for the moment...
<madprops> sarnold, should I be using  /ircd-hybrid/ ?
<utlemming> vlad_starkov: what does "sudo blkid" show?
<sarnold> madprops: I'm not sure. On the one hand, taking a distro-provided ircd means you get the community to help support it; on the other hand, if you're running a public network, being 'hooked in' with the upstream ircd developers would probably be useful, whether that's oftc-hybrid or plain hybrid or whatever..
<Enich> andol,   The issue is that the deployment is done automatically so i would have to do it via a kickstart file
<andol> Enich: I'm afraid I really don't see the problem. Nevertheless, I'm off to bed now.
<andol> *poof'
<vlad_starkov> utlemming: oooops..... blkid: TYPE="CRYPTO_LUKS"
<utlemming> vlad_starkov: so it is a luks...I would backup the header now.
<vlad_starkov> utlemming: the server is on the remote side
<utlemming> vlad_starkov: i.e. cryptupsetup luksHeaderBackup /dev/md1 header.img
<vlad_starkov> utlemming: so it will copy it to the RAM?
<utlemming> vlad_starkov: yeah, it won't hurt....just don't reboot until you get into the box
<sw> What would be the tar command to put /dir1 /dir2 /dir3 in a .tar.gz called backup_YYYYMMDD?
<sarnold> sw: where are you stuck?
<vlad_starkov> utlemming: ok that command returned nothing. ls -al shows header.img with 2097152 bytes
<utlemming> vlad_starkov: try "crpytsetup luksOpen /dev/md1 volume"
<Slyboots> So, heres a query since I cant use btrfs.  Planning on building a NAS/general purpose server for a home user.  What sort of FS would you recomend?
<vlad_starkov> utlemming: I'm supposing to launch /lib/cryptsetup/askpass 'unlocking' | /sbin/cryptsetup -T 1 luksOpen /dev/md1 md1_crypt --key-file=-
<Slyboots> I know you can just use raid5 with MDADM, but thats very slow doing building/syncing
<Slyboots> So I.. really dont know.
<shodan45> anyone use atftpd in ubuntu server?
<utlemming> vlad_starkov: just a hunch, but does /lib/crytsetup/askpass even exist?
<shodan45> and as a daemon, not via inetd, etc?
<vlad_starkov> utlemming: I'm rebooting.... will try to enter upper i instead of lover L
<vlad_starkov> lower
<vlad_starkov> utlemming: It works!!! I feel myself like an idiot spent 1.5 hours dealing with it
<vlad_starkov> utlemming: Thank you! As you recommended me I asked people in #ubuntu-devel in addition to #ubuntu-server. Your advices were almost the same as slangasek's from #ubuntu-devel. Thank you guys so much!
<utlemming> vlad_starkov: no problem...just back up your headers...and do a lvm backup as well. It never hurts to have a backup of those in case things go south on you.
<vlad_starkov> utlemming: what would be the cheatsheet for backup luks and lvm headers? "cryptupsetup luksHeaderBackup /dev/md1 --header-backup-file header.img" for luks. And what will be for LVM?
<utlemming> vlad_starkov: its been a while since I've done that....I have not used LVM in a good while. :(
<vlad_starkov> utlemming: not a problem. I'll ask in #ubuntu-devel. Anyways now I know that there is LVM headers exist and that I have to backup them :-)
<vlad_starkov> utlemming: as far I go with Ubuntu as far I get new knowledge
<vlad_starkov> utlemming: thanks again! God save IRC :-)
 * vlad_starkov backup backup backup...... and backup!
<utlemming> vlad_starkov: try looking at the vgcfgbackup command
<vlad_starkov> utlemming: Thanks
<madprops> sarnold, pretty much every google result regarding ircd refers to ircd-hybrid
<madprops> I'm trying to enable ssl on ircd-irc2
<sarnold> madprops: e.g. http://www.oftc.net/CodingProjects/
<EDocToor> I am so stupid...
<EDocToor> I guess no one is going to debate that... ummm
<Will> im logged in as root through ssh (putty) and running some commands but having no response, any ideas?
<EDocToor> Will
<Will> Hey
<EDocToor> we are prob doing the same thing
<EDocToor> with vi /etc/network/interfaces
<EDocToor> and not knowing what to put in there
<Will> im trying to do touch /etc/network/interfaces
<Will> and it wont do anything
<Will> nor repond with an error etc
<EDocToor> my apt-get won't even work
<EDocToor> so your better than I
<Will> ah mine worked there, lol
<EDocToor> LOL
<Will> you running in a virtual machine?
<Will> like virtualbox?
<EDocToor> No new US Box
<EDocToor> only thing I touched was interface
<EDocToor> nothing works now
<Will> http://www.gizmojunkee.com/2012/12/install-ubuntu-minimal-server-webmin/
<Will> i went through that guide mate if u want to follow it
<EDocToor> so I know that I have the address, netmask, network, broadcast, gateway or dns-nameserver wrong
<EDocToor> Awesome.. I will see it that helps
<Will> this is doing my head in, even ls command isnt repsonding
<EDocToor> we just don't know the rules...
<EDocToor> and it isn't obvious to us
<Will> huh?
<EDocToor> Were you here yesterday? Will
<sarnold> Will: what do you mean, "ls command isn't responding'?
<Will> yeh
<EDocToor> I remember
<sarnold> Will: can you pastebin what you've got on screen?
<Will> doesn't ls list the files in the current directory through bash/putty
<EDocToor> take care Will .. I will read that tutorial and be back...
<Will> sarnold: http://pastebin.com/gE6AFsyv
<sarnold> Will: your current working directory (/root in this case) has only "dotfiles" in it; ls doesn't show _all_ files by default. try ls -la to see the dotfiles and extended information on those files
<sarnold> Will: cp and touch and similar commands will only print output if there are problems
<sarnold> they worked fine, so no output.
<Will> ahh right
<EDocToor> nice... so your good
<Will> but when im doing touch /etc/network/interfaces meant to open that up?
<Will> for editing?
<Will> oh wait no
<Will> it creates the directory doesnt it
<Will> if its not there
<Will> touch is used to create files
<sarnold> Will: no; touch only updates the timestamp on a file -- or creates the file, if it does not yet exist.
<Will> yeh, i remember now, cheers
<Will> been a while since bash ^^
<EDocToor> I haven't used touch yet... and wouldn't even know why I would ..
<EDocToor> Thanks Will that link might be what I am stuck on.. if it shows what I should type for gateway
<Will> sarnold: http://pastebin.com/6tLGDELi
<sarnold> Will: &gt; is an HTML entity that should expand to >
<sarnold> Will: you might want to find a better guide to learn from :)
<Will> ahh haha, guy must of not scripted his blog correctly there then
<Will> cheers for the translation
<sarnold> a ton of blogs and the like very completely destroy things that you should copy-and-paste.
<sarnold> my favorite is the idiot websites that turn " into smartquotes. I think that's a wordpressism.
<Will> yeah i never bother with the copy paste just for that factor
<sarnold> it's nearly invisible to the naked eye why things break...
<sarnold> Will: there's other good reasons to not copy-and-paste from websites: http://thejh.net/misc/website-terminal-copy-paste
<genii> "plagiarism"
<sarnold> genii: lol
<Slyboots> Hey.. Uh, can anyone give me some advice on a problem so I can finally go to sleep :P
<Slyboots> Trying to creatre a 5x disk RAID5 array in Ubuntu 12 server, but for some baffling reason it creates a 4disk array, then tries to build the 5th as a "recovery"
<madprops> fsck it, fsck it all night long
<Slyboots> with the resync going to take.. well, days and days.. and days..
<Slyboots> Right now I've got 5 partitions (all the same size) across 5 disks as /dev/sd?6.  So  I run mdadm /dev/md3 --create --raid-level=5 --raid-devices=5 /dev/sd[abcde]6
<Slyboots> The only noteworthy thing in syslog is this "[ 4470.184731] md/raid:md3: raid level 5 active with 4 out of 5 devices, algorithm 2
<Slyboots> "
<Slyboots> Any ideas?
<sarnold> Slyboots: the first bits of googling I find suggest mdadm ... --level=5   not --raid-level=5. Can you check that parameter in the manpage?
<Slyboots> sarnold, Sorry.  I have been using --level5
<Slyboots> # mdadm --create /dev/md3 --level=5 --raid-devices=5 /dev/sd[abcde]6
<sarnold> Slyboots: I see a result about --spare-devices=N -- can you try adding --spare-devices=0 and see if that forces the behavior your want?
<sarnold> Slyboots: drat :)
<Slyboots> Adding --spare-devices=0 does not seem to alter the behavior
<sarnold> Slyboots: sorry, that was my best idea..
<Slyboots> I mean, at this rate its going to take over 11 days just to build the array :P
<Slyboots> The problem does seem to be its treating disk 5 as a spare ( 5       8       70        4      spare rebuilding   /dev/sde6)
<EDocToor> New Ubuntu Server Install; ifconfig results; addr:192.168.1.131,, Bcast:192.168.0.255,, Mask:255.255.255.0,, Loopback addr:127.0.0.1,, Mask:255.0.0.0 -- and I edited interfaces iface eth0 inet static, address 192.168.0.121,, netmask 255.255.255.0,, network:192.168.0.255,,broadcast:192.168.0.255,,gateway:192.168.1.1,,dns-nameserver 8.8.8.8 8.8.4.4
<EDocToor> am I doing something wrong that is obvious
<Slyboots> Maybe Raid5 doesnt like working on 5 disks?
<sarnold> EDocToor: your gateway is in 192.168.1.xxx but your network is 192.168.0.xxx -- one of those is probably wrong.
<sarnold> EDocToor: you _can_ have a gateway address that's not in your "local network", but it takes more work, so it isn't very common.
<Slyboots> your addr and Bcasta are also on different subnets..
<Slyboots> I seriously doubt thats correct
#ubuntu-server 2013-06-12
<EDocToor> sarnold, so the gateway is supose to be the same on all machines
<Slyboots> EDocToor, Is your gateway your router to the internet? (ADSL?)
<sarnold> Slyboots: 11 days seems like a looong time to just read a few terabytes and compute some parity bits. something sure seems off there. (Note that I've not actually tried this myself, but .. it ought to only take a few hours to read a terabyte of data, right?)
<Slyboots> sarnold, Well.. raid rebuilds take a while but that does seem pretty slow.  something else is a bit borked..  I was going to go with ZFS but thats a bitch to get going
<EDocToor> yes, I have a DSL router that three computer are attached to...
<Slyboots> And its IP address is?
<EDocToor> Slyboots, I don't know how to figure that out
<sarnold> EDocToor: what address do you type into the address bar of your browser to configure your router?
<EDocToor> on windows the IPv$ is 192.168.1.103
<EDocToor> IPv4
<Slyboots> Oh dear.  Okay does your router device have a webpage you go to configure it?
<EDocToor> http://192.168.1.1/config.asp
<Slyboots> Right okay
<EDocToor> it is a dd-wrt
<Slyboots> Change your broadcast to 192.168.1.255, your network to 192.168.1.0
<Slyboots> Gateway is 192.168.1.1
<Slyboots> for interface ETH0
<EDocToor> OMG.. I am crossing my fingers
<sarnold> and change your address to 192.168.1.121
<EDocToor> brb
<sarnold> or 192.168.1.131. either way, make sure the .1. is in there. :)
<Slyboots> sarnold, I honestly think he might be better off setting it to DHCP
<sarnold> Slyboots: there are definite advantages there.. :)
<Slyboots> He'll still have to setup nameservers and resolv.conf manually
<Slyboots> But I suppose everyone has to learn somehow
<sarnold> Slyboots: but getting this right is very useful to understanding IPv4 networking, so it's a useful exercise
<sarnold> exactly
<EDocToor> thanks... and static is required .. I wish.. all this was in the background too...
<EDocToor> but it is not
<sarnold> I spent absolute _hours_ typing ifconfig and route commands until getting the exact right commands to add to my startup files, back in the days (and distros) before setting them up was just one configuration file....
<sarnold> but those hours were how I learned the basics well enough to debug a lot of network problems.
<Slyboots> EDocToor, Once you've done that.  Try "ping 8.8.8.8" and see if you get a result.
<Slyboots> I enjoy networking, do it "professionally" for what thats worth heh
<Slyboots> (very little these days it seems)
<EDocToor> Slyboots, the ping 8.8.8.8 goes on and I ctrl z to stop it.. is that normal?
<EDocToor> and thanks.
<Slyboots> yes.
<Slyboots> try ping google.com next :P
<sarnold> EDocToor: use ^C instead
<EDocToor> I am not afraid of reading a URL... but I don't know what URL applies to what I am doing
<sarnold> EDocToor: ^Z suspends the command instead of killing it.
<EDocToor> how to kill command
<EDocToor> how do I kill a command in process
<Will> ctrl c ?
<EDocToor> Thanks Will...bbbbbbbuddy
<EDocToor> ping google.com also goes forever
<Slyboots> Whats it actually saying :P
<Slyboots> (as long as its not saying something like result timed out, or unknown host)
<EDocToor> works exactly like ms dos ping but never stops
<sarnold> or no route to host...
<sarnold> it will never stop
<EDocToor> looks good
<Slyboots> TTL expired in transit
<sarnold> it runs until you kill it with ^C :)
<Slyboots> Thats always a scary one :P
<sarnold> o_O
<sarnold> Slyboots: oh, I thought EDocToor said that. hehe.
<Slyboots> haha
<sarnold> Slyboots: yeah, if TTL expires on you, you've got work ahead of you :) hehehe
<Slyboots> EDocToor, sounds like your good then.
<sarnold> I'm just glad it wasn't EDocToor, fixing routing loops over irc souds unfun.
<Slyboots> sarnold, we sometimes get that if a VPN link goes down, its normally a "Oh F*$%!"
<EDocToor> Why.. can I just give you my IP for the server... and you do it.. LOL
<EDocToor> ha ha
<Slyboots> Anyway, Im off
<Slyboots> later
<EDocToor> I am going to test with apt-get upgrade
<EDocToor> Tanks Slyboots
<Will> finally! webim panel web server created :D
<Will> webmin*
<EDocToor> Awesome Will
<Will> http://pastebin.com/Jw8GB404
<EDocToor> and Slyboots and sarnold helped me with my /etc/network/interfaces configuration successfully
<Will> nice]
<Will> what you using your server for?
<EDocToor> I guess I'll be here for a week as they mentioned that I also have to <Slyboots> He'll still have to setup nameservers and resolv.conf manually
<sarnold> EDocToor: if you can ping www.google.com, you're probably all good to go.
<EDocToor> the apt-get upgrade IS WORKING.. thank you
<EDocToor> Will ... I want to try an opensource package called "ofbiz" for a online store that also runs a POS point of sale cash register in a real store.. and therefore my very first time running/ruining a server
<EDocToor> I am disabled ... so I have lots of time to learn
<Will> interesting, i only ask as i am curious what to do with my new server now
<Will> just wanted to make sure i could do it :)
<EDocToor> I am not so sure that I can... but... I am giving it a try
<EDocToor> do a web server first.. I guess
<Will> shorewall the going firewall for protecting my previous new made server via virtualbox? :)
<sarnold> Will: ufw is probably easier to learn.
<Will> they not straight forward then?
<sarnold> Will: ufw is simpler; shorewall is intended for configuring just about any firewall setup, ufw is intended to make common configurations very easy. check out https://help.ubuntu.com/12.04/serverguide/firewall.html  and see if it meets your needs..
<EDocToor> I bookmarked that... as I am sure I am going to want to read it after I edit my hosts file
<EDocToor> and I have learned to # cp /etc/everyfile /etc/everyfile.org before I make a change... the hard way.. hee hee
<Will> lol
<EDocToor> how do I test my /etc/hosts file is correct? I put in it 127.0.0.1 localhost.localdomain  localhost ...... then 192.168.1.131 edoc.icyourrc.com   edoc... I hope that sounds close
<Will> you mean view it?
<EDocToor> I already edited it... with the above information
<EDocToor> the FQDN gave me a headache
<EDocToor> Will you taught me Ctrl+C kills and Ctrl+Z suspends
<Will> sarnold: thanks, had a read through and i don't think im going to bother with a firewall at all for the time being, i don't want to start restricting ports manually and such until i know more about what i need to protect i guess, for time being i will just test/play around with the concept and idea of what i actually want this server to do
<Will> EDocToor, glad i could help :)
<EDocToor> Will... Since there is not actual data to protect.. on my new box.. I am thinking that I will delay the firewall for now.. as well
<EDocToor> I did bookmark/favorite it for later...
<Will> Is there a reason why nano isn't working on via a putty ssh? vim works but to be fair i did install this, do i need to install nano or is that pre installed?
<Will> i prefer to edit files with nano thats all ^^
<EDocToor> try apt-get install nano
<EDocToor> and see .. and tell me what you learned
<EDocToor> as I am discovering all this too
<Will> lovely :)
<Will> its downloaded and installed the nano editor
<Will> now i can do nano filename
<EDocToor> awesome
<Will> easier to use than vim, although i can use both, vim editor just makes me think too much
<EDocToor> Will my Channel if you want to add is #diycnc
<EDocToor> I am always there
<EDocToor> I build my diy cnc on the sunny days so I can drill outside.. and server on the cold or rainy days
<EDocToor> I use joe as my editor
<Will> cnc?
<EDocToor> try Youtube CNC Machine
<EDocToor> I have a spare bedroom that has a very big CNC living there
<EDocToor> that I made myself from scatch with AL
<EDocToor> it is seven foot x 4 foot
<Will> nice
<EDocToor> thanks
<Will> you setup your apache2 bits yet?
<EDocToor> to join type /join #diycnc
<EDocToor> not yet..
<Will> what is it needed, apache2, phpmyadmin, anything else?
<Will> oh, mysql
<EDocToor> this is my favorite
<EDocToor> apt-get install joe gedit build-essential dctrl-tools unzip subversion libapache2-svn vim-nox
<EDocToor> oops
<EDocToor> apt-get install joe gedit build-essential dctrl-tools unzip vim-nox
<EDocToor> the build-essential I mean't
<Will> without installingit can i view it?
<EDocToor> There essentials... so it is a group of stuff that you will end up installing anyway.. one at a time
<EDocToor> when you get the build-essential it gets a bunch of stuff that I am not sure of ..
<EDocToor> I have been installing it since debian
<EDocToor> since I was a kid
<Will> done :)
<EDocToor> Will configured the /etc/hostname  ....
<EDocToor> now my back and my head hurts.. but mmust go on..
<EDocToor> ha ha
<EDocToor> Will apt-get remove to remove build-essential
<EDocToor> apt-get remove build-essential
<EDocToor> Will... (pressing (Ctrl+Alt+del) works.. shutdown -P now works and so does # reboot
<EDocToor> I guess rebooted and after where it says edoc login: is says
<EDocToor> [  9.032455] [drm] nouveau  .... misalined reg 0x ..... [drm] nouveal ... misaligned reg 0x0060081D ====
<EDocToor> I think I broke my server... AGAIN LOL
<EDocToor> Pressed enter.. and the edoc login appeared
<Will> hmmm i have no idea what that is im afraid
<Will> i need to get some shut up, 2.30am im tired, getting on! goodnight all
<EDocToor> see ya later
<EDocToor> Will do you know how to see the page that zooms by pre Logon:
<EDocToor> to see what the warnings are
<Will> i dont sorry
<Will> night :)
<EDocToor> ok
<hi_351> i been to like 100 rooma and they say their not ofr support is thi room for supprt i new user of UBUNTU
<EDocToor> try /join #ubuntu
<EDocToor> for ubuntu
<EDocToor> this is for ubuntu server
<hi_351> what this room for
<EDocToor> new users of ubuntu server.. a server is generally command line
<EDocToor> and ubuntu has windows like windows
<hi_351> this is a commad libne question
<hi_351> in a way i guess
<EDocToor> then you might ask it here... but try your best to use fully words.. or you might get half a responce
<EDocToor> response
<hi_351> is update ubuntu better off getting from APT -GET SYNAPTIC INSTALL or just getting updates from software and updates and software updater in side ubunut
<hi_351> let me rephrase that what dose APT - GET SYNAPTIC INSTALL do
<EDocToor> ok
<EDocToor> I am back
<EDocToor> $ sudo apt-get install synaptic
<EDocToor> installs a tools for downloading and searching for downloads
<EDocToor> I am using your speellling of it.. as I don't know the exact spelling of it
<EDocToor> I am a new Ubuntu user as well
<EDocToor> but if I can help I'll try.. if I fail... someone else will join the conversation
<EDocToor> hi_668, did you miss my response
<EDocToor> EDocToor> $ sudo apt-get install synaptic
<EDocToor> <EDocToor> installs a tools for downloading and searching for downloads
<hi_668> what dose APT - GET SYNAPTICS command do
<EDocToor> $ sudo apt-get install synaptics
<EDocToor> installs synaptics
<EDocToor> apt-get has no space
<EDocToor> and the apt-get needs a OPTION like "install" "remove"
<EDocToor> and synaptics is a package
<EDocToor> to use it..
<EDocToor> you would type
<EDocToor> $ sudo apt-get install synaptics
<hi_668> somone told me this will install my updates in ubuntu but in lite foemat
<hi_668> format
<EDocToor> hi_668, it does exactly like the apt-get does but like windows
<EDocToor> and apt-get is a command line downloader
<EDocToor> and synaptics is a GUI or Window downloader
<EDocToor> both have a update option
<EDocToor> am I make any sense to you?
<hi_668> is it any different than me just lick on the ubuntu looking icon above the trash can
<hi_668> on far left of the desktop i new to ubuntu
<EDocToor> It is safe...
<EDocToor> why don't you try it
<EDocToor> open a terminal
<hi_668> i know it safe
<EDocToor> and type apt-get install synaptics
<hi_668> but it like compressed verision of updates
<EDocToor> I am on a server.. and I can't do it as it doesn't apply to command lines computers
<EDocToor> There the same thing.. just two different ways of getting and updateing software
<EDocToor> you can also update by
<EDocToor> typing
<EDocToor> $ sudo apt-get update
<EDocToor> then
<EDocToor> $ sudo apt-get upgrade
<shodan45> what's the right way to start/stop services at boot in ubuntu?
<EDocToor> EXample : update-rc.d -f spamassassin remove
<hi_668> someone said it save a lot more sapce doning it that way then me doning it from clicking on the udates ico inside
<hi_668> ubuntu
<EDocToor> hi_668, I don't know that much.. so I can not debate or answer that one
<EDocToor> it is my first day on a server
<EDocToor> but I have been using linux off and on for many years
<hi_668> he the synaptic updates take up less space
<EDocToor> I don't know.. how that could be true.. but I can not confirm nor deny it
<EDocToor> if space is an issue.. consider pressing F6 when installing and
<hi_668> it says th package is not available
<EDocToor> if you had synaptic 's installed you wouldn't have an issue as it spells it for you
<EDocToor> when you search.. it finds
<hi_668> it says it missing or obsolate
<EDocToor> it might be...
<EDocToor> hi_668, why don't you try the #ubuntu channel and ask for "What is the current package manager; and the apt-get method of downloading it?"
<hi_668> aomone just told tpyr that in it will update uubuntu itself but it would take less space  of you do the updates thugh ubuntu it take up more space
<hi_668> i use 13,93 verision
<hi_668> 12.04 ubuntu
<hi_668> 13.04 sorry
<EDocToor> hi_668, I am lost.. what is your question again?
<EDocToor> How to do updates is
<EDocToor> apt-get updates
<hi_668> i useing this as example
<hi_668> thier a utorrent and their a u torrent lite
<EDocToor> hi_668, if space is an issue.. use apt-get
<EDocToor> is that your question
<hi_668> synaptics  was supose to work as a lite lite mean less sapce
<hi_668> i dont know im new to ubuntu
<hi_668> lite mean taling less space in your hard drive
<EDocToor> I don't know.. what to say but that person that you were talking to must know more than I
<hi_668> ok whok i dont i lost too lol
<EDocToor> I would help you,, but I just don't know.. I do understand .. but I don't understand why space is an issue
<hi_668> i like this better than windows os itself
<hi_668> it going to be some getting ust to i guess
<EDocToor> if space is an issue UBUNTU has a MINI install .;;; Press during install and press F6 then choose mini
<EDocToor> but it is way more complicated and you should find a web tutorial to expain the steps
<hi_668> he said it you save you sapce
<wo0f> hi_668: all Debian based distros use .deb
<EDocToor> I get frustrated and put Ubuntu on the shelf every year.. as installing a package sometimes require tech knowledge
<EDocToor> and i give up
<hi_668> lol
<wo0f> and apt-get is a core too for accessing the distro's repository of .debs
<wo0f> dpkg installs the .debs
<hi_668> it so better graphic are better than windows
<wo0f> its the same
<EDocToor> thanks for stepping in wo0f
<wo0f> synaptic just uses apt-get underneath
<wo0f> if youre looking for a cli tool, i use aptitude
<wo0f> sudo apt-get install aptitude
<EDocToor> wo0f, what does cli tool mean?
<wo0f> command line interface
<EDocToor> ok
<hi_668> he said thie was a differnt way to install updates for ubuntu
<hi_668> by puting in that synaptic command
<EDocToor> hi_668, yes three ways: synaptics which is a front-end for apt-get... apt-get or aptitude which is a command line interface
<EDocToor> I think he is asking the correct method of installing synaptic using the apt-get install... so I am guessing that synaptic is spelled differently; is this correct
<wo0f> aptitude is a tool that runs at the CLI ;P
<hi_668> like if the update in ubunut is a lot bigger and take up more sapce and the command will save you space like the dollar menu at mcdonalds
<hi_668> lol
<wo0f> its also a frontend for apt-get
<EDocToor> $ sudo apt-get install synaptics
<wo0f> hi_668: if you have a desktop GUI installed (like Unity) its not going to save any space
<EDocToor> hi_668, how you obtain the download/software doen't change its size
<wo0f> its doing the exact same thing, which ever way you update
<hi_668> the verision i have 13.04
<hi_668> 12.04 better than 13.04 ubuntu
<wo0f> lol
<wo0f> 12.04.2 is the LTS release
<hi_668> o new i used ubumtu for like 3 days
<EDocToor> so 12.04.2 is more stable
<EDocToor> not uBUMtu
<wo0f> ya, its supported for longer
<wo0f> LOL ubumtu
<EDocToor> too funny
<hi_668> yo could give me a virus command and say type it in i would be stupid enoughf to put it in and gibe my self a virus
<hi_668> lol
<EDocToor> hi_668, you want 12.04.2 or the LTS ... that is for sure
<hi_668> not the 13.04
<wo0f> hi_668: if youre looking for something for light-weight, disk wise, you might want to try Xubuntu
<hi_668> what the difference between the 12 and the 13
<wo0f> which uses Xfce
<wo0f> 12 is the Long Term Support release
<EDocToor> Thirteen is on digit higher ... just kidding.. I am getting tired sorry
<hi_668> i have like a ten year old dell
<hi_668> insperion
<hi_668> 9400
<hi_668> made 2 months b4 vist came out
<wo0f> what specs does that have?
<EDocToor> that is old.. is it a laptop
<hi_668> yes
<EDocToor> then put back | track
<EDocToor> on it
<hi_668> what that
<EDocToor> cop software for spying
<hi_668> like i said you could give a command that would give me a virus and i be dumb seoughf to type it in
<EDocToor> then stay away from the backtrack channel or website.. that is what they did to me
<EDocToor> so don't feel bad
<hi_668> im talking about you
<EDocToor> I wouldn't do anything to harm anyone.. I am only here for good reasons
<hi_668> tell me to put this command in and i would not know it would be a virus
<EDocToor> as are the Ubuntu tribe
<hi_668> i know im joking
<EDocToor> ok
<hi_668> with you i never used linux b4
<hi_668> 4th day
<hi_668> in life
<hi_668> i will belive what ever you all say
<EDocToor> hi_668, why don't you ask for a good tutorial.. to get the basics
<EDocToor> maybe someone will answer
<wo0f> ya, this really isn't the channel for it, someone will probably get annoyed at some point
<hi_668> command are like ms dos form when i was little
<EDocToor> I learned on a site called debain.org or something that sounded like that
<wo0f> #ubuntu is where you want to be
<EDocToor> that is true..
<wo0f> ROFL are you flaming
<EDocToor> this channel is for SERVERS..
<wo0f> DEBAIN... lol
<hi_668> i use the copy mether like in school find th ecommand and click and past it
<hi_668> copying from you papper
<EDocToor> wo0f, I am not knowing what flaming is.. if I am I guess I am sorry
<EDocToor> hi_668,  you actually should watch the #ubuntu channel... just type
<EDocToor>  /join #ubuntu
<hi_668> like have you ever copied off somone school papper when you where in school
<wo0f> lol- yes hi_668
<hi_668> i google how to do this or that in google and copy and past
<hi_668>  lol
<wo0f> thats what everyone does ;P
<hi_668> in termianl is my methode
<hi_668> of ubuntu
<hi_668> lol
<hi_668> let them  do the work
<wo0f> ...and get paid for it :P
<wo0f> alternatively RTFM!
<hi_668> lol yeo
<hi_668> yep
<hi_668> so you al want me to ge rid of thse files by rite click to trash casn and will that delete from the usb drive permently
<hi_668> ok i downloaed ubuntu on to a  USB STICK
<hi_668> you wont me to downloaded 12.04 lts and then go to unetbootin and download the WINDOWS OS BOOT and it will take sourgeforge websiite to download
<wo0f> ommm, just follow this guide: http://www.ubuntu.com/download/desktop/create-a-usb-stick-on-windows
<wo0f> Ubuntu generally has quite good documentation, and its only a Google away ;P
<hi_668> ii know hhow to use the software
<hi_668> vecuase i downloaded it  ubuntu from the usb stick but im going to get rid of the fiklesby high lighting  and send to trash can
<hi_668> i going to high light them all rite cly click to send to  trash can
<EDocToor> silly joke question: when I type /etc/init.d/mailman start  does the init.d stand for "In It Deep"?
<EDocToor> well it helps me remember the init.d
<nigelb> I used to use lxc fairly regularly, lately, I've noticed that the lxc networking isn't getting configured correctly.
<nigelb> I haven't touched the configs.
<nigelb> And I ahve this in my syslog http://www.privatepaste.com/74c9c6f096
<nigelb> The only major change I've done is switch from using unity to lxde.
<nigelb> Any ideas on what's going wrong?
<EDocToor> Quick Question ;-) I hope;;; Is there a command that shows the partition with the mount point /
<EDocToor> I have done this .. just can not remember... stab.. or something
<sarnold> EDocToor: 'mount' will show you the current mounts
<sarnold> EDocToor: /etc/fstab shows you what will be mounted at reboot
<EDocToor> Sargun, Thanks.. that it
<EDocToor> Are you still here... sarnold... you would be surprised how far I am not.. finished mail and now working on FTP wrapped in TLS sessions
<EDocToor> All thanks to you... you are awesome
<sarnold> EDocToor: ooof. ftp is a horrible, crufty protocol. do you have to support it? :)
<EDocToor> and the others on this channel
<sarnold> EDocToor: hehe, no, you did all the work, I just make suggestions. :)
<EDocToor> This is a play box for learning.. nothing more
<sarnold> ah, good. then you'll find out that ftp is a horrible crufty protocol in a safe, fun, environment. :)
<EDocToor> ha ha ha ha ha
<sarnold> nigelb: I don't know what exactly is wrong.. but the audit_printk_skb shows that not all apparmor messages are being logged; if you install auditd, the log messages will go to /var/log/audit/audit.log, and you'll be able to at least see what was being rejected
<EDocToor> I really can not thank you guys enough.. I would be so lost reading these tutorials without a hint every now and again
<nigelb> sarnold: aha, thanks, I'll try that.
<sarnold> nigelb: some of the lxc containerization is enforced via apparmor, so I wouldn't just blindly add the rules to your profiles, but it might be something to consider
<sarnold> EDocToor: hehe, yeah, there's nothing quite like a helpful hint at the right place and the right time :)
<EDocToor> I have done a lot of work on my own.. it just doesn't make any sense to me yet..
<EDocToor> but I have always loved command lines...
<EDocToor> I was a MS-Dos batch code nut when I was a kid...
<EDocToor> Well I got to get back at her..
<EDocToor> tanks
<sarnold> EDocToor: the command line is pretty awesome; there's nothing quite like being able to piece together a dozen nice little tools to solve a huge variety of complicated problems
<sarnold> and the design is simple enough that adding new programs into the environment is pretty easy
<nigelb> sarnold: hah, so this worked -> echo 1|sudo tee /proc/sys/net/ipv4/ip_forward
<nigelb> I believe that forced the containers to use ipv4.
<sarnold> nigelb: ha!
<sarnold> .. wonder why.
<nigelb> I think I had set it before
<sarnold> ohhhh
<nigelb> and something recently changed it.
<sarnold> still, seems odd.
<nigelb> so, I just set it in /etc/sysctl.conf
<EDocToor> sarnold, I have a question... that I have always wondered...
<sarnold> nigelb: it might be worth filing a bugreport or asking hallyn when he returns (probably a few hours)
<nigelb> I will :)
<EDocToor> When the Ubuntu Server Boots.. a page of infomation FLICKERS BY... is there any way to read it.
<sarnold> thanks
<EDocToor> or see it.. like # history -w history.txt
<sarnold> EDocToor: you can find most of it in /var/log/ somewhere -- /var/log/boot.log and /var/log/dmesg
<EDocToor> tanks
<sarnold> EDocToor: you might be able to hit ^S to stop the terminal, and ^Q to resume the terminal, but that's a big guess on my part. I have'nt done that in a decade or so..
<sarnold> (haven't done that at boot recently; I use ^S and ^Q every five or six months. hehe. :)
<sarnold> anyway, bedtime :) have fun
<EDocToor> heha
<EDocToor> me too ... 3 am
<EDocToor> I can't this is way to exciting
<EDocToor> What time is it for you sarnold ?
<thurstylark> I have a server that I messed up the interfaces file on, and now I can't access it any more. I need to access the interfaces file through another machine with the root drive hooked up externally. It will mount, and I can see folders, but I cannot access the etc directory. Is there something I'm doing wrong?
<Nilli> I can give users sudo permissions easily by "sudo adduser johndoe sudo" but how do I revoke sudo permissions if I only want to give them temporarily?
<greppy> Nilli: an easy way is to edit /etc/group and remove them from the sudo group.
<Nilli> greppy: oh, that's all? nice
<greppy> Nilli: I haven't ever used it, but I think deluser can be used the same as adduser as well to remove them from the group.
<Nilli> thanks, deluser seems to be what I was looking for
<rbasak> yolanda_: bug 1189986 refers to real breakages such as segfaults - I'm not sure they should be Wishlist
<uvirtbot> Launchpad bug 1189986 in php5 "Please backport fixes" [Wishlist,New] https://launchpad.net/bugs/1189986
<yolanda_> i see, it's set as important in Debian
<yolanda_> what do you think, maybe a medium priority?
<rbasak> I'd go with Medium unless there's a particular reason to do anything differently.
<rbasak> I'd also like to understand whether any of these would be fixed in a microrelease update. I think PHP should have a microrelease exception, but I haven't looked into it.
<maxb> rbasak: It doesn't: https://wiki.ubuntu.com/StableReleaseUpdates/MicroReleaseExceptions
<rbasak> maxb: yeah. I think maybe it should :)
<rbasak> (depending on whether it meets all the criteria)
<maxb> Well.... I'm not sure PHP's micro releases are strictly has bug-focussed as usually considered appropriate for a MRE
<maxb> s/has/as
<rbasak> That's interesting. Do you have an example?
<maxb> No, just a vague opinion formed from a general perception of PHP :-)
<maxb> I don't suppose PHP have a policy document for what's allowed in a microrelease?
<rbasak> That's what I want to investigate.
<yolanda_> jamespage, zul: https://code.launchpad.net/~yolanda.robla/python-cinderclient/havana/+merge/168416
<yolanda_> https://code.launchpad.net/~yolanda.robla/python-swiftclient/havana/+merge/168877
<Will> morning all
<_nbk_> hello all,
<_nbk_> maybe someone can help me with MAAS enlisting nodes?
<rbasak> !ask | _nbk_
<ubottu> _nbk_: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<rbasak> Also, if you don't get an answer here, try #maas
<_nbk_> ok, thanks <rbasak>
<ThothCastel> I am trying for the first time to install and configure ldap on my server
<ThothCastel> for ldap configuratin, if my hostname is server.procopio.local then my settings will be dc=server,dc=procopio,dc=local or dc=procopio,dc=local
<otaku_coder> hey, has anyone used the chris lea nodejs ppa? For some reason it doesn't keep older versions of 0.10.x around, only tracking upstream. This makes it difficult to use in our cfm tool (puppet) as teh version strings keep expiring
<ThothCastel> also, if I setup the hostname after installing the ldap package, will this interfere negativelly in anything?
<yeats> otaku_coder: you would need to contact the PPA maintainer about that
<otaku_coder> yeats: sure, will do
<ThothCastel> help pls
<ThothCastel> if my hostname is server.procopio.local then should my settings in the LDIF file be dc=server,dc=procopio,dc=local    or dc=procopio,dc=local  ?
<ThothCastel> following this https://help.ubuntu.com/10.04/serverguide/openldap-server.html
<jazzkutya> hi
<jazzkutya> newer usb hard disks above 2TB use 4kbyte logical sectors (probably physical too). I need information on from what version of ubuntu are these drives supported?
<rbasak> jazzkutya: AIUI, they need no special support. However, on certain disks aligning partitions up to the newer sector size is needed to avoid a loss in performance. I'm not sure when the partitioner started doing this by default.
<rbasak> It might be easiest for you to try the version of Ubuntu you want to use, and then examining the partition table to see if it's suitable aligned.
<jazzkutya> no, this is not advanced format which only needs aligned partitions
<jazzkutya> and i need this info to know what to expect on different boxes we have before buying this drive
<rbasak> If it helps, I'm running (internal, SATA) 3TB drives on a 12.04 machine. They work fine.
<jazzkutya> that probably reports 512byte logical sectors so it is more compatible with linux than these usb stuff i talk about
<rbasak> I did need some GPT magic to make the system boot off it though. But presumably for external USB drives this doesn't apply to you.
<jazzkutya> these usb drives switched to 4k logical sector sizes to allow compatibility with mbr partition tables
<jazzkutya> result is compatibility with winxp but much worse compatibility with linux
<rbasak> I see. Yeah - logical block size is 512.
<rbasak> Sounds like you need to find out which kernel version supports what you need.
<jazzkutya> that could help, yes
<rbasak> 12.04.1 ships with 3.2. 12.04.2 ships with the quantal stack IIRC.
<rbasak> See https://wiki.ubuntu.com/Kernel/LTSEnablementStack for details of using newer kernels on 12.04.
<rbasak> https://ata.wiki.kernel.org/index.php/ATA_4_KiB_sector_issues#L-1._Kernel_support suggests that you'll be fine on USB
<jazzkutya> yes for 12.04 lts it seems so
<smb> rbasak, jazzkutya I would say that support should be in at least since 3.2 (probably earlier).
<jazzkutya> i would say we have a lot older boxes also but at first info on 12.04lts is fine for me :)
<smb> as long as "blockdev --getpbsz <dev>" returns the hard serctor size
<jazzkutya> you know what is funny about these usb disks? they use normal 512byte logical sector internal hard disks and they developed an usb controller for this that translates to 4k logical sectors
<jazzkutya> so the driver translates from 4k to 512b then the usb bridge translates back to 4k
<jazzkutya> lol
<jazzkutya> all this for compatibility with winxp...
<smb> Actually for winxp I would say you have to present 512 logical sectors because that is so old there were not any 4k drives around
<jazzkutya> it seems not to be the case
<jazzkutya> it seems winxp can use 4k very well or maybe i don't remember some detail of this trick for winxp compatibility
<jazzkutya> but im sure they use 4k logical sectors to allow usage of mbr partition table explicitly for winxp
<Danielamallocci> ciao a tutti
<yolanda_> jamespage https://code.launchpad.net/~yolanda.robla/swift/havana/+merge/168922
<ThothCastel> why am I not able to ping the hostname of amy host machine?
<mardraum> fix your dns?
<ThothCastel> mardraum: my dns seems to be working just fine outside the vm
<mardraum> it;s great you are giving so much information about your setup </sarcasm>
<zul> jamespage:  http://people.canonical.com/~chucks/ca/
<frojnd> Hi there.
<frojnd> I was about to configure mail server and I was trying to enable amavis antivirus. I was about to integrate postfix: https://help.ubuntu.com/community/PostfixAmavisNew#Postfix_integration but I keep getting postfix: fatal: /etc/postfix/main.cf, line 69: missing '=' after attribute name: "smtp-amavis     unix    -       -       -       -       2       smtp        -o smtp_data_done_timeout=1200
<frojnd> http://sprunge.us/XFJi
<frojnd> This is /etc/postfix/main.cf
<frojnd> It's a syntax error
<frojnd> Any ideas what am I missing here :)
<frojnd> That or wiki is outdated :P
<frojnd> Any ideas? :)
<frojnd> Didn't find out what's the cause of the problem
<mdeslaur> soren: happy birthday :)
<rbasak> frojnd: try looking at the documentation for the syntax of main.cf.
<rbasak> Actually, isn't that line supposed to be in master.cf?
<frojnd> rbasak: omg
<frojnd> yeah I rered again wiki and I just noticed /etc/postfix/[main.cf|master.cf] :o
<frojnd> I have to set higher value for monitor brightness
<frojnd> I wonder what else did I missed, going to read again
<frojnd> miss*
<zul> yolanda_:  is this the errors you are getting with ceilometer https://bugs.launchpad.net/devstack/+bug/1134575
<uvirtbot> Launchpad bug 1134575 in devstack "CRITICAL nova [-] 'module' object has no attribute 'packs'" [Undecided,In progress]
<yolanda_> zul, yes
<yolanda_> i marked my bug as a dupe
<zul> yolanda_:  ok kombu isnt the problem its another dep which ill update
<yolanda_> ok
<yolanda_> i just solved upgrading kombu, but maybe it was related with another module
<zul> yolanda_:  nm i was wrong
<ThothCastel_> is there a difference in configuring a client with dns using the /etc/resolv.conf and using the /etc/network/interfaces with the dns-search and dns-nameservers  ???
<ThothCastel> is there a difference in configuring a client with dns using the /etc/resolv.conf and using the /etc/network/interfaces with the dns-search and dns-nameservers ???
<pmatulis_> since 12.04 resolv.conf should no longer be hand-edited ThothCastel
<pmatulis_> it's now a symlink:  /etc/resolv.conf -> ../run/resolvconf/resolv.conf
<pmatulis_> if you want to, make it a regular file and you will get back the traditional way of hand-editing
<ThothCastel> pmatulis_: ok, so I should dd dns settings to the /etc/network/interfaces   as in https://help.ubuntu.com/lts/serverguide/network-configuration.html#name-resolution
<ThothCastel> ?
<pmatulis_> otherwise, use interfaces file
<pmatulis_> dd?
<ThothCastel> dd = add    sorry
<pmatulis_> yes, use the interfaces file
<ThothCastel> pmatulis_:   ok, many thanks
<yolanda_> hi lamont, can we talk about bind9 issue? so you expose your opinion
<lamont> sure
<lamont> the basic question I have is: who is the intended audience for a changed version.bind?  and how will it be used?
<yolanda_> zul, Daviey ^
<zul> yolanda_:  its mostly stats gathering but Daviey can say more
<lamont> if I was going to do it, I'd use something based on [ -x /usr/bin/lsb_release ] && lsb_relaese -si || echo Debian/GNU inside of configure (and configure.in)
<zul> lamont:  i tend to agree
<lamont> (in the debian package, I really don't want to fork it for ubuntu unless there's a really really good reason to)
<lamont> historically, version.bind has been about the version, not the packaging, so adding a distribution.bind to the namespace would be less likely to produce the same kind of ire.
<lamont> from those who ire.
<lamont> OTOH, it produces a different kind of ire from those who believe that chaos/bind belongs to upstream en toto.
<yolanda_> zul, what do you think?
<lamont> zul: Daviey: highlight me so I notice, eh?
<zul> lamont:  oh im highlighting you, :) i totally agree with you  should be done in the debian package
<lamont> zul: my take is "should be in the debian package if done at all, now help me understand why"
<lamont> zul: (the highlight comment was more of a "I'm going to wander off and do things I should be doing right now" comment)
<zul> lamont: if its going to be done it should be in  the debian packaging
<lamont> +5000
<zul> so yolanda_ , so yeah prep something and let lamont have a look since lamont maintains it in debian
<lamont> hrm.  that reminds me, I think I'm supposed to upload something for bind9
<lamont> something for this evening, to be sure
<lamont> like, 9.9.3-P1, say
<yolanda_> ok
<hallyn> hm, who's our newest motu?
<hallyn> eh,
<hallyn> smoser: do you mind pushing http://people.canonical.com/~serge/libcgroup-symlink/libcgroup_0.37.1-1ubuntu11.dsc (for precise SRU)
<smoser> 404
<smoser> hallyn, i can do that for you. will also work on utlemming's sru
<smoser> hallyn, but i can't do it until you fix 404
<hallyn> hm
<hallyn> what the...
<hallyn> oh, i see, a pcc feature i hadn't considered
<hallyn> smoser: fixed
<hallyn> (trailing '/', so it pushed the .dsc without the directory)
<zul> adam_g_:  png
<rbasak> lamont: talking about bind, can you look again at bug 1090593? If not, please could you upload my proposed SRU if we're not going to get anything better? Assuming it's not out-of-date now.
<uvirtbot> Launchpad bug 1090593 in bind9 "D.ROOT-SERVERS.NET changing January 3rd 2013" [Medium,Fix released] https://launchpad.net/bugs/1090593
<smoser> hallyn, shoot.
<smoser> your version number wasnt right.
<smoser> and i uploaded.
<hallyn> ?
<smoser> Daviey, you're a archive admin, can you reject my libcgroup upload to precise-proposed ?
<hallyn> oh effing quantal
<hallyn> sorry
<hallyn> very sorry
<smoser> wait. you wanted preicse-proposed
<smoser> right?
<hallyn> yeah
<hallyn> lemme fix and repush
<smoser> you used '0.37.1-1ubuntu11', better would have been '0.37.1-1ubuntu10.12.04' or '0.37.1-1ubuntu11.1'
<hallyn> sru acceptor should catch that though.  i
<hallyn> i know
<hallyn> if daviey's not around i can go tell infinity what i dumbass i was
<smoser> err.. ubuntu10.1
<smoser> make sure you add my name too
<smoser> as i just did the upload :)
<hallyn> no wait, isn't quantal on a newer version #? (0.38)
<hallyn> checking,
<hallyn> yeah no, the precise version # should be fine...
<hallyn> checking history
<hallyn> smoser: http://people.canonical.com/~serge/libcgroup-symlink/libcgroup-symlink/libcgroup_0.37.1-1ubuntu10.1.dsc
<smoser> hallyn, right.
<hallyn> smoser: thanks.  you can go ahead and push, no need to wait for the other to be kicked
<smoser> it wasn't specifically wrong.
<smoser> just more obvious as sru with the version number.
<hallyn> smoser: and recommended as such by https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation
<hallyn> based on memory, I was thinking we only did .1 if the newer release shared the version #
<hallyn> but it's actually recommended to always do it.  makes sense too
<smoser> yeah, its better with the .1, but here woudn't cause upgrade issues.
<smoser> Uploading to ubuntu (via ftp to upload.ubuntu.com):
<smoser>   Uploading libcgroup_0.37.1-1ubuntu10.1.dsc: done.
<smoser>   Uploading libcgroup_0.37.1-1ubuntu10.1.debian.tar.gz: done.
<smoser>   Uploading libcgroup_0.37.1-1ubuntu10.1_source.changes: done.
<smoser> Successfully uploaded packages.
<smoser> utlemming, ping
<utlemming> smoser: pong
<smoser> in lp:~utlemming/ubuntu/raring/isc-dhcp/64bit_time.lp1189571 (https://code.launchpad.net/~utlemming/ubuntu/raring/isc-dhcp/64bit_time.lp1189571)
<smoser> the changes differ from those in saucy
<smoser> was that by design ?
<smoser> saucy: isc_interval_set(&interval, sec, usec * 1000);
<smoser> raring-branch: isc_interval_set(&interval, sec & DHCP_SEC_MAX, usec * 1000);
<smoser> your quantal branhc is same as raring branch
<utlemming> smoser: looking....they should be the same, afaik
<hallyn> smoser: thanks again
<genii> Zentyal install seems busted for me on 64bit. Does it need multiarch or something?
<smoser> hallyn, as i look at utlemming's changes, i see that both jdstrand and mdeslaur uploaded full number ubuntuX in the isc-dhcp package to quantal.
<smoser> so its probably "ok", and we/I should have probably just left it.
<utlemming> smoser: okay, I'm lost...I just diff'ed the branches and I don't see a difference.
<utlemming> smoser: I didn't change the isc_interval_Set(..)
<smoser> but you should have
<smoser> https://bugzilla.redhat.com/attachment.cgi?id=600673
<smoser> http://pkgs.fedoraproject.org/cgit/dhcp.git/tree/dhcp-4.2.4-P1-interval.patch
<utlemming> smoser: yeah, I see that....crap
<lamont> rbasak: wilco
<smoser> utlemming, so if you dont mind, could you re-do those branches with
<smoser>  * the same patch (including patch header) as went into saucy
<smoser>     (refreshed if needed)
<smoser>  * the same patch *name* as in saucy
<smoser>  * test the build output on azure
<utlemming> smoser: yeah, I can do that
<Daviey> smoser: yes
<smoser> never mind. we're settled.
<Daviey> smoser: ok
<Daviey> smoser: libcgroup doesn
<Daviey> smoser: libcgroup doesn't need rejecting?
<smoser> well, i uploaded 2 version
<smoser> ubuntu11 and ubuntu10.1
<smoser> the 11 could be rejected, but in the end either is actually fine.
<smoser> but there are 2, so one needs rejecting
<Enich> In the ubuntu kickstarter file, there is the option %post     Is this executed after the machine has installed and has been rebooted ?  or am i totally wrong ?
<Daviey> smoser: looks already rejected?
<virusuy> howdy gents
<streulma> hi, I have an openvpn-server and virtualbox vboxnet0, how can I route traffic to the vboxnet0 network ?
<jdstrand> smoser: I am lacking context, but the SECURITY UPDATE versions to quantal were still before quantal was released, so we used standard ubuntuX versioning for the dev release as opposed to ubuntuX.Y, which we employ on stable releases
<smoser> ah.
<smoser> that makes sense then.
<smoser> thank you for clearing that up.
<jdstrand> np
<smoser> you seemed to do fine without context :)
<jamespage> smoser, how exactly is the automatic mirror resolution mean't to work n cloud-init?
<jamespage> I'm trying to hack an openstack cloud to use a local mirror by providing a suitable dns entry
<jamespage> but I can't get it to work
<jamespage> I *think* it might be a problem with the config-drive datasource but I'm not 100% sure
<smoser> jamespage, you're trying to feed data in via cloud-config ?
<smoser> or trying to have it discover it via dns
<jamespage> smoser, no - I'm trying to hack http://$ac.cloud.archive.ubuntu.com
<jamespage> ac/az
<smoser> right.
<smoser> jamespage, it doesn't look like its possible with config-drive
<smoser> hm..
<smoser> wait. it should work.
<smoser> but note, its going to look for
<smoser> http://%(availability_zone)s.clouds.archive.ubuntu.com/ubuntu/
<smoser> clouds
<smoser> (plural)
<smoser> jamespage, ^
<zul> adam_g_:  http://people.canonical.com/~chucks/ca/
<adam_g_> zul, +1
<EDocToor> !seen Will
<ubottu> I have no seen command
<EDocToor> !spoke Will
<FunnyLookinHat> Anyone here know of a tutorial for properly getting an image from http://cloud-images.ubuntu.com/precise/current/ pulled into a devstack deployment?
<EDocToor> Good Morning/day/night Ubuntu Server Channel
<virusuy> EDocToor: hi!
<n00b123> hi guys, need help here. I'm having permissions problems on a ubuntu 12.04 server. The system is under raid 1 lvm and one o the lv is /cameras. I have chown to the cameras:cameras user and chmod -r 666 but when I am the user cameras I can not cd int /cameras (permission denied) and when I ls --l /cameras it says d????????? ? ? ? ?     folder-name, for all folders. But when I sudo su and cd goes normal, no problems
<sarnold> n00b123: to 'cd' into a directory, the directory's mode needs to include the executable bit -- typically, mode octet 5 or 7 ...
<sarnold> n00b123: you might want to run a command like find /camera -type d -exec chmod 755 {} \;     or 777 if you would really rather allow everyone on the computer to read / write / delete all the data
<n00b123> what about sudo chmod -R 777 cameras ?? is it ok to
<n00b123> trying it
<n00b123> read and write for all for test first
<n00b123> got better
<n00b123> thanks
<sarnold> n00b123: mode 777 is dangerous, that'd allow anyone to write any data into any of the files and then allow someone else to execute, perhaps accidentally, any of those files. that's dangerous. :)
<n00b123> that's. my nickname says it all
<n00b123> I know that sarnold, thanks for the advice. Because I was having the permissions problem i tryed 777, and 666 before, now going back to 755
<n00b123> thanks
<EDocToor> Wow.. I can see how that could be dangerous
<virusuy> 777 in unix permissions is like 666 , the number of the beast
<EDocToor> Dumb question ... if i used edoc.icyourrc.com as my FQDN within my Ubuntu Server the www.icyourrc.com is only accessable locally until I get it linked to a nameserver... Am I lost, or am I close?
<virusuy> to resolv that domain you will always need a DNS server
<virusuy> if you want to resolv locally, just put in your /etc/hosts file
<EDocToor> Thanks
<EDocToor> done
<virusuy> cool
<EDocToor> That was my very first. BRIGHT LIGHT moment.. for you it may be obvious
<virusuy> lol, don't worry
<virusuy> nobody knows everything
<soren> mdeslaur: thanks!
<EDocToor> and something large groups of people think they know; Ex; Global Warming, will happen anyway as the Earth natural Orbit will naturally move so close to the sun that all life will on land will die; this is known as there is a two foot CRISPY layer found deep down in our Earth crust.. Also when the Earth Orbit moves TOO far way from the sun the Earth gathered a layer of dust.. it wasn't an astorode that killed the dinsoures it was
<EDocToor> the Earth moving into space as it will do again. IMHO
<shodan45> pros/cons to using nginx from the nginx.org repo vs normal ubuntu repo?
<hallyn> roaksoax: bug 1185261 , is that a supported use case, do you know?
<uvirtbot> Launchpad bug 1185261 in maas "MaaS nodes being enlisted with multiple network cards fail to commission" [Undecided,New] https://launchpad.net/bugs/1185261
<roaksoax> hallyn: not that I know of
<roaksoax> smoser: around?
<smoser> here
<roaksoax> smoser: https://bugs.launchpad.net/ubuntu/+source/maas/+bug/1185261
<uvirtbot> Launchpad bug 1185261 in maas "MaaS nodes being enlisted with multiple network cards fail to commission" [Undecided,New]
<roaksoax> smoser: does commissioning bring up both interfaceS?
<smoser> no
<smoser> i think i told this person to open this bug.
<smoser> i think it is valid usecase.
<roaksoax> smoser: yeah, but not at the same time
<smoser> but in this case, maas is going to have to know something about the network interfaces.
<roaksoax> smoser: because commissioning will contact the maas server for apt_proxy
<roaksoax> smoser: yeah
<smoser> well, ideally maas could be told that the apt_proxy was elsewher.e
<smoser> and that would pass on through
<smoser> the reason this is hard is that we can't just say "dhcp all interfaces"
<smoser> because if we did that we'd either have to
<smoser> a.) wait for a response on all of them [indefinitely]
<smoser> b.) background and just go on
<smoser> a. results in hang if there are no dhcp servers on other nics
<smoser> b. results in race conditions
<hallyn> ok - thanks, so i'll mark this triaged low priority
<smoser> so the only solution is to have maas know that its supposed to tell commissioning to wait on eth1 (and even *that* has to be done probably by MAC)
<roaksoax> syeah
<roaksoax> smoser: but that doesn't change the fact that cloud-init could configure all interfaces to dhcp from
<roaksoax> smoser: because in this case, he isusing 1 isolated network to do stuff, and a second network for internfet
<roaksoax> but the second network is not being brought up at all
<roaksoax> not even for DHCP
<roaksoax> so in this case
<roaksoax> MAAS shjould not care how many network interfaces the node has
<roaksoax> but cloud-init should just bring up all of them
<roaksoax> what do you thinkl?
<smoser> roaksoax, it can't.
<smoser> or one of a or b are still relevant
<smoser> ie, i can't just say "always dhcp on all nics"
<smoser> because you either wait for all nics, or go on. if you wait, then you wait possibly forever.
<smoser> if you go on, possibly 'apt-get update' happens before eth1 (in this case) has gotten an address.
<roaksoax> smoser: right but you wait for a few seconds, if not, then no need to keep on waiting right?
<jcastro> roaksoax: any feedback from people wrt. MAAS via SRU?
<jcastro> good or bad?
<smoser> what is the right value for "a few seconds"
<roaksoax> jcastro: haven't heard any
<roaksoax> smoser: well in maas don't we set 200somthing for d-i?
<smoser> so you would delay *all* boots by 200 seconds ?
<smoser> https://bugs.launchpad.net/cloud-init/+bug/861866 for refernece.
<smoser> (60 seconds was found to be too low)
<roaksoax> smoser: ok so make that the same case for all interfaces
<roaksoax> smoser: so not just configure eth0
<roaksoax> but configure all
<smoser> but then you have to wait [for how long?] for each one.
<roaksoax> that doesn't mean that cloud-init will have to wait 5(interfaces) *120 seconds
<smoser> and, for the record, it doesn't wait for "eth0"
<smoser> it waits for BOOTIF
<roaksoax> smoser: right (but in this case I'm assuming it is eth0)
<smoser> but by waiting up to 120 seconds, and then going on, you're delaying boot of the current "just works" case by 120 seconds!
<uvirtbot> Launchpad bug 861866 in cloud-init "cloud-init-nonet does not wait for dhcp" [Medium,Fix released]
<roaksoax> smoser: right, aren't you already doing that with BOOTIF?
<roaksoax> smoser: what i'm saying is make /etc/network/interfaces configure all interfaces to dhcp and let it be
<roaksoax> smoser: right now we can wait the 120 seconds for BOOTIF, but *also* configure the rest of the interfaces to dhcp
<roaksoax> but *not* wait for them to get dhcp
<roaksoax> this would solve this case
<roaksoax> this in reality wouldn't make it a maas bug after all then
<roaksoax> smoser: is this the same case for the installer?
<roaksoax> smoser: so in this particular case, it is not really up to MAAS to know/configure the second network during the commissioning environment
<smoser> roaksoax, we wait indefinitely on BOOTIF
<smoser> because, for maas we know that BOOTIF has a dhcp response on it.
<roaksoax> smoser: yeah, but if a physical node has 2 network interfaces (eth0, eth1), bueing eth0 BOOTIF. Cloud-init waits for for eth0 DHCP to come up and once that happens, it contacts the MAAS server right?
<roaksoax> smoser: but at this point eth1 has not being configured at all right?
<roaksoax> smoser: so what I'm saying is continue to do what we do, which is wait for BOOTIF, and if it gets a DHCP address, then continue with what it should do, but *also* make sure eth1 is set to DHCP, but we don't care if eth1 got an IP address or not
<roaksoax> smoser: that shoulod cover the case scenario where we have a different network for internet
<roaksoax> because up until this point, we assume that MAAS will always have external network access
<roaksoax> and that's how we've been working all along
<smoser> roaksoax, but all you're doing is exposing yourself to a race condition
<smoser> where BOOTIF ocmes up fast, cloud-init runs 'apt-get update', eth1 comes up , blamo!
<smoser> "doesnt work ever" is arguably better than "works sometimes on thursdays"
<roaksoax> smoser: ok fair enough
<smoser> the solution si for MAAS to know something about networking
<smoser> which is something you were asking for anyway
<smoser> in order to support the vlan case
<roaksoax> smoser: then we should simply say that MAAS managed network needs to have external network access for it to work, (or an aaccessible mirror)
<roaksoax> smoser: the vlan case was really being able to tell eth1, to be configured to dhcp for vlan 2020, eth0 for 2021, etc, etc
<smoser> if maas knows about the expected networking, then it can tell the commisioning environment "you'll need to configuer MAC=AA:BB:CC as dhcp and wait"
<smoser> right. but maas has to know to tell the nodes that.
<roaksoax> smoser: it doesn't have to *know*
<roaksoax> smoser: it simply has to allow me to define that I want in cloud-config format and allow cloud-init to do it
<smoser> right.
<roaksoax> smoser: or allow me to have a post install shell script that does that for me
<smoser> it has to know "this machine" (or possibly all machines) are configured like this
<roaksoax> smoser: right, but that's why it is by machine, and that's easy to do
<roaksoax> you only "import" what's been set for a "particular" machine
<roaksoax> and you handle that via templating
<roaksoax> so each machine would have their own node.post_inst_params for example
<roaksoax> so node.post_inst_params would be different for each if set differently
<roaksoax> smoser: having specific knowledge of what network interfaces there are and tell it how you want them to be configured would be a nice feature too
<roaksoax> but that still would require maas to tell some cloud-config code or shell for d-i post instll
<smoser> the simplist solution is really to just allow a network-interfaces file to be shoved down
<smoser> per-node
<smoser> and that to be used then
<roaksoax> smoser: yeah
<roaksoax> smoser: the only thing though is that we would always have to prevent overriding the manual configuration for BOOTIF
<EDocToor> sarnold, Thanks I have now finished my Ubuntu Server with (Apache2, BIND, Dovecot, ISPConfig 3) installed and configured... all thanks to you... I would never in a million years known that I would have had to put a "1" in my static address 192.168.1.121
<EDocToor> a million times X Thanks
<sarnold> EDocToor: hehe, glad to have helped :)
<EDocToor> I have a question sarnold ; I already have a host ; hosting www.icyourrc.com and I setup my UBuntu Server as icyourrc.com can I switch the DNS nameserver information and start hosting from my Practice icyourr.com Ubuntu Server Play Box.. if so, what URL or Google keywords would provide me with a good tutorial to do such a thing?
<EDocToor> LETS GO LIVE hehe
<sarnold> EDocToor: it's complicated because you'd need to configure your router to perform port-forwarding for all services you wish to run on your machine
<EDocToor> I can do that
<sarnold> EDocToor: you'd then need to update your NS records with your router's IP address, and wait for the old data to expire out of DNS caches all over the world..
<EDocToor> I have a dd-wrt hacked router
<EDocToor> I can do that
<EDocToor> ;-) But should I?
<sarnold> depends upon your ISPs Acceptable Use Policy :)
<EDocToor> good point
<EDocToor> sarnold, now I am off to the ubuntu channel to in install and configure a another Ubuntu Box for GUI .. actually I am think about Kubuntu.. thanks again ;-)
<sarnold> EDocToor: have fun :)
<EDocToor> You know it !!!
<EDocToor> Question: I have my Ubuntu Server attached to my dd-wwrt router and another ubuntu standard attached as well.. but when I go to the standard ubuntu box and click on file browser: Network the server doesn't show? do I have to edit a file on the Server to tell the server that it can share a folder or something?
<sarnold> EDocToor: in what way do you want to share files? NFS? SMB? something else?
<EDocToor> Samba..
<sarnold> EDocToor: okay, then apt-get install samba on the server and configure the smb.conf to export the directories you want :)
<EDocToor> Cake... this is so exciting... ha ha haaaaa
#ubuntu-server 2013-06-13
<EDocToor> How do I create a group called 'nobody' ;;; when I type sudo chown -hR root:nobody /pub ;;; Error chown: invalid group: 'root:nobody'
<sarnold> EDocToor: if you want the files to be readable only by root, then root:root would be a better choice
<EDocToor> I am creating a : nobody for my samba to access one directory on my lan
<EDocToor> can a group nobody be created
<sarnold> better would be to create a group with a more descriptive name :) who will use it?
<EDocToor> as this tutorial assumes that I have knownledge
<EDocToor> https://calomel.org/samba.html
<EDocToor> is it addgroup?
<sarnold> "The windows machines are going to access samba shares as the "nobody" user." *sigh*
<sarnold> I'd find a better guide
<EDocToor> LOL
<sarnold> hrm, I thought for sure I had a nice long description on stackoverflow of something horribly stupd on that page, but google isn't finding it for me. thanks goog.
<EDocToor> I love stackoverflow
<EDocToor> I am edoctoor there as well
<EDocToor> I created a script for adding a bot to a channel
<EDocToor> using windows
<EDocToor> Ok, when I search pages I get a lot of samba4 info... do you have a better tutorial or are you going to tell me the stupid part to avoid
<EDocToor> PLEASE... oops forgot to nod my head and ask politely
<sarnold> EDocToor: samba4 isn't yet in main, I'd suggest avoiding it for the time being. Obviously you're welcome to use it and file bugs :) but it probably won't be as reliable as samba3-based packages
<sarnold> EDocToor: I don't know a better guide, but feel free to run away from just about anything that ever suggests you to use the 'nobody' user or 'nobody' group for anything. they're almost certainly wrong. :)
<EDocToor> Yes, I have read about the END LESS loop of errors that follows samba4
<sarnold> EDocToor: you can probably create a new group for this use, 'windows' or 'shared' or something..
<EDocToor> and how would I do that Master
<EDocToor> addgroup shared
<sarnold> EDocToor: I think that's fine..
<EDocToor> I typed addgroup --help and none of it makes any sense as I am not knownledgeable with the terms
<EDocToor> Awesome..
<sarnold> EDocToor: don't forget 'man addgroup' -- manpages often have examples and better descriptions of options...
<EDocToor> sarnold, I am so glad that you mentioned that... I so forgot about the man manuals... thanks
<sarnold> EDocToor: man -k is also wonderful, it'll search the manpage names and short descriptions to find relevant manpages -- try man -k compression for a good example :)
<EDocToor> YES... this is exactly the tools I need... and I forgot that it was there... now when someone says "RTFM" I will know where the manual is.. I was to embarrassed to ask after such a comment
<EDocToor> awesome so -k is like an peek to the subtitles so that you have // I have an Idea if I am opening the right manual... awesome tip...
<EDocToor> Help: I wanted to create a backup root admin user called lets say 'cow' just incase I did something stupid like lock out my default root user.. I don't want to reinstall my whole server because I am learning passwd and chgpasswd commands... ::: That known; can anyone here assist me into creating a root level secondary user .. I have don't some reading.. but I almost locked myself out.. as described.. and would rather how to do it
<EDocToor>  ... then be here asking how to fix my admin mistakes
<EDocToor> what I have done so far
<EDocToor> adduser --system cow
<EDocToor> adduser cow sudo
<EDocToor> but when I reboot and login with cow
<EDocToor> and give password
<EDocToor> the screen flickers and returns to the LOGIN screen
<EDocToor> could it be because cow doesn't have an non-admin login set
<bradm> EDocToor: you told it to create a user with shell /bin/false when you used the --system option, so what you're describing is expected behaviour
<bradm> EDocToor: if you type getent passwd cow as another user you should see the shell is /bin/false
<EDocToor> bradm, arrrrrrrrrgh...
<EDocToor> k
<bradm> EDocToor: something like usermod -s /bin/bash cow should change its shell
<EDocToor> Exactly
<EDocToor> bradm, ok done.. now when I type 'getent passwd cow' it shows /home/cow:/bin/bash
<EDocToor> can I reboot now and test?
<bradm> EDocToor: great - you should be able to login now
<EDocToor> Thanks.. I was afraid to do anything.. ;;; I really apreacate it ... and I have locked myself out before.. not kidding
<EDocToor> have a great /day/night/afternoon
<EDocToor> depending where you are
<bradm> no worries, you too
<EDocToor> OMG.. your awesome bradm ... that worked as expected.....
<bradm> good to hear.
<EDocToor> one more.. before I get back at it... say I am logged in as root user 'cat' can I set the 'passwd cow' ?
<bradm> when you say root user, what do you mean?
<bradm> its a user who can sudo?
<EDocToor> has admin right
<EDocToor> yes
<bradm> sudo passwd cow
<EDocToor> Time to go and play... thanks again everyone...
<mop> I have an 'unkown TCP' process run by root on nethogs. Should I be worried?
<mop> also nethogs seems to get like 15% of cpu usage
<pii3> Hi
<pii3> i want to setup ubuntu as a gateway and capture all traffics passing from my gateway and Log them all for on year
<pii3> i need to log all URL in http and https and for other protocols just source and destination address
<byprdct> Hey guys what do I use if I want to use a password instead of a identityfile in my .ssh/config file?
<byprdct> I tried Password but doesnt work
<exnntech> Looking for multiple IP help
<exnntech> Hey
<exnntech> Won't lie, this channel is a bit dead
<soren> byprdct: You can't. Also, why would you do that?
<Daviey> byprdct: What are you trying to achieve ?
<Daviey> exnntech: multiple IP help?
<exnntech> Need Ubuntu server to have ip's 66.45.***.*** and 176.***.***.**
<exnntech> Any idea how?
<greppy> exnntech: edit /etc/network/interfaces
<greppy> if you need more info 'man interfaces'
<exnntech> Cheers, only used this for a week so bit of a noob
<exnntech> Still don't know what I'm doing :P
<exnntech> ..
<jcastro> utlemming: we don't have any doc pages on vagrant do we?
<jcastro> like workflows, etc.
<girl> hi
<girl> this is a good site of shoping
<girl> http://team-browser.com/
<girl> card visa maser .... all
<girl> enjoy
<girl> i have buy iphone 5
<girl> good by
<zul> jamespage/yolanda: https://code.launchpad.net/~zulcss/python-quantumclient/README-fix/+merge/169216
<utlemming> smoser: Bug 1189571 has updated branches for Quantal and Raring. Validation on the updated branches is done.
<uvirtbot> Launchpad bug 1189571 in isc-dhcp "[SRU] "Unable to set up timer: out of range" caused by bad 64_bit timer" [Medium,Confirmed] https://launchpad.net/bugs/1189571
<Siebjee> Does anyone has experienced strange unexplainable performance differences between Dell PowerEdge M420's ?
<smoser> utlemming, i'll take a look at that now.
<smoser> one question for you, utlemming
<smoser> have you done any work on that "*.json -> index.json" ?
<smoser> (ie, for simpelstreams index.js merging stuff)
<smoser> i'm interested in using it for http://bazaar.launchpad.net/~smoser/maas/netinst2ss/changes
<utlemming> smoser: yes, I have, incidently. I was just switching gears to get that done. I think I just need to integrate it.
<smoser> roaksoax, rbasak ^ your feedback on that simplestreams stuff would be appreciated.
<smoser> http://paste.ubuntu.com/5761763/ is what the streams file looks like.
<smoser> that'd be mirrored (with the files) some where.
<smoser> netinst2ss just scrapes archive data (checks signatures, downloads ... )
<smoser> rbasak, it is currently void of arm stuff
<smoser> which is kind of why i'm asking your input
<smoser> note, 'kernel-release' is there as 'base' meaning "precise if release is precise"
<rbasak> smoser: thoughts, as they come into my head
<rbasak> smoser: any plans on signature verification?
<smoser> to differenciate it from quantal netboot kernel/intiramfs for installing precise (which is available, but I explicitly skip it at the moment)
<smoser> rbasak, yes. obviously we'd add .sjson there also
<smoser> its also missing 'size' on the items...
<smoser> which is good ot have, but i have to http-stat all the urls to get it, and that just slows the process down
<smoser> rbasak, i also dont know where i would get installer kernel/initramfs info for arm
<smoser> found it.
<smoser>  [DIR]	linaro-vexpress/	23-Apr-2012 20:04 	-
<smoser> [DIR]	omap/	23-Apr-2012 20:04 	-
<smoser> bah
<smoser> http://ports.ubuntu.com/ubuntu-ports/dists/precise/main/installer-armel/current/images/
<smoser> so i'd have to also hit ports.ubuntu for arm stuff.
<smoser> netinst2ss would need additional support for that.
<rbasak> smoser: sorry, I need to go afk for a bit. I'll get back to you. And about that other thing. Tomorrow I promise :)
<roaksoax> smoser: looks good to me, and for my purposes i guess it is sort of enough infromation
<smoser> roaksoax, for your purposes, at the moment you can just basically know tha tofr a release, you're interested in 'base.generic.initrd'
<smoser> at the moment. that name might change.. but once we're settled, it wont
<roaksoax> smoser: ok cool. Yeah wont start working on it right away so I don
<roaksoax> smoser: ok cool. Yeah wont start working on it right away so I don't need it right now :)
<smoser> roaksoax, if you need want to play with it, you can just branch that, run it, and then point the sync at the 'out.d' that it creates.
<smoser> ie, out.d as the reote source
<roaksoax> smoser: ok cool, so I guess we will be consuming those scripts in maas-import-*
<roaksoax> smoser: r will those files be available on the mirrors
<smoser> the data in 'out.d' will be available on some irror
<smoser> either maas.ubuntu.com or cloud-images.ubuntu.com or possibly cdiamge.ubuntu.com (or somethign to that affect)
<roaksoax> smoser: ok cool
<smoser> but largely that doesn't atter, you just will sync with *some remote source* that looks like that (where 'remote' can even be local filesystem)
<smoser> the sstream-sync doesn't care if it is file:/// or http:///
<roaksoax> yeah
<roaksoax> smoser: so these scripts will be packaged them and consumable
<roaksoax> by maas-scripts*
<smoser> sstream-sync is in raring, but not in a super great state..
<roaksoax> smoser: i see, cause initially I thought to manually access the json files in the mirrors from maas-improt-p* beucase that way we don't depend on any external tool not within maas
<smoser> the wway i'd at leat like to pursue is that some program 'maas-import-ephemeral' invokes 'sstream-sync' (which then hooks to another progra (or possibly the first) to do the work).
<smoser> if that isn't deeed suitalle (usage of sstream-sync) , then we could write a Mirror class like (GlanceMirror) in python and use it from maas
<roaksoax> smoser: right, but TBH it makes no sense to keep maas-import-pxe-files and maas-import-ephemerals, and I was hoping to merge thouse together and in python
<smoser> either case, maas will depend on simplestreams.
<roaksoax> ok
<smoser> look at the way tools/hook-check-downloads works.
<smoser> you invoke 'hook-check-downloads', it invokes sstream-sync and tells sstream-sync (via cmdline flags) to call it back to operate on 'insert item'  and such.
<roaksoax> right
<bananapie> hey, I just compiled a software using make and make install. It dumped some so files in /usr/local/lib/ and when I run the executable it can't find the files that are in the said directory. I added a .conf file in /etc/ld.so.conf.d/ which points to that folder. Do I have to run a script or something so that it updates?
<bananapie> I have to run ldconfig
<bananapie> thanks
<autif> I am installing 12.04 server - xubuntu ISO is able to detect network drivers, while ubuntu-server ISO does not. Can I install server with networking using additional tools?
<patdk-lap> able to detect network drivers?
<patdk-lap> are you using 12.04? 12.04.1 or 12.04.2?
<autif> patdk-lap:  12.04.2
<autif> I meant detect network hardware
<patdk-lap> well, that should have it, maybe try 12.04.1?
<autif> xubuntu was 12.04 - will try server 12.04 instead of 12.04.2
<TriJetScud> is it just me or does ubuntu server's oem-config package do really need all of those dependencies on a text-only server?
<TriJetScud> http://pastebin.com/Vb1gr4cQ
<TriJetScud> that pastebin for refrence if somebody is interested
<Slyboots> Hello :)
<Slyboots> lHaving some problems with an install of Ubuntu-server 12 :(  Process goes through the entire process but fails when it tries to install the GRUB boot-loader.  Its a 6x Disk system and, due to how its listing the disks I've installed Ubuntu onto /dev/sde, Grub by default goes to /dev/sda and fails
<Slyboots> If I force it to /dev/sde, when the system reboots I.. just got a blinking underscore (no GRUB loader)
<Slyboots> Im kind of stumped as to what I should do. I would ahve figured installing gRUB on the MBR of /dev/sde should work but...
<sarnold> Slyboots: does your BIOS need to know which drive to boot as well?
<Slyboots> Im nmot sure.. its a HP Microserver so its bios is a bit.... odd
<Slyboots> Mm, hold on, it is something that simple..
<Slyboots> DOh, yea that was it :P
<Slyboots> wrong disk set to firstboot in bios
<sarnold> yay :)
<Slyboots> Uh.. maybe not
<Slyboots> "/boot is not available or mount failed"
<Slyboots> lol..
<sarnold> Slyboots: yay :) that's a forward step.
<sarnold> Slyboots: did you put your /boot into a raid5 or raid6 or something? grub is particular about what it can read.
<Slyboots> no only 1 disk contains the OS, its a very basic flat /dev/sde1 is boot in ext4 and /dev/sde2 is /
<Slyboots> lathough oddly the system still booted OK
<Slyboots> Just told it to skip tryingto mount /boot and after afew seconds I was at the login screen
<sarnold> o_O
<Slyboots> Hm.. how do you get the UUID for a disk, maybe fstab id wrongt
<Slyboots> .. somehow
<sarnold> Slyboots: run blkid (as root; I understand it can return stale results if run as non-root)
<Slyboots> Yea.. fstab was wrong
<Slyboots> Thats pretty weird..
<sarnold> Slyboots: the /dev/sd[abcde] order can change based on .. well, presumably adding / removing drives or controllers, maybe other situations
<sarnold> Slyboots: perhaps it was correct at one point and is now wrong.
<Slyboots> This is its first boot ^_^
<sarnold> haha
<sarnold> /dev/disk/by-*/ symlinks are nice
<Slyboots> But just updated the UUID entry to the correct value and.. its good
<Slyboots> sarnold, I thought that wa the point of UUID's that they should never change
<sarnold> Slyboots: indeed, uuids shouldn't.
<Slyboots> I guess the installer got a bit chewed up somehow
<sarnold> (my pal who complained about the stale values was complaining about it -after- formatting the drives with a new filesystem)
<Slyboots> Mmm
<Slyboots> Right, so..
<Slyboots> Do I use btrfs..
<Slyboots> or ZFS
<Slyboots> Shoot tahts right.. cant use btrfs -.-
<EDocToor> Hello everyone; I have a brand new server and wonder if https://help.ubuntu.com/community/Samba/SambaServerGuide is the guide that applies to configuring samba on Ubuntu Server... I ask this question as I don't know if this guide only applies to the GUI Ubuntu... or... maybe you could reply with a link to configure Samba (the samba that was installed during the install)
<RoyK> EDocToor: ubuntu server doesn't come with  gui
<RoyK> EDocToor: is this a single server, or do you have something like ldap or active directory around for authentication?
<Slyboots> Is there not a easy way to repeat a command several times in succession but change the values each time
<Slyboots> For exampe, in this case, I need to run the command "zfs create tank/$VALUE" where value changes each time
<EDocToor> RoyK, I understand that Ubuntu Server is Command line.. .. I am looking for a beginner tutorial to configure samba on a server so that my XP and other UBuntu can share files
<Slyboots> So do you ahve to just keep retyping and retyping..
<Slyboots> This comes up ALL the fecking time x.x
<EDocToor> Slyboots, do you mean... UP ARROW
<Slyboots> EDocToor, No I do not mean up-arrow
<RoyK> or perhaps "for i in 1 2 3 4; do asdf $i ; done"
<EDocToor> by bad
<Slyboots> It would be preferable if I coudl so something like "zfs create tank/$value1,$value2.."
<RoyK> Slyboots: pretty basic scripting
<RoyK> Slyboots: why are you creating several pools?
<RoyK> or was that filesystems?
<RoyK> "datasets"
<Slyboots> its a ZFS filesystem, different datasets for differnet datasets
<Slyboots> :D
<RoyK> for i in data rubbish porn private; do zfs create tank/$i ; done
<Slyboots> lol
<Slyboots> are you watching my console? :P
<RoyK> :D
<EDocToor> hehe
<Slyboots> RoyK, Ah neat thats handier
<RoyK> Slyboots: using zfsonlinux or zfs fuse?
<Slyboots> zfsonlinux
<RoyK> ok
<Slyboots> ITs a little funky, their package doesnt bother checking if you have the kernel-headers installed :P
<Slyboots> So it was broken when I installed it heh
<RoyK> considering it myself after some bad data happens to come from a drive and I can't sort out which drive's bad...
<RoyK> chose md because of flexibility, but seems that's overstated
<Slyboots> Yea I couldnt be bothered building a mdadm array and waiting forever till it builds
<Slyboots> I've used it in Nas4free and the like and its quite nice, although i dont use things like Dedup
<RoyK> I don't care about build time, but I do care about data quality
<Slyboots> Too memory hungry
<RoyK> zfs dedup is rather hungry, yes
 * RoyK has worked with zfs on open{indiana|solaris} for some years with half a peta of storage
 * Slyboots nods "I was curuis to try brtfs but it doesnt have RAID5/6 style support yet, so it was a no-go
<jcastro> it does now
<lifeless> jcastro: orly?
<RoyK> it does
<lifeless> jcastro: just a few months back it was still only mirror capable
<jcastro> yeah, I haven't tried a live migration yet
<Slyboots> mm
<jcastro> yep, it landed last major kernel release I think? let me look it up
<RoyK> but it doesn't assemble disks autoamtically on boot
<RoyK> which somewhat takes the fun away
<lifeless> jcastro: https://btrfs.wiki.kernel.org/index.php/FAQ#Can_I_use_RAID.5B56.5D_on_my_Btrfs_filesystem.3F
<jcastro> yeah, linux 3.9
<sarnold> Slyboots: maybe also this would work: zfs create tank/{foo,bar,baz} -- the shell does some expansions like that in handy ways
<lifeless> jcastro: 'The first drop of the code, in experimental form, is in the 3.9 kernel.'
<lifeless> jcastro: I don't like the sound of that :>
<Slyboots> sarnold, I'll give it a little try
<lifeless> jcastro: goes on to say 'This is currently only suitable for testing, as it is known to not be crash-safe, and many important (or even vital) features are missing.'
<RoyK> I tried it - wasn't too stable
<jcastro> lifeless: nor me, which is why I'm sitting on my RAID1 mirrors still, though I might snag another HP Microserver to play with it
<Slyboots> sarnold, hehyy, that works doo!
<Slyboots> Thats even handier :)
<lifeless> jcastro: gotta love the microservers.
<jcastro> lifeless: "I solved my RAID4/6 problem by using 2 servers and Ceph instead with disks way bigger than I intended."
<jcastro> I mean Raid5/6 of course
<sarnold> Slyboots: and sometimes, after you've run a command, you can use ^foo^bar to make a change: try this, ls -l /etc  -- then ^etc^var
<Slyboots> ...
<Slyboots> *mind* *blown*
 * Slyboots scribbles this stuff down
<Slyboots> Hrm.. wait that cant be right
<Slyboots> 5.28TB available with 6x 2TB disks?
<RoyK> yes, difference between TB and TiB
<RoyK> 1TB ~= .9TiB
<RoyK> linux reports TiB, like most platforms
<RoyK> try du -H
<RoyK> erm
<RoyK> df -H
<Slyboots> How does 5 2TB disks only equal 5.28 o.O
<Slyboots> Tahts nearly half the storage missing o.O
<RoyK> Slyboots: reported from zpool status?
<Slyboots> by zfs list
<RoyK> pastebin zpool status
<RoyK> and zfs list
<Slyboots> I see the problem.. I made a Raidz2 array
<Slyboots> Only supposed to be raidz :P
<Slyboots> (2x parity, instead of 1)
<RoyK> raidz2 is good (tm)
<RoyK> since sector errors usually are observed during rebuild
<Slyboots> Meh, not fo rmy use.  I keep backups of everything and theres nothing "critical"
<RoyK> so better add another driev or two
<RoyK> ok
<RoyK> go on :)
<Slyboots> hehe, the machines already full to the gills with disks :P
<RoyK> small sas 92xx controller, external sas expander, lots of drives => lots of storage
<Slyboots> haha, its a little HP Microserver for my media collection :)
<Slyboots> I've already had to hijack the eSATA port so I had a disk to install the OS ^_^
<Slyboots> I just keep mt TV/Movies.. some backups.. photos.. and anything thats not easly replaced I keep backed up to a external SATA disks
<Slyboots> But RAIDz2 would be nice.. but Im not sure I Can justfiy the sizable drop in space
<RoyK> zfs can handle some bad sectors without kicking the drive out
<RoyK> but keep in mind to enable ERC if it's supported
<RoyK> or increase drive timeout
<Slyboots> Hmm
<Slyboots> Well theses are WD "Red NAS" disks
<RoyK> WD Red supports ERC
<RoyK> Slyboots: http://paste.ubuntu.com/5762473/
<RoyK> this is rather failproof
<Slyboots> cool :)
<RoyK> put that in /etc/rc.local
<RoyK> perhaps I should have crafted one that parses /proc/partitions
<RoyK> but then - you might want deep recovery for a single root drive
<Slyboots> Hm?
<RoyK> deep recovery is the mode of most desktop drives
<RoyK> it can spend up to two minutes trying to recover a single sector
<RoyK> doesn't work well in a raid setup
<RoyK> the raid will kick out the drive rather early
<Slyboots> Yea by that time it'll assume the disk is dead and drop it
<RoyK> turning on ERC makes the drive return errors instead of timing out, which is fine in a raid setup, since it's got redundancy
<Slyboots> Good tip, thanks :)
<Slyboots> Oooh.. SATA port multipliers arnt cheap
<RoyK> and they somewhat suck
<RoyK> better get a good sas controller
<RoyK> doesn't cost a lot more, and delivers far more bandwidth
<Slyboots> heh, 2TB SAS disks would be nice but that .. quire require a lot more money, and pretty much a new setup
<RoyK> the 1068-based controllers from LSI are rather cheap on ebay atm, but they don't support drives >2TiB
<RoyK> you can connect SATA drives to a SAS controller, no problem
<RoyK> just not the other way around
<Slyboots> Holy crap LOL
<Slyboots> Â£435 for a 2TB SAS? :P
<Slyboots> Pass :P
<RoyK> did you read what I just wrote above?
<Slyboots> Oh right, hm intresting
<RoyK> that price seems a bit high - in Norway, things usually cost a bit more, and I find this drive at NOK 1699 - http://www.komplett.no/k/ki.aspx?sku=646289 - GBP 187
<RoyK> that's with 25% VAT
<RoyK> so perhaps you were checking the wrong site?
<Slyboots> I just happened to look at eBuyer
<RoyK> GBP 150+vat
<RoyK> not a lot more, and supports full duplex and better error handling
<Slyboots> thats quite a bit cheaper, but yea.. would be overkill for my needs :D
<RoyK> and better timing
<RoyK> and ...
<RoyK> still, you can attach SATA stuff to a SAS controller
<RoyK> via a SAS expander or direct attach
<Slyboots> Its certinally something to keep in mind, so would install a SAS card and attach a SAS expander
<Slyboots> then just plug the disks int ito?
<RoyK> yes
<RoyK> or just attach the drives to the sas interface
<RoyK> sas emulates sata
<RoyK> no need for an expander
<RoyK> the expander is just there if you need more drives attached to that controller
<Slyboots> yea the SAS cards seem quite cheap actually on ebay
<Slyboots> Like IBM ones etc for Â£20
<Slyboots> for.. *whistle* 8 more drive ports :D just need a caddy to contain the disks heh
<Slyboots> Oh thats actually intresting :) my Microserver uses SAS already
<Slyboots> (SAS cable to a SATA .. "rank"
<Slyboots> *rack
<RoyK> mhm - some 8087 plug
<RoyK> or 8086 - don't remember
<RoyK> external plug is the infiniband plug
<Slyboots> Aye, just need a half-hight card (Dont think this thing is big enough for a full sized)
<RoyK> they are mostly half-height, those I've seen
<RoyK> meaning, they come with a second bracket
<Slyboots> Its certinally a tempting idea, I hadnt considered this before
<Slyboots> You dont know of any cheap ish sort of.. hodler, that you coudl put the disks into (cause, disks still need power)
<RoyK> card comes with an 8087 plug (iirc) and you need a splitter to split those 4 sata buses into separate cables
<Slyboots> AYe I've seen a few of the auctions on ebay with the SATA splitter.  The only trick is still power though
<RoyK> there are some 4-drives-in-3-5,25"-bay shelves around
<RoyK> takes four sata connectors and some power and offers hotplug capabilities (given the OS driver supports it)
<Slyboots> hehe, do they have actual names?
<Slyboots> You mean like hot-swap bays?
<RoyK> yes
<RoyK> but external or internal?
<Slyboots> Well Im thinking if I installed a SAS card and jacked in.. another 4 disks lets say.  It would be nice to just have a container to hold the disks and provide power to em
<RoyK> try ebay or something
<RoyK> there are several
<Slyboots> Aye Im just trying to figure out the name for searching
<Slyboots> Ah heres something, 5-bay enclosure
<Slyboots> about Â£50ish odd quid..
<RoyK> url?
<Slyboots> expencive for what it is but still in the "Tempting" side of things
<Slyboots> http://www.ebay.co.uk/sch/i.html?_trksid=p5197.m570.l1313.TR1.TRC0.A0&_nkw=sata+hot-swap&_sacat=0&_from=R40
<Slyboots> Seem to be SATA / eSATA enclosures with power to the disks
<RoyK> this one? http://www.ebay.co.uk/itm/SONNET-ENC-SATA-DT4-B-Fusion-400-External-Hot-Swap-4-port-Sata-Hard-drive-cage-/300916636732?pt=UK_Collectables_HardDriveEnclosures_RL&hash=item4610077c3c
<Slyboots> Yea I mean they are about that price
<Slyboots> I think thats the sort of thing I would want/need
<Slyboots> Just plug that in, wire up the drives to the SAS card..  Lots-a-storage
<RoyK> probably better if you find a chassis that takes an 8087 in the arse
<Slyboots> haha, yea that might be better but Im just thinking from "This is the sort of thing I should be looking at" ratther than that specific model
<Slyboots> Ahh Backplane, think thats the right name for em
<RoyK> backplane is just a switchboard
<Slyboots> Its a very tempting idea, maybe when payday comes around and my pet is no longer dying from metal poisoning I can think about it :P
<Slyboots> hehe
<Slyboots> I would be badly tempted to wipe the backup disks and just intergrate them all into the array in a big raid2z or whatever array
<Slyboots> .. all that storrage lol
<Slyboots> I dont know what I would do with it :P
 * RoyK is more than slightly tempted to replace md with zfs after seeing silent errors only detected by ext4's metadata checksumming
<Slyboots> Aye I've notcied a few of my videos taht I've known where good copies have tiny ammouts of corruption
<Slyboots> Wa quite shocking, espically as even a little on video is super noticable
<RoyK> did you see that zfs presentation?
<RoyK> http://wiki.illumos.org/download/attachments/1146951/zfs_last.pdf
<RoyK> only problem with zfs is that you have to give away flexibility for safety
<Slyboots> aye you cant "grow" an array
<Slyboots> That is kidna fustrating
<RoyK> you can add more VDEVs as in single drives or raidz? or something, but not extend a VDEV
<RoyK> or you can replace every drive with a larger one
<Slyboots> You can create another "Pool" and merge them together.. but you cant say.. jam in a single 2tb disk and grow your main pool
<RoyK> then, eventually, it'll grow
<Slyboots> Its a little bit odd
<RoyK> and since the drive producers are only three now, they tend to keep the prices high and no larger drives have appeared for almost two years
<RoyK> no, it's not corruption, it's just craftmanchip, as if :P
<Slyboots> heh
<keithzg> Arghh. I hate MySQL so, so much. Read the logs? Oh, they're binary. Okay, cool there's a utility to read those....oh, despite being processed by mysqlbinlog the actual events are still written in binary not plaintext, so I still can't see the actual events, only the header comments. Sigh.
 * keithzg suspects this might just be due to his company using MySQL as a backend for Fogbugz and Access 2000.
<EDocToor> hi... I am still researching samba and anything IP confuses the crap out of me.. So I am going to politely ask for help.. or hints.. I am trying to share files from my Ubuntu Server to my Ubuntu with GUI.. What I have done is: smb.conf comment=Home Directories; browseable=yes;read only=no.. $ sudo smbpasswd -a cow $ sudo smbpasswd -e cow $ sudo smbd reload "temp enabled router DMZ" $ sudo chmod 0750 /home $ sudo chmod 0766 /home/
<EDocToor> cow/Downloads $ sudo chown cow:cow Downloads... On the other GUI Ubuntu the error is Cannot display location cow@cow/home/cow/Downloads
<EDocToor> Failed to mount windows share
<EDocToor> I have done a lot of research.. it is that I am not that bright
<Slyboots> This is such a pain in the ass
<Slyboots> Trying to get fuckign permissions working right with a windows client -.-
<Slyboots> Beh, going to bed.
<sarnold> EDocToor: can you pastebin the output of ls -l /home /home/cow /home/cow/Downloads ; ps auxw | grep -i smb
<EDocToor> sarnold... guess I should get ssh going first so I have access to paste bin
<EDocToor> ok... thanks
<EDocToor> I'll put samba on the shelve for now
<sarnold> EDocToor: the 'pastebinit' package is also pretty useful :)
<EDocToor> nice
<EDocToor> brb
<EDocToor> awesome first time with pastebinit http://paste.ubuntu.com/5763009/
<EDocToor> Notice the Download folder/directory does not show
<EDocToor> my bad
<EDocToor> I must have done something wrong
<EDocToor> let me do it again.. I rushed ...
<sarnold> EDocToor: that might be because /home/edoc/Downloads is owned by root:root, not edoc:edoc
<EDocToor> awwwwwwww
<EDocToor> it is
<EDocToor> something else strange
<EDocToor> when I type edoc# ls -l Downloads
<EDocToor> it displays
<EDocToor> when I type edoc# ls -l /home/edoc/Downloads
<EDocToor> it doesn't
<EDocToor> I am having fun...
<EDocToor> thanks
<EDocToor> I can not see BLUE on a BLACK screen.. so I might have done a mistake
<sarnold> no one can see blue on black :) I've tried a dozen times, it never works. hehe. :)
<EDocToor> I will change it to yellow later
<EDocToor> but that is how the default setup displays folders
<EDocToor> I have the tutorial loaded... just haven't got there yet
<EDocToor> sarnold, http://paste.ubuntu.com/5763039/
<thumper> hallyn: ping
<thumper> hmm... 6pm
<sarnold> EDocToor: ~edoc/Downloads/ is now edoc:edoc 766 -- this means only edoc and root can read or write files in Downloads, and everyone can get directory listings of downloads..
<EDocToor> sarnold, I take it ... that isn't what I want.. ;-)
<EDocToor> smbclient -L 192.168.1.121 ... looks good and I can see a printers folder.. I just can not get my /home/edoc/Download folder to show up on client
<EDocToor> oh... and I take it that I should $ sudo chmod 0750 /home
<sarnold> EDocToor: or leave it at the default 755
<EDocToor> yes... 755 was the default... but I read that I should add /etc/adduser.conf
<EDocToor>  DIR_MODE=0750
<EDocToor> as that is too advanced for me...
<sarnold> that makes it significantly harder to share files among users on a system
<EDocToor> I see that...
<sarnold> fine if you want to prevent sharing :) but most places are fine to store private things in a directory under home with 700 permissions
<EDocToor> My goal is to KISS and learn to slowly get more complicated
<EDocToor> brb.. thanks
<JoeBlacken> Hi, how can I disable boot messages in Ubuntu 12.04, I already disabled the splash, I also want to remove the text messages from boot
<sarnold> JoeBlacken: adding loglevel=0 to your kernel command line (grub or whatever bootloader..) might help cut down on some
<sarnold> JoeBlacken: look in the linux kernel's Documentation/kernel-parameters.txt file for more details
<JoeBlacken> sarnold, is there a way to do that without re-compiling the kernel?
<sarnold> JoeBlacken: just edit your kernel command line wherever it is set and reboot
<JoeBlacken> sarnold, thank you, I will try that
<JoeBlacken> sarnold, it worked, thank you again
<sarnold> JoeBlacken: woo :)
<EDocToor> sarnold, every day I am getting a tiny bit smarter.. thanks.. Note: I still haven't got it.. but I like to grind a bit before I dig here... I think I am missing a line in the smb.conf that tells samba what folder to share
<EDocToor> bbl
<sarnold> EDocToor: step #2 here.. https://help.ubuntu.com/12.04/serverguide/samba-fileserver.html
<EDocToor> sarnold, tanks a million ;-)
<EDocToor> https://help.ubuntu.com/community/CustomizingBashPrompt Nope this isn't is.. I can see the prompt.. I want to change the default DIRECTORY COLOR... can that be my next step
<EDocToor> LOL
<sarnold> EDocToor: man ls, you'll see the environment variable name in there...
<EDocToor> perfect.. let me do some work.. but tell me what to read
<EDocToor> so I get used to finding help within Ubuntu
<EDocToor> ha ha man -k ls wow
<EDocToor> I had no idea
<sarnold> EDocToor: the manpage for dircolors, then your ~/.bashrc file
<EDocToor> dircolors
<EDocToor> cake
#ubuntu-server 2013-06-14
<phunyguy> hello... I am probably doing something wrong here, but I am trying to get upstart to startx with xbmc-standalone process for my new media PC on a ubuntu server install. I have /etc/init/xbmc.conf set up to run the command, but it never runs... am I missing something?  I don't know much about upstart.
<phunyguy> I can login as the user that it runs as and type the startx command, and it runs perfectly.
<sarnold> phunyguy: servers don't typically have X installed, you may have better luck in #ubuntu
<phunyguy> yeah I installed it
<phunyguy> and I doubt it :(
<sarnold> hehe, could be :/
<phunyguy> but in theory, if you just put a .conf in /etc/init, with the proper parameters, upstart should start it, right?
<sarnold> phunyguy: I think lightdm can be configured to log in a given user without bothering with password.. that might be easier than dealing with 'startx' manually from an upstart script
<phunyguy> or am I way off there? I just think I am missing a step somewhere
<phunyguy> sarnold: that's the thing, it works as expected if I type the command manually.
<phunyguy> so essentially the way lightdm would be started, I just want it to start xbmc instead.
<qman__> phunyguy, it's going to be way easier to just use a normal desktop manager and configure it to automatically do what you want than to try and make startx run by itself
<qman__> people already figured out how to start X on boot, no need to reinvent the wheel
<phunyguy> I didn't think it would be that difficult.... I followed a how-to, but it's just... not working.  I suppose I can have lightdm call xbmc for it's session.... no?
<phunyguy> its*
<phunyguy> WOW lightdm pulls in a TON of dependencies....
<phunyguy> that was what I was trying to avoid.  :(
<phunyguy> and sarnold, I asked in #ubuntu and got what I expected.  "Why not just use XBMCbuntu".  Ugh...
<phunyguy> I don't want the easy way out, I want it to be what I want it to be.  :)
<qman__> try with --no-install-recommends
<phunyguy> that's better
<phunyguy> 3 packages is better than 30/
<qman__> being a desktop manager, it's going to recommend a lot of desktop stuff
<phunyguy> yeah it was all unity related poop.
<qman__> and if lightdm won't do what you want, there's always xdm
<phunyguy> WOOHOO!!  Got it.  Thanks!
<phunyguy> this is pretty.  Got it using a custom xbmc boot splash screen, then when it launches xbmc it uses the same logo as the boot splash for the app splash, just the dots dissappear... that looks neat.  Then xbmc pops up!  Thank you for your help.
<sarnold> phunyguy: nice :)
<EDocToor> Hello sarnold , I think that I have to put "export LS_COLORS=$LS_COLORS:"di=01;34":"di=01;33"" into my ~/.bashrc ... but where?
<EDocToor> to change the BLUE to YELLOW
<EDocToor> or do I ~# dircolors -p > ~/.dircolors
<EDocToor> and edit the di=01;33 and somehow edit the bashrc to read the file
<EDocToor> I get so close.. but too afraid to muck up
<sarnold> EDocToor: note the bit in your ~/.bashrc near # enable color support of ls and also add handy aliases
<EDocToor> I am there..
<dacdave> Anybody using landscape to manage ubuntu servers?
<dacdave> I have a server running natty (11.04). Having trouble installing landscape-client. "Failed to fetch..." serveral times.
<dacdave> Worked fine from server running precise (12.04 LTS).
<sarnold> dacdave: natty reached end-of-life about seven months ago: https://wiki.ubuntu.com/Releases
<sarnold> dacdave: natty's replacement reached end of life about one month ago
<EDocToor> sarnold, add this line within the # enable if statement... maybe .... """  alias di='di --color=01;33'   """
<sarnold> EDocToor: heh, probably easier would be to modify your ~/.dircolors file
<EDocToor> brb
<EDocToor> sarnold how do I run the .bashrc to see if a change has occurred
<EDocToor> reboot
<EDocToor> LOL
<sarnold> EDocToor: "source .bashrc"
<EDocToor> it seems man uses too many words that I don't understand
<sarnold> EDocToor: but 'source' gets old, you can also run ". .bashrc"
<EDocToor> Success
<EDocToor> I have YELLOW directories
<dacdave> So I have to manually install precise before I can add this server to landscape?
<dacdave> That's what I did on my first server, but was hoping for a better path for the other four. :(
<sarnold> dacdave: you -might- be able to use the old-releases to install landscape, and -that- might be able to help you upgrade..
<dacdave> Thanks. I just started my trial of landscape, and I have a support ticket in with Canonical. I'll wait until I hear something from them.
<sarnold> ah cool, they'll probably know better than I will :)
<EDocToor> sarnold, it turns out to be : dircolors -p > ~/.dircolors ::: edit .dircolors DIR 01;33 # directory ::: and . .bashrc ::: After Reboot the DIRECTORIES are in fact YELLOW
<sarnold> EDocToor: well done :)
<sarnold> reboot wasn't strictly necessary, you just needed to source the ~/.bashrc in whichever shells you still had open
<sarnold> but still, that was a few steps :) hehe
<EDocToor> did I understand the man... not very well... but I'll watch this channel to learn the words.. REBOOT was my way of saying perminint without admitting that I can not spell it.. to tell the truth
<sarnold> EDocToor: haha :) a new command to learn; install the bsdmainutils and wamerican packages, and you can use the 'look' command to look up words by the first few letters :) 'look perm' returns only 47 words, which makes it easy to see how to spell the word you're after. :)
<EDocToor> sarnold.. is that on a command line server... or install on the GUI client
<sarnold> EDocToor: whichever one is most convenient.
<EDocToor> do you know why my "locate" doesn't always seem to locate?
<EDocToor> I guess I have to learn to grep
<sarnold> EDocToor: the locate database is rebuilt only occasionally
<EDocToor> makes sense
<EDocToor> I am so pleased with my yellow directory
<EDocToor> bbl have to stand for a bit.. thank you very very much
<sarnold> when I first started with linux I actually went to the effort of using a full-text indexing engine to index the entire hard drive for keywords. I could recall the keywords I wanted to change, just not where the files were located. ;) I don't thnk I'd recommend it, but I do recall spending forever trying to remember file locations.
<EDocToor> I read the MS-DOS 3.1 front to back three times... and wrote batch files that were 5 to 7 pages long...
<EDocToor> So I am very old
<EDocToor> is what I am saying
<EDocToor> as I see I am dating myself
<sarnold> nice. when I started with dos, 5.0 had just been released and was the shiny new thing. :)
 * genii gets nostalgic for dos 3.3
 * thumper remembers cpm
<genii> thumper: Me too :)
<hallyn> thumper: .
<thumper> hallyn: oh hai
<thumper> hallyn: I have a couple of lxc questions, but nothing urgent
<thumper> so I'll put them into an email
<thumper> OTP right now
<hallyn> thumper: ok, thanks :)  ttyl
<thumper> ciao
<EDocToor> Yes, bill figured out that an end user OS that didn't require a degree in programming would make him rich.. thats what I like about UBUNTU... it is exactly what the end users are looking for...
<EDocToor> like Sheldon Cooper 'big bang theory' says, "I ammmmm back"
<EDocToor> hehe
<adam_g_> jamespage, zul needed for CA http://people.canonical.com/~agandelman/ca/folsom/keystone_2013.1.1-0ubuntu2.1~cloud0/
<EDocToor> I am lonely
<EDocToor> I am tall
<EDocToor> anyone home... hehe
<airtonix> is there any way to disable screen lock on byobu? (on aws ubuntu instances the default ubuntu user doesn't have a password)
<thelamest> any Piwik users here, does the database grow linearly forever or does it more or less stabilize after 4 months when old archives are removed?
<lifeless> thelamest: whats Piwik?
<thelamest> lifeless: website statistics, somewhat fancier than webalizer/awstats
<progre55> Hi guys. When I do a "grep -a <some_pattern>" on the entire device in /dev/sda, I find some matching text, but when I do a recursive grep on the mounted partition, it finds nothing. Is there a way of finding that data and getting rid of it? Are there any tools that clean the deleted sectors of a disk?
<lifeless> there are
<lifeless> progre55: apt-get install secure-delete
<progre55> lifeless: but how do I find what I want to delete? I mean, I don't have a file-pointer to the data.. or does secure-delete take care of that, too?
<lifeless> progre55: I understood your question :)
<lifeless> progre55: read the description of secure-delete if you're not sure, but it's small.... install it, read the man page, enjoy.
<lifeless> progre55: note that secure delete on SSD's is actually ridiculously hard.
<lifeless> [and secure-delete is probably not going to be effective at it, even though it will fix it for the simple case of grep]
<progre55> lifeless: thanks a lot, will give it a shot
<liquid-silence> hi all
<liquid-silence> I need a tool that can monitor my router for traffic via upnp
<liquid-silence> as it does not support snmp
<slyboots> Afternoon folk
<slyboots> Im just thinking about something.. is there any notworthy difference between SATA-150/300?
<slyboots> Looking at a SAS card for my little home NAS, found something on eBay but its ony SATA150..
<mardraum> throughput?
<slyboots> well Im thinking if your just using SATA physical disks
<slyboots> In a "home" enviroment, would the different between SATA3 and SATA1.5 be that noticable
<mardraum> depends what you do at home I guess
<liquid-silence> no one knows?
<liquid-silence> hmm anyone know of a tool that can do upnp monitoring of network interfaces?
<liquid-silence> I need to monitor a router that does not support snmp
<slyboots> I suppose what Im thinking if if Im moving a 1Tb file to the NAS to a SATA 1.5, what sorta speeds would I be likly to see
<_ruben_> upnp isn't meant for monitoring afaik
<slyboots> Right now Im getting about 80/90MB a sec on SATA3 disks
<_ruben_> you wont get much more out of a single sata disk
<_ruben_> also, buying a sas card is rather overkill when using sata disks
<_ruben_> also, the bus usually isn't the limiting factor. in most scenarios at least
<slyboots> _ruben_: I just need more space.  and I can get a low-grade SAS card for next to nothing
<smb> zul, libvirt 1.0.6-0ubuntu1 installed on Saucy  fails to give connection from Precise virt-manager (downgrading to 1.0.5-0ubuntu1 makes it work again)
<smb> zul, Might be because of "virKeepAliveTimerInternal:140 : No response from client 0x7f911c7d2300 after 5 keepalive messages in 31 seconds"
<koolhead17> jamespage: around?
<jamespage> koolhead17, yep
<koolhead17> found pot of gold today http://techbackground.blogspot.in/
<koolhead17> nice written blogpost with/around quantum
<koolhead17> ubuntu
<koolhead17> jamespage: see if it helps :)
<jamespage> koolhead17, yeah - thats a nice feature
<jamespage> the quantum-gateway charm supports that for grizzly
<jamespage> although I prefer config-drive myself
<koolhead17> jamespage: :)
<koolhead17> so all charming stuff around quantum is under your belt?
 * koolhead17 pokes zul 
<liquid-silence> fsck this upnp shit
<ivoks> does anyone know mox? :)
<pgoetz>  
<psivaa> hallyn: hello, ceph and lxc tests appear to hang with the installations from yesterday.
<psivaa> hallyn: i could not find why except that the kernel version is new from yesterday
<psivaa> hallyn: the VMs are in aldebaran if you'd like to look into it
<hallyn> psivaa: i'm afraid not right now.  this is saucy?
<psivaa> hallyn: yes, saucy images of yesterday and today
<psivaa> hallyn: both amd64 and i386 and on lxc and ceph tests, when you have some time. ill leave the machines on
<hallyn> psivaa: actually i'll take a look right now, asssuming my sshconfig is up to the task
<rbasak> smoser: good morning! Are you free to chat about netinst2ss?
<smb> hallyn, psivaa would those tests try using libvirt from a Precise side?
<hallyn> smb: ?
<psivaa> smb: the vm hosts is Precise
<psivaa> s/hosts/host
<smb> hallyn, Just that I had an issue this morning with connecting from precise to saucy because of latest libvirt on saucy
<smb> Downgrading the saucy side to previous version solved it for me
<hallyn> psivaa: the guests don't seem to have networking
<hallyn> well, i couldn't ping google
<hallyn> hm i guess they do
<hallyn> zul: ^
 * hallyn biab
<hallyn> psivaa: please leave those vms up if you can
<hallyn> (need to relocate)
<psivaa> hallyn: sure they will be on
<mop> why does it seems wget is downloading asynchronously?
<cat5> any LVM'ers in the house?
 * RoyK^ raises a hand
<cat5> nice
<cat5> beating my head agains the wall on this one..
<cat5> vgcfgrestore has the 5 disks I need, and are in the machine..
<cat5> but, a vgdisplay shows the wrong disk, and of course, won't activate.. I *must* be missing something or a step somewhere..
<cat5> more info: http://paste.ubuntu.com/5765187/
<cat5> if your not sure, let me know..
<RoyK> cat5: no, not sure. I'd try #lvm
<cat5> yeah.. I'm in there..
<cat5> no one seems online
<hallyn_> psivaa: seems to hang on unpacking initramfs
<mop> anybody knows how I can wait for wget to finish before going to the next line in a bash script?
 * hallyn_ confused - are you backgrounding it?
<mop> nope I'm just wget -O
<psivaa> hallyn_: ok, curious how you found it
<hallyn_> psivaa: i just did strace -f -p `pidof debootstrap`
<hallyn_> i don't know why it's hanging though
<hallyn_> sorry got sidetracked with email :)  manual debootstrap works fine.  what on earth...
<mop> ok adding some & fixed it
<mop> I think ...
<mop> the problem seems to be that the script exists as soon as the wget finishes
<mop> I don't know why
<mop> I'm doing https://dpaste.de/hYx1w/
<mop> ok the & probably shouldn't be there in any case
<mop> ok it's doing it async that's why
<hallyn_> waait a minute
<mop> basically I just want to install the deb after downloading it
<qman__> mop, why do you have & on lines 2 and 3?
<mop> yeah that was wrong
<mop> I removed them
<qman__> mop, use single quotes around the URL
<qman__> it has ampersands in it which are being parsed
<mop> hmm good catch
<mop> let me try
<mop> that was indeed the problem, cheers m8
<hallyn_> psivaa: what's the simplest utah command for running a test on a new machine by hand again?
<psivaa> hallyn_: sudo apt-add-repository -y ppa:utah/stable
<psivaa>    sudo apt-get update
<psivaa>    sudo apt-get install utah
<hallyn_> did that :)
<psivaa> sudo utah -r lp:ubuntu-test-cases/server/runlists/ceph.run
<hallyn_> oh, that's it?
<hallyn_> it'll grab its own iso?
<psivaa> hallyn_: ahh sorry this is to run the tests on an installed vm
<hallyn_> oh
<hallyn_> that's helpful as well
<hallyn_> in fact i'll start with that
<hallyn_> thanks
<psivaa> hallyn_: run_utah_tests.py -i /abs/path/to/saucy-server-amd64.iso -p lp:ubuntu-test-cases/server/preseeds/lxc.preseed lp:ubuntu-test-cases/server/runlists/lxc.run should work as well
<psivaa> hallyn_: i mean the second one will install the vm and run the tests
<hallyn_> psivaa: thanks
<psivaa> hallyn_: im going EOD for now :)
<hallyn_> psivaa: have a good weekend
<bradley__> ok, so i connected to a wifi network and iwconfig tells me im on but im not connected to the internet and i cant even ping 192.168.1.1 it says network is unreachable
<bradley__> how would i fix this
<hallyn_> psivaa: fwiw a custom saucy server install on my precise server passes lxc tests.  maybe it *is* related to the libvirt bug smb was mentioning.  /me needs to scroll up
<adam_g_> zul, http://people.canonical.com/~agandelman/ca/grizzly/keystone_2013.1.1-0ubuntu2.1~cloud0/ + http://people.canonical.com/~agandelman/ca/folsom/keystone_2012.2.4-0ubuntu3.1~cloud0/ pweeeease
<Logos01> Greetings, folks... I'm using an lxc container to communicate w/ my company's private network (I.e.; isolated network-stack vpn client). Trouble is, lxc defaults to using the 10.0.3.0/24 network for containers and that's where my prod servers live for my current project... (but not inside the lxc instance).
<Logos01> Anyone have any info on changing the subnet lxc assigns?
<sarnold> Logos01: check /etc/init/lxc-net.conf for details; /etc/default/lxc can override those values.
<Logos01> File's non-existent.
<Logos01> Or... not.
<koolhead11> hallyn_, hey there
<Logos01> O_o maybe I mis-CNP'd. Odd.
<sarnold> Logos01: or I may have mis-typed. I'm lazy enoug hto not cnp :)
<Logos01> No, I'd done so from elsewhere.
<hallyn_> hey koolhead11
<hallyn_> you've been demoted?
<hallyn_> (you used to be 17 right?)
<koolhead11> hallyn_, yeam man. its about time. getting younger
<Logos01> So ... I found defaults in lxc-net.conf... changed them... and yeah, /etc/default/lxc overrode it
<Logos01> But... changes made. Awesome, thanks much!
<sarnold> Logos01: excellent :) have fun :)
<Logos01> Indeed.
<Logos01> We have about 5 different cisco vpns here... none allow split tunnelling.
<vfw> "
<Logos01> Guess what my work-around is.
<koolhead11> hallyn_, how have you been man?
<Logos01> Thanks, again!
<hallyn_> koolhead11: all right.  having a blast.  hwo about yourself?
<koolhead11> alive/kicking can`t complain :)
<hallyn_> played any good volleyball lately?
<pgoetz> I'm working with the 64-bit 13.10 server, but have seen this behavior with previous OS server versions.  Does anyone have any idea why when you set up a software RAID 1, some times it shows up as /dev/md0 and other times as /dev/md127, seemingly randomly; and/or why it will switch from one to the other between the install and the first reboot?
<koolhead11> hallyn_, no man that was the last game i played :(
<hallyn_> ditto
<hallyn_> all right test is running, i need to step afk to clear my head and come back to check results later - bbl
<ThothCastel> what is the difference between user@server:/# and user@server:~# ?
<ThothCastel> if type       sudo su   then I get the       user@server:/#
<ThothCastel> if I type sudo su -     then I get the      user@server:~#
<ThothCastel> if I am on the   user@server:~#      and type     ls       then nothing comes up
<ThothCastel> what is the diference between one and the other pls?
<pgoetz> One is the root directory and the other the user's home directory.
<pgoetz> Nothing comes up because the directory is empty.  Type `pwd` in each case and you will see the difference.
<pgoetz> `su -` means load the root user's environment
<ThothCastel> how do I kill all processes to use the shutdown command?
<genii> That question doesn't make any sense.
<genii> ThothCastel: The shutdown command will kill everything, yes. Like: sudo shutdown -h now     ...for halt, and: sudo shutdown -r now   ...for reboot. Is that what you were asking?
<ThothCastel> genii: yes, thank you!
<genii> ThothCastel: You're welcome
<ThothCastel> genn
<ThothCastel> genii: I am to install ldap for the first time on a virtual machine with ubuntu server 12.04
<ThothCastel> I would like it not to use my network interface cards (wifi) so if I configure a master dns on the main virtual machine, will that be ok?
<ThothCastel> I would like my vms to connect to each other but not to my host machine hence a dns install on the vm, right?
<ThothCastel> am I doing it right?
<genii> ThothCastel: Sorry, that's not my area of knowledge.
<bekks> ThothCastel: Hmm, not that right, actually.
<bekks> As long as your host doesnt use the DNS vm, everything is ok. Just use intnet adapter types for your vms.
<subman> I'm getting the following when trying to use apt-get:  dpkg: dependency problems prevent configuration of linux-generic-pae:
<subman>  linux-generic-pae depends on linux-image-generic-pae (= 3.2.0.45.54); however:
<subman>   Version of linux-image-generic-pae on system is 3.2.0.48.58.
<subman> I've tried to fix with apt-get -f install and apt-get autoremove.  Still this issue.  Any ideas?
<ThothCastel> is it possible to install the GUI only for selected applications? e.g. firefox  -   on a linux server without the GUI
<ThothCastel> what is the default browser installed on the ubuntu server 12.04?
<subman> There is no default browser
<subman> You would need to install a command line text browser.  Like lynx
<subman> I stand corrected, w3m is.
<subman> w3m -v http://www.google.com for example.
<subman> ThothCastel, here:  http://ubuntuforums.org/showthread.php?t=1459742
<subman> ThothCastel, I just tried w3m on my server and it worked fine, I just don't remember if I actually installed it or it came default!
<EDocToor> Howdy, everyone
<ThothCastel> subman: thank you
<subman> ThothCastel, no problemo
<ThothCastel> is an LDAP in linux like having the Active Directory in Windows?
<Patrickdk> since AD does a lot more than ldap, no
<ThothCastel> Patrickdk: so if a company is a solution that Windows provides (AD) but with Linux, then the LDAP packages be the way forward or there are other better solutions?
<Patrickdk> linux cannot provide AD
<Patrickdk> samba 4 is suppost to do AD though
<Patrickdk> ldap is just one part of AD
<Patrickdk> it's like saying, an smtp server is a email solution
<Patrickdk> you missing all the other parts
<ThothCastel> Patrickdk: I see, so let's say that windows disappeared for good and we have to use linux to provide that, then Samba 4 would be the way forward or LDAP?
<sarnold> can you glue together an ldap and kerberos on linux to fake up an AD today?
<ThothCastel> or does Samba use LDAP?
#ubuntu-server 2013-06-15
<EDocToor> I am back
<EDocToor> he he
<nibalizer> hi all
<nibalizer> i'm watning to get openssh-lpk
<nibalizer> is there a 'more official' ppa with the patches applied?
<nibalizer> or... since i guess openssh upstream pulled it in, a really new version?
<Patrickdk> nibalizer, I was attempting to use lpk, but I ended up just using a script instead, and using normal ssh
<nibalizer> script to prepopulate you mean?
<Patrickdk> no
<nibalizer> ?
<Patrickdk> it reads from the script, instead
<nibalizer> how did you get that working?
<Patrickdk> by following the directions/manual
<nibalizer> okay
<Patrickdk> https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/openssh-sssd.html
<mop> anybody knows a quick way to get the %cpu usage integer?
<EDocToor> <EDocToor> Will samba share files between two a ubuntu-server and a ubuntu box?... it seems that all my ports are closed on the Ubuntu Box... nmap -T4 -A pal.icyourrc.com reports all 1000 ports are closed.. I have temporary enabled DMZ on the router for testing .. Any ideas?
<EDocToor> sarnold, are you there?
<EDocToor> When configuring /etc/network/interfaces is the gateway and the Broadcast address the same on both computers connected to my router?
<EDocToor> I have NO ports open reported by nmap so I assume that I did something wrong with configuring my interfaces file
<EDocToor> !seen EDocToor
<ubottu> I have no seen command
<EDocToor> !spoke EDocToor
<Kayito> Hey. Does anybody here have experience running a GUI'd virtual machine on top of a ubuntu server?
<Kayito> take that a a no...?
<streulma> hello what is the difference between Debian and Ubuntu Server ?
<streulma> which is the best ?
<yeats> streulma: debian and ubuntu are totally different distros with different goals and intents
<yeats> functionally they are very similar
<yeats> so it's a matter of preference mostly
<streulma> yeats: Linux is Linux I think ?
<yeats> streulma: you asked, right?
<streulma> yeats: I don't know wich linux version to install on the server :)
<mardraum> linux is a kernel
<mardraum> you are asking about distros
<mardraum> try them both, and use the one you like the most.
<streulma> why runs my ubuntu servers always out of memory ?
<treetreetr33> how much do you have? do you have a /swap as well?
<mikeey> I am curious about an entry in my netstat listing, it shows: "tcp6       0      0 ip6-localhost:6010      [::]:*                  LISTEN      18524/2" and I am curious about what this process is?
<mortrca> Anyone here know anything about setting up Kerberos?
<mortrca> All of the tutorials I have found talk about multiple servers in the configuration. I would like to know if it can be done with one server and how that affects security.
<ThothCastel> I am trying to check my dns caching server by using the dig command
<ThothCastel> I'm trying this https://help.ubuntu.com/10.04/serverguide/dns-troubleshooting.html#dns-testing-dig but I see no difference in the output between the first and the second dig commands
<ThothCastel> how to check if dns caching server is working properly
<ThothCastel> ?
<patdk-lap> the ttl goes down :)
<ThothCastel> in my case it's not going :S
<EDocToor> OMG I was trying to install-configure-learn samba... and when I typed a couple commands ... sambas' error msg: Your to stupid for a computer, pack your computer up, put it back in the box, and bring it back to the computer store...
<patdk-lap> sounds good
<shauno> I'd call that a bug, should be "you're"
<EDocToor> Goodmorning... Thanks for all your help guys... your awesome.. and I couldn't do it without you... your support is very much appreciated!!!
<shadej> hello guyes
<shadej> guys
<shadej> am using apche2 server
<shadej> when i load ssl module
<shadej> httpd is stopping
<shadej> why is this happenning?
<ThothCastel> why is my dns caching not working?
<ThothCastel> I have my named.conf.options file with forwarders { 8.8.8.8; 8.8.4.4; 64.81.79.2; 66.80.130.23; 64.81.79.2; 216.231.41.2 };      what is wrong with it?
<patdk-lap> why do people ask questions without any reference materials? logs? anything
<EDocToor> patdk-lap, I is because you guys are masters, geniuses, and we are too dumb to dress ourselves; and when we do provide a whole bunch of information at the start it sometimes confuses what the real question is.. trust me we really are trying to be better at pleading for scraps of your genius.
<patdk-lap> EDocToor, you didn't provide a single bit of info at all
<patdk-lap> you made a scarcastic comment, and nothing more
<patdk-lap> we can't help if we don't even know if you have an issue
<EDocToor> not at all... I am trying to be friendly
<patdk-lap> "OMG I was trying to install-configure-learn samba... and when I typed a couple commands ... sambas' error msg: Your to stupid for a computer, pack your computer up, put it back in the box, and bring it back to the computer store..."
<patdk-lap> that was friendly?
<patdk-lap> cause oviously, sambas' never said that
<EDocToor> of course... it was humor...
<EDocToor> an ice breaker so to speak
<patdk-lap> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<patdk-lap> if you can't follow that simple statement, well
<patdk-lap> this channel isn't for humor, there are other channels for that
<EDocToor> patdk-lap, you have a good eye... thanks your awesome
<mortrca> All of the tutorials I have found for setting up Kerberos talk about multiple servers in the configuration. Can anyone tell me if it can be done with one server and how that affects security?
<patdk-lap> is there any point in using kerbers for a single server?
<patdk-lap> the gains to using kerberos is mainly from having a centeral point of authentication, and using 1 server, you can already trust yourself
<qman__> I suppose if you plan on adding more servers later
<qman__> but there's nothing stopping you from running it on one server
<mortrca> patdk-lap and qman__, thanks for your input.
<guma> I was wondering if I am on 12.04 LTS and do distro upgrade. Will this move me to latest 13.04? Or just upgrades 12.04 to latest kernel updated beside packages?
<qman__> apt-get upgrade will only upgrade packages you already have installed; dist-upgrade will upgrade packages and add/remove additional packages to complete the upgrade; do-release-upgrade will upgrade to a newer ubuntu release version
<guma> qman__: Thank you :)
<No_one_at_all> Hi, anybody home?
<No_one_at_all> I am a complete idiot, and I've got a problem with a remote Ubuntu server which won't reboot
<No_one_at_all> Yesterday, some packages needed upgrading, so I did that, and then the MOTD when I re-logged in told me I needed to reboot the system.
<No_one_at_all> So I typed "reboot"
<No_one_at_all> And now the system isn't starting sshd or apache2. Any ideas?
<patdk-lap> are you sure you didn't do something like, reboot now?
<No_one_at_all> Yeah.
<patdk-lap> cause that won't reboot it, but will put it into single user mode
<No_one_at_all> Haw haw. I saw that.
<No_one_at_all> And supposing I had (although I know I didn't), how would one recover from that? I can do a netboot to a recovery image, but ..."reboot" doesn't seem to do anything...
<No_one_at_all> Like I said, I'm fairly certain I only typed "reboot". Wouldn't stake my life on it, but... y'know.
<patdk-lap> heh?
<patdk-lap> if you did that, it would need a powercycle, or someone local to reboot it
<No_one_at_all> I've got a remote hard-reboot, and tried that, but no dice
<patdk-lap> somethin else then
<No_one_at_all> Hmm.
<No_one_at_all> Any ideas?
<No_one_at_all> I'm stumped.
<No_one_at_all> How does one tell the server what runlevel to use on boot?
<No_one_at_all> I suspect this thing *is* going into single-user mode...
<qman__> ubuntu doesn't really have runlevels per se, upstart works different
<qman__> there's just single user "recovery mode" and normal
<No_one_at_all> huh.
<qman__> and that is determined by the options passed at boot time
<No_one_at_all> qman__: by lilo or grub or whatever?
<qman__> yes
<No_one_at_all> well... I can't figure why on earth it's booting into single-user mode
<qman__> it's more likely getting stuck with a boot condition
<qman__> such as asking you a question about a broken filesystem
<No_one_at_all> oh dear.
<qman__> if you can boot something else, do it and run fsck on all the filesystems
<No_one_at_all> Ok.
<qman__> grub might also have been broken somehow
<qman__> was grub one of the updates?
<No_one_at_all> Nope.
<No_one_at_all> dbus, and php-something
<No_one_at_all> some php-related upgrades
<qman__> no kernel update either?
<No_one_at_all> nope.
<qman__> ok
<No_one_at_all> It's got a raid setup... do I have to do anything special for that?
<qman__> you will have to assemble it in your alternate environment
<No_one_at_all> I mean, mdadm is detecting and assembling the raid perfectly fine...
<qman__> if it's mdraid that will be trivial
<qman__> ok, so it did it for you
<No_one_at_all> (in netboot)
<qman__> that's all that's needed
<No_one_at_all> ok, so I should run fsck
<qman__> yes
<qman__> the system could also be not assembling the array, but if the kernel didn't change, and the mdadm.conf didn't change, that's pretty unlikely
<No_one_at_all> Okee dokee then.
<No_one_at_all>  Here goes fsck.
<No_one_at_all> Oh, I did poke around through the logs, and found the boot.log file...
<No_one_at_all> ...in which it gives an error about starting the IPMI module(s)...
<qman__> that shouldn't halt the boot process though
<No_one_at_all> That's the last line, though
<No_one_at_all> or, wait... was it
<No_one_at_all> no, it wasn't, " * Stopping System V runlevel compatibility                              [ OK ]
<No_one_at_all> " was the next-to-last line, and then there's just "Starting"
<qman__> maybe that boot log was prior to this event?
<qman__> keep in mind it can only write to the boot.log if it can write to the filesystem
<qman__> so if the problem occurs before that, there won't be one
<No_one_at_all> Hmm. Yeah, you're probably right.
<No_one_at_all> Ok, fsck.
<TheLordOfTime> using rsync if i want to update the destination directory but not update the directory i'm rsyncing from (i.e. rsync /path/to/dir/1/ /path/to/dir/2/) , what arguments do I need to use?
<No_one_at_all> Alright, quick question...
<patdk-lap> thejoecarroll, depends on how you want to sync it
<No_one_at_all> fsck on raid: what's the best command.
<patdk-lap> -a normally?
<No_one_at_all> (raid 1)
<patdk-lap> fsck on raid?
<patdk-lap> you don't fsck raid
 * No_one_at_all facepalm
<No_one_at_all> Use mdadm?
<patdk-lap> you fsck filesystems
<patdk-lap> you can scrub a raid
<No_one_at_all> well, ok, it's an ext3 filesystem on a raid-1
<No_one_at_all> sorry.
<patdk-lap> you do scrub/consistancy checks on raids
<No_one_at_all> Wow am I in over my head.
<No_one_at_all> qman__: you home?
<No_one_at_all> qman__: well, I hope you read this in your scrollback: thanks for the advice on the server-startup issue; it was, indeed, fsck needing to be run on one of the partitions. Problem solved.
<No_one_at_all> qman__: I'd send you money, but I don't know where you live. :D
#ubuntu-server 2013-06-16
<Darkman802> I killed all of a user's processes and now it will not let that user log in through ssh with their pub/pri key pair. It says "No authentication method available"
<Darkman802> any ideas to what the problem could be?
<halvors> Hi! I' trying to setup ISC dhcp client to request a IPv6 prefix from my ISP using DHCPv6 Prefix Delegation, how do i do that? :)
<GH0> Hello, I was looking into apache2 so that I can proxy pass something, and found (unfortunately) that the latest version of apache2 that is hosted on the official repositories does not include Apache 2.4. Apache2.4.4 has been out for sometime, nearly 4 months). I was wondering when, if, or how is the best way to upgrade apache2 to apache2 2.4 with Ubuntu's official PPA.
<GH0> I am not sure if this exists in a backport or some testing build, but I would love to have it, as there are several modules that I need and would like updated.
<GH0> Apache2 2.4.1 itself has been out for nearly a year now.
<patdk-lap> gh0, heh? there is no apache 2.4 in debian, therefor not in ubuntu
<patdk-lap> why though, you would want to use 2.4, I have no idea though
<GH0> well if there are any guides on how to get specific modulesfrom 3.4.x to work with 2.2.x that would probably suffice. The modules are updated thatare updated for some things i use, that dont function with 2.2
<patdk-lap> heh?
<patdk-lap> wouldn't the issue be recompiling everything to work with 2.4?
<GH0> yeah, i typoed that. 2.4, i dont even try to spell check when i am on a tablet
<halvors> Hi! I' trying to setup ISC dhcp client to request a IPv6 prefix from my ISP using DHCPv6 Prefix Delegation, how do i do that? :)
<HelloWorld321> I loaded an anacron job; I ran anacron -T to test it, and got no response (which I think is 0, which means all okay); and then I ran anacron -n -f to get it to run now; but the /var/spool/anacron directory doesn't have an entry for my new anacron job.  How can I make sure it runs?
<GeorgeTorwell> can someone tell me if its possible to set up full disk encryption with Ubuntu server 13? I tried guided partitioning but it set up LVM encryption instead and I don't think that's what I want
<slyboots> Hrm...
<slyboots> Is there a way to see what sort of RAM you have installed in a Ubuntu server?
<slyboots> as in.. clockspeed
<lifeless> lshw
<slyboots> Ah DDR3 1333..
<samba35> i have install windows 8 as a guest on 12.04 now i do i access usb drive in windows
<RoyK> samba35: what hypervisor?
<samba35> kvn
<samba35> RoyK, how are you
<samba35> sorry kvm ,i mean
<RoyK> not sure how that can be done in kvm...
<samba35> no problem got it
<samba35> http://www.linux-kvm.org/page/USB_Host_Device_Assigned_to_Guest
<RoyK> ahki
<samba35> remember  me ?
<mattcen> lifeless, slyboots: Why would you use lshw when dmidecode is much more likely to be installed, and runs significantly quicker?
<slyboots> http://www.pcworld.co.uk/gbuk/components-upgrades/memory/desktop-memory-dimm/integral-pc3-10600-ddr3-pc-memory-8gb-dimm-ram-19713392-pdt.html - Man thats.. cheap..
<slyboots> Worryingly cheap
<mattcen> (Note that dmidecode's install priority is "important" while lshw's priority is "optional")
<bekks> slyboots: That noname RAM. I wont buy it.
<ogra_> mattcen, lshw is a dependency of ubuntu-standard and dmidecode needs a BIOS, not all HW has one :)
<slyboots> bekks: well its Intergral :P
<slyboots> But yea, its like Â£20 cheaper than any other brand heh :P
 * mattcen didn't pay enough attention to which channel he was in. Assumed this was #debian-something.
<mattcen> (lshw isn't default in debian)
<ogra_> :)
 * slyboots tries to remmeber "what happens if you mix RAM with different timings"
<slyboots> It drops down to the lowest speed right?
<slyboots> Uh.. speed not timing :P
<bekks> slyboots: Yeah, its Integral. As I said, noname :)
<slyboots> Well, some Kingston ValueRam stuff
<slyboots> :P
<bekks> Kingston ValueRAM is something else ;)
<slyboots> So Kingstone ValueRAM is an "OK" brand?
<slyboots> Can kit out the Microserver with a full 16Gb and.. hrm, another 16/32 in the SAN :P
<RoyK> slyboots: 32GB in the SAN? high traffic?
<slyboots> Zfs
<slyboots> Nono, Im not putting in 32gb
<slyboots> maybe 16
<RoyK> using dedup?
<slyboots> Nah.. well maybe on one of the smaller volumes
<slyboots> But its supposed to be like.. 1Gb her TB of data
<slyboots> So Im going to stick in .. 8gb as stock
<slyboots> then maybe another 8
<slyboots> DDR3 ram is.. pretty chepa though
<slyboots> its only about Â£100 for the 32gb total
<slyboots> (thats 16GB (2x8) for the microserver (esxi) and the rest for the SAN
<slyboots> Given what I've spend on a cockatiel this month.. its not a big deal :P
<slyboots> (pets are *fucking* expencive when they get sick x.x)
<RoyK> dedup is *very* hungry for memory (and L2ARC), so better test it outside production before implementing it
<slyboots> Aye, I've seen the dire warnings about not switching it on
<slyboots> tbh I might just not bother at all with it
<slyboots> For my use, the return would be pretty minimal
<RoyK> then don't use it :P
<GH0> What would be the best way to add the sid deb repository to ubuntu, so that I could use the apache2 2.4.x package on ubuntu? Or is this a terrible idea?
<Tm_T> GH0: shortly put: don't mess Ubuntu and Debian repositories
<patdk-lap> one thing about debian, you never touch sid
<GH0> Well, is apache2 2.4 in any of the testing or "unofficial" repositories? I found some third party PPA's, but saw that users were having some problems with them.
<patdk-lap> I have 2.4 in my ppa, I have no problems with it
<patdk-lap> but given the fact, your still asking these questions, or really, asking them at all
<patdk-lap> you are not skilled enough to solve the problems you will have attempting to use apache 2.4
<patdk-lap> you will end up causing a mess, that won't be simple to fix
<GH0> I really just need a couple of the updated modules from 2.4 installation. Since the current mod_proxy doesn't support websockets, and the 2.4 version of mod_proxy does.
<crimsonmane_> hello. first time ubuntu-server here. installed in a vm
<crimsonmane_> I don't know what I'm doing :) I've told it to install a mail server, dns, something else which i cannot remember, finished the install and rebooted. I'm at the command prompt and don't know what to do next. Is there documentation that gives some guidance?
<halvors1> Hi! I'm unable to get a default route for IPv6 with stateful DHCPv6 :( Anyone knows how? Is it a bug? Why hasn't this ben fixed?
<StevenR> halvors1: does the packet trace show a default route being provided by the DHCP server?
<bradley_> can anyone here help me with mysql?
<bradley_> i got a syntax error but i cant figure out whats wrong with  it
<bekks> So whats your sql statement then?
<bradley_> CREATE TABLE `virtual_domains` (
<bradley_>   `id` int(11) NOT NULL auto_increment,
<bradley_>   `name` varchar(50) NOT NULL,
<bradley_>   PRIMARY KEY (`id`)
<bradley_> ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
<bradley_> CREATE TABLE `virtual_users` (
<bradley_>   `id` int(11) NOT NULL auto_increment,
<bradley_>   `domain_id` int(11) NOT NULL,
<bradley_>   `7dda115831e0dec290a07b9cb9d6d762` varchar(32) NOT NULL,
<bradley_>   `brad@thatonecomputergeek.com` varchar(100) NOT NULL,
<bradley_>   PRIMARY KEY (`id`),
<bradley_>   UNIQUE KEY `email` (`email`),
<bradley_>   FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
<bradley_> ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
<bekks> Use a pastebin+
<bradley_> this is it
<bekks> Pastebin it. And never ever spam like this again please.
<brad100> sorry
<brad100> http://pastebin.com/MRwjmDGn
<brad100> mysql keeps telling me it has something to do with 'domain_id' and its a syntax error so am i supposed to replace it with some thing?
<brad100> on line 8
<halvors1> Will the accept_ra is set to 0 by default instead of 1 bug be fixed in ubuntu 12.04?
<halvors1> It does that i'm unable to use IPv6 with my server...
<andol> halvors1: How does a default setting prevent you from setting your own setting?
<bekks> halvors1: Which bug where? Whats that "accept_ra"?
<halvors1> https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1013597
<uvirtbot> Launchpad bug 1013597 in ifupdown "No default route for stateful DHCPv6" [Medium,Fix released]
<andol> halvors1: Ah, that bug refered to a bit of a more specific case than one could gather from your originat question.
<halvors1> Is it possible to set a interface to recive an address using dhcp, but assign a secondary ip address staticlly? :)
<bekks> halvors1: Thats called an "ip alias", and its possible, of course.
<petey> does anyone have a good CHROOT tutorial out there? something i can set up so my friend can tinker with SSH but only in his folder
<lenios> petey, i don't, but you're looking for a libpam-chroot tutorial
<lenios> and that should be easily findable with google
<petey> cool
<petey> thanks
<halvors> Is it possible to request a specific address from my isps dhcp server using Ubuntu server? Also request a preffered address? :)
#ubuntu-server 2014-06-09
<dustinspringman> dw1: thank you!
<Oplex> yo, anyone know of a software version of the fluke cable tester, for diagnosing bad connections
<dfg888> selling intim
<lordievader> Good morning.
<Cyberspirit> eeh
<Cyberspirit> gm
<Cyberspirit> its a shame tinfoil hat linux is no longer supported
<lordievader> Hey Cyberspirit
<cfhowlett> Cyberspirit have you an ubuntu question?
<sergey> I currently have a domain http://gweb.pp.ua. How can I add a subdomain? I'm using cloudflare and ipv6 tunnel to reach a home server in nat network
<samiux> sergey, you need to add the subdomain at the register
<samiux> *registrar
<samiux> sergey, you are running centos
<sergey> samiux: in subdomain I mean http://test.gweb.pp.ua. It should be added to httpd.conf, isn't it?
<samiux> no, you need to add in registrar cname also
<samiux> do release you url here with phpinfo here, it is danger, such as hacker
<sergey> samiux: yes, it is centos. I tried ubuntu-server, but I had freezes when tried to reboot system
<jdstrand> RoyK: use ufw delete on the last rule and ufw insert it in from of the other rule. you might want to look at 'ufw status numbered'
<jdstrand> s/from/front/
<RoyK> jdstrand: I did
<RoyK> jdstrand: works well
<jamespage> zul, wheel?
<zul> jamespage:  needed for newer six
<jamespage> \o/
<zul> glanceclient is ftbfs on trusty because it needs a newer six
<jamespage> zul, oslo messaging needs it as well
<zul> jamespage:  *sigh*
<fridaynext> anyone in here use sickbeard?
<rberg> fridaynext: yes
<fridaynext> rberg: I've just gotten around to trying to sort my downloads, and i'm having an issue where it's trying to process them twice.
<fridaynext> http://pastebin.com/raw.php?i=6XxcStfB
<fridaynext> https://lh6.googleusercontent.com/-mOzrYxCtvaI/U5W-RvgeLuI/AAAAAAAAGm8/ch0Uic1uRMc/s800/Screen%2520Shot%25202014-06-09%2520at%25209.01.34%2520AM.png
<fridaynext> https://lh6.googleusercontent.com/-ZT0Mjge_cJE/U5W-MzaNLWI/AAAAAAAAGm0/JCwUBLZYbYQ/s800/Screen%2520Shot%25202014-06-09%2520at%25209.00.53%2520AM.png
<fridaynext> Can you see anything I'm doing wrong here?
<rberg> fridaynext: it looks like you are moving the file into the same directory SB is processing from.
<fridaynext> rberg: when i have my downloads folder separate from the folder the file is moved into, it renames the file, then renames it back to the original name when it's moved into the new location.
<hallyn> ahs3: hi, had any time to look at netcf?
<coreycb> jamespage, zul, I'm starting on ceilometer packaging for openstack icehoue 2014.1.1
<fridaynext> rberg: ah, I think it was because I had TV sorting enabled in sab.
<davidwebb> My APC doesn't seem to work very well.  I can see that it's full up on power, but when the power goes off, my Ubuntu 12.04 Server still shuts down.  How can I troubleshoot what's causing this?
<patdk-wk> two issues :)
<patdk-wk> make sure your apc is wired correctly, and it's settings are right
<patdk-wk> second, make sure the apc daemon is configured correctly
<patdk-wk> normally you have a few options, like, shutdown on power loss, shutdown 5min after lower loss, shutdown on low battery
<TJ-> davidwebb: "shutdown" or immediate power loss?
<patdk-wk> normally shutdown on low battery isn't desired
<davidwebb> immediate power loss
<shauno> and watch out for which physical outlet you're using on the UPS.  on soho units, they're not all created equally.  some are surge-protection only (no battery backup), some have 'eco' modes where the outlets won't power unless a 'master' socket is drawing current, etc
<patdk-wk> ah, with that, ya, could be more issues :)
<davidwebb> http://pastebin.com/raw.php?i=KmVEn8mc
<davidwebb> It's a BN700MC APC unit, and I have it plugged into a Belkin three-port Surge protectore, b/c I read that the UPS itself does not offer good enough surge protection.
<davidwebb> But the battery is at 100%, so even if the Belkin shuts off, the APC should still be running, right?
<patdk-wk> sure
<patdk-wk> but the computer would only be if it's plugged into the battery port
<patdk-wk> also, disconnect your serial/usb cable, and test it
<davidwebb> It is plugged into the battery port.
<davidwebb> patdk-wk: what difference does that cause?
<shauno> if there's a socket marked 'master', make sure you're using it.  if there's a green button, or a button with a green leaf, read the manual and find out how to turn 'eco' off
<TJ-> davidwebb: Does the APC have two types of outlet, 1 set for just  for surge protection and another for battery backup?
<patdk-wk> davidwebb, make sure it's a ups issue, or a computer issue
<davidwebb> patdk-wk: ah.
<patdk-wk> if you remove the serial/usb cable
<TJ-> davidwebb: My bet is you've plugged into the surge protected outlets, apparently it has 4 of each type
<patdk-wk> and computer goes off, ups issue, if it stays on, computer issue
<davidwebb> TJ-: well i'll feel like a coontz if that's the case. let me go check.
<shauno> what do the lights on it (ups) do when it 'goes off' ?
<davidwebb> TJ-: you're a f***in genius, and i'm an idiot.
<davidwebb> plugged into surge only.
<davidwebb> THANK YOU.
 * TJ- grins
<sarnold> :)
<TJ-> davidwebb: No, I can just read the manuals :)
<davidwebb> :) well, there's that.
<davidwebb> I did turn the beeper off months ago, which is nice.
<TJ-> davidwebb: Your description of the problem made it pretty obviously, really, you'd just got tunnel vision
<davidwebb> well we're in the middle of a crazy lightning storm, and the light keeps flickering, so i'm sure I'll be able to test this without getting up again in the next couple minutes
<davidwebb> I kept thinking I would need to get the latest NUT and build it from source, or that something rogue was wrong.
<davidwebb> But I remember looking down at the UPS a couple months ago and thinking "Well those two outlets look more "important" than all the others! I'll plug the NAS in there!
<davidwebb> "Controlled by Master" is definitely not the same as "Master"
<shauno> if it has the 'master' stuff going on, it can be disabled.  it's a nice touch for desktops (eg, have your printer etc power off when you shut your PC off).  it's pretty much the opposite of what you want for server/network/etc
<davidwebb> I see.  I'd actually prefer the printer to stay on, as I wireless print stuff to this station (sort of a shipping desk).
<shauno> that one's just a personal beef because I hit it too often.  one machine in the master, one machine 'controlled by', and it's a game to see which powers down first
<davidwebb> Yeah.
<davidwebb> and btw - this was me when I saw what port I was plugged into http://www.reactiongifs.us/wp-content/uploads/2013/09/fucking_idiot_arrested_development.gif
<coreycb> jamespage, zul: cinder started
<coreycb> zul, jamespage: https://code.launchpad.net/~corey.bryant/cinder/2014.1.1/+merge/222525
<zul> coreycb: why did you drop the fix-requirements.patch?
<jamespage> coreycb, I was about to ask the same thing
<coreycb> zul, jamespage: rtslib wasn't in requirements.txt - unless I screwed that up
 * coreycb checks upstream
<zul> im pretty sure it is :)
<zul> line 25
<coreycb> zul, hmm yeah.. alright redoing
<coreycb> zul, jamespage: when I "debcheckout -a cinder", requirements.txt doesn't have rtslib
<coreycb> I see it upstream, just not when I debcheckout
<zul> coreycb: ack
<coreycb> zul, is that expected?  I didn't think the patch would have been applied already
<zul> coreycb: it should have, i still do bzr branch lp:~ubuntu-server-dev/cinder/icehouse though so im not sure whats up with debcheckout
<coreycb> zul, I guess I'll go with your process for now
<jamespage> coreycb, when you debcheckout, the patches will be applied to the upstream tarball
<jamespage> you should see that happen
<coreycb> jamespage, I don't remember it happening that way.. I thought patches were applied when you ran pbuilder
<coreycb> or bzr bd -S maybe
<coreycb> jamespage, zul: https://code.launchpad.net/~corey.bryant/cinder/2014.1.1/+merge/222525
<zul> coreycb: commented
<coreycb> zul,  thanks
<zul> hallyn:  i have libvirt 1.2.5 building now...ill put it in a ppa
<hallyn> zul: rockin', thanks
<hallyn> zul: btw, i have fully working libvirt with cgmanager at ppa:serge-hallyn/libvirt-testing;  but it'll probably take some patch porting to 1.2.5, so i'll do that port myself after we submit the base 1.2.56
<hallyn> s/6//
<coreycb> zul, jamespage: updated per zul's comment - https://code.launchpad.net/~corey.bryant/cinder/2014.1.1/+merge/222525
<zul> coreycb: +1
<zul> hallyn:  okies
<coreycb> zul: ty - only a few more to go :/
<coreycb> zul, jamespage: starting cinder
<coreycb> zul, jamespage: I mean, glance
<coreycb> zul, jamespage: heat started
<coreycb> zul, jamespage: https://code.launchpad.net/~corey.bryant/ceilometer/2014.1.1/+merge/222542
<coreycb> zul, jamespage: https://code.launchpad.net/~corey.bryant/glance/2014.1.1/+merge/222543
<coreycb> zul, jamespage: starting horizon
<coreycb> zul, jamespage: https://code.launchpad.net/~corey.bryant/horizon/2014.1.1/+merge/222546
<coreycb> zul, jamespage: keystone started
<coreycb> zul, jamespage : https://code.launchpad.net/~corey.bryant/heat/2014.1.1/+merge/222551
<tych0> ah
<coreycb> zul, jamespage: https://code.launchpad.net/~corey.bryant/neutron/2014.1.1/+merge/222561
<coreycb> zul, jamespage: https://code.launchpad.net/~corey.bryant/keystone/2014.1.1/+merge/222569
#ubuntu-server 2014-06-10
<z1haze> hello! could someone answer a few questions for me, and possibly help me out? Im a server owner, but I have little experience doing so; I had help setting up the server as it is, and everythin works great, except for the fact theres no actual ftp server installed on it. The server is setup with password authentication disabled and uses ssh keys, but now I am going to be required to install an ftp server on it, due to a control
<z1haze> panel for a gameserver that includes ftp.. what would be the easiest way to do this?
<z1haze> basically, if the password authenticaion is disabled, is that serverwide or is is that user specific? is it possible to have ftp logins without password authentication? I know it works with keys because i use filezilla that way, but the game-server control panel have ftp as part of the interface, and thres no where to setup ssh keys
<histo> z1haze: it sounds like password authentication is disabled for ssh... That is not system wide e.g. if you installed an ftp server you could login via ftp using a password
<z1haze>  oh ok great!
<z1haze> thats awesome, so i just install vsftp like normal, do i have to create separate usernames or do i login with my ssh usernames?
<sarnold> z1haze: oh man; ftp is a horrible protocol and all the servers are likewise horrible. are you sure you have to use ftp?
<sarnold> (maybe that's unfair to the servers; the server authors did what they could, but the protocol is truly gross.)
<z1haze> well i want to use sftp but i dont think i can
<z1haze> what do you suggest
<z1haze> sarnold: here the the cpanel im installing http://www.multicraft.org/site/index
<histo> z1haze: why do you thihnk you need ftp?
<z1haze> because it uses a built in ftp server
<histo> z1haze: so you don't have to setup ftp if it's builtin
<z1haze> to be able to add/remove plugins
<z1haze> yea i realized that after the fact
<z1haze> im just new and dont feel comfortable jumping into things i liek to get an experienced opinion beforehand
<histo> z1haze: you may want to test how secure their stuff is before your box gets owned
<z1haze> true, its the largest cpanel for minecraft though, all of the major hosting companies use them
<sarnold> restricting access to just your ips might be a worthwhile thing to do; most web-based control panels are horrid.
<histo> z1haze: a lot of people use windows also
<histo> doesn't make it safe
<z1haze> i absolutely get where you're coming from
<z1haze> but i wouldnt know the first step to do about seeing if its secure, as far as testing
<z1haze> i just use it to host game-servers really
<histo> z1haze: make sure you consult the documentation the stuff like delete teh install.php as soon as everything is working is very important
<z1haze> oh yea im following their docs exactly
<z1haze> the setup.sh is very detailed
<Sachiru> Query: Anyone every know of software that watches your DNS service on the server and logs which IPs ask for certain addresses?
<Sachiru> I'd like to track who's browsing por... tals for accounting experts on our network (and yes I know this is not a 100% foolproof system, what I'm asking for is basic logging/monitoring for beancounters, not something to track a person who is dedicated to having himself not tracked.
<sarnold> Sachiru: first I'd check your dns server for logging levels, you may be able to turn up logs and get the info you want from there; you could probably also write a filter for tcpdump, or get close, and do the rest with grep. if you've got a host in the middle, ntop or iftop or similar may be able to get you there
<z1haze> sarnold: i ran into an error after installing: its on the web panel  end now.. the install.php gave me a CException for application runtime path not valid make sure the directory is writable by the web-server process
<z1haze> i have the entire folder owned by username:www-admin
<z1haze> is that not right?
<sarnold> z1haze: not www-data?
<z1haze> no, i checked the previous sites that were already there, they're all owned by my username:www-admin
<z1haze> should that be switched to all www-data ?
<z1haze> i didnt setup the initial web-servers so how would i find out what they SHOULD  be owned by
<sarnold> z1haze: probably your webserver is running as the 'www-data' user, and probably there's no supplmentary groups..
<z1haze> can i check that somehow?
<sarnold> z1haze: ps auxw | grep apache  or ps auxw | grep nginx -- depending..
<z1haze> the whole thing indcluding depending.. ?
<z1haze> oh duh i get it
<z1haze> should i pastebin results?
<sarnold> z1haze: just look for the user column in the output
<z1haze> http://pastebin.com/J2Wz7R26
<sarnold> (you can pastebin it if you want...)
<sarnold> yeah, www-data
<z1haze> where do you even see that though?
<z1haze> so would it be ok if i did like chown www-data:www-admin since my username is part of the www-admin group i will still be able to edit stuff
<z1haze> yay i did it! thanks so much sarnold, on to the next step!
<sarnold> z1haze: the first column of output is the userids of the process; root and www-data -- the root-owned apache process doesn't handle web traffic, it opens the port and then keeps track of the other children...
<sarnold> z1haze: so the www-data owned processes actually handle requests.
<z1haze> i get it now
<sarnold> (I truly hate the web server user account actually owning files, but that's a rant for another day.)
<z1haze> although i did have afailure on the next step: failed the system security check: he first column of output is the userids of the process; root and www-data -- the root-owned apache process doesn't handle web traffic, it opens the port and t
<z1haze> what does that even men
<sarnold> z1haze: from your ps auxw output :)  http://pastebin.com/J2Wz7R26
<z1haze> you've lost me
<z1haze> should i just remove the www-data from the .htaccess file?
<sarnold> nah feel free to ignore me :) hehe
<z1haze> im sorry im not trying to be rude and ignore u i dont didnt understand
<z1haze> the suggested solution is the change the AllowOverride None to AllowOverride All for the sites-enabled
<z1haze> is that a good fix/
<sarnold> z1haze: oh, I know you're not being rude :) just my explanation might not have actually made anything more clear for you, but that's okay -- eventually it'll make perfect sense, but there's no big problem if I don't make sense today :)
<z1haze> so how to i fix this error im getting?
<sarnold> z1haze: it's probably better if you can find out which specific directives you need to all .htaccess files to override, but if this webserver only does your game, it's probably fine.
<z1haze> yea well, it hosts game-servers and web-server
<z1haze> I think i see in the sites-enabled where to edit the AllowOverride None to All.. is that ok for me to do?
<sarnold> probably fine
<z1haze> i dont know what that does
<z1haze> could you kinda tell me what its actually doing?
<sarnold> it lets the .htaccess file override apache settings for specific directories
<sarnold> see the whole help at http://httpd.apache.org/docs/current/mod/core.html#allowoverride
<sarnold> apache's help can be .. pretty dense. but it is very thorough.
<z1haze> the only apache i have experience with is the one i flew for 6 years :\
<sarnold> talk about complicated :D
<z1haze> easy peasy
<sarnold> nope -- my head turns inside out trying to grok the collective :D
<z1haze> oh u fly?
<sarnold> nope :)
<sarnold> but man I loved helicoptors as a kid...
<z1haze> yea me too, was my dream, i actually enlisted as a crewchief for the apache, then dropped a packed to become a pilot 1 year or so after iwas in
<sarnold> nice :D
<z1haze> sarnold: do you know stuff about database too?
<z1haze> another small hiccup ive run into: Error querying user table: CDbCommand failed to execute the SQL statement: SQLSTATE[42S02]: Base table or view not found: 1146 Table 'multicraft_panel.server_config' doesn't exist. The SQL statement executed was: select count(*) from `server_config`
<z1haze> during the setup
<z1haze> the database seems to not be initialized how do i initialize it?
<sarnold> z1haze: hopefully the install guide included some mention of a tool to run to populate the tables
<z1haze> ur a smart man: it did i just didnt go far enough
<sarnold> hehe, I just figured no one would use it if they had to populate the tables by hand :)
<z1haze> makes sense, how long have you been in this game?
<sarnold> I've been using linux since 1994
<z1haze> theres a tick asking me if i want to enable the multicraft api? what reason would i do this?
<sarnold> probably if you use some clients like a phone app to manage the server..
<sarnold> (that's a wild guess)
<z1haze> would that be like custom stuff?
<z1haze> oh btw, it says the integrated ftb is net2ftp
<sarnold> probably the android app store has a dozen of them or something? :) heh
<z1haze> How can i check if MySQL PDO support is enabled on my server?
<sarnold> z1haze: check '"pkg -l 'php5-mysql*'" output
<z1haze> sarnold: im in big trouble i cant seem to figure this out
<sarnold> z1haze: iirc both php5-mysql and php5-mysqlnd work...
<z1haze> im getting db conn error
<z1haze> when trying to use the plugin search thing
<z1haze> sarnold: Error 500
<z1haze> CDbConnection failed to open the DB connection.
<z1haze> what do i actually type form that command?
<z1haze> i typed '"pkg -l 'php5-mysql*'" and its just frozen now
<sarnold> z1haze: leave off the " quotes
<z1haze> but you have the first " inside the ' and the second one outside
<z1haze> is it this? 'pkg -l 'php5-mysql*'
<sarnold> the ' quotes around 'php5-mysql*' keeps bash from expanding the php5-mysql* glob into matching files, if you have any files in your current working directory named php5-mysql(something)
<z1haze> so is it like this then 'pkg -l 'php5-mysql*'
<z1haze> because nothing happens when i do that
<z1haze> is just freezes
<z1haze> i also tried pkg -l 'php5-mysql*' and it says no cmd pkd found
<z1haze> pkg*
<[lutchy]> hmmm
<[lutchy]> What PHP program are you using that give you DB Conn error
<sarnold> dpkg
<[lutchy]> hmmm
<z1haze> ok that worked
<z1haze> http://pastebin.com/n6Z6DV9A
<z1haze> im using multicraft its a hosting control panel for minecraft servers
<z1haze> and it gives the error when trying to acces bukget which is the plugin installer
<[lutchy]> I am confused, when did dpkg have DB conn error ? I have to say I am new at that
<z1haze> im trying to get to use the plugin installer and it tells me this Error 500 CDbConnection failed to open the DB connection
<z1haze> then the troubleshooting page says Your PHP installation needs MySQL PDO support, please check that this core extension is enabled
<[lutchy]> So I assume you are you suing Ubuntu Server version ?
<[lutchy]> s/suing/using/
<z1haze> 12.04 lts
<z1haze> lol wow, nice one that correction
<[lutchy]> The way I've seen PHP PDO is packages
<z1haze> how to i enable the pdo support?
<[lutchy]> At least for openSUSE, 'sqlite PDO' is installed by default
<z1haze> im using mysql
<[lutchy]> With 'mysql', you simply install php5-mysql (which should include the MySQL extensions and the PDO version as well)
<z1haze> do i ened to like install sudo apt-get install php5-sqlite?
<z1haze> ok well
<[lutchy]> No,
<z1haze> i guess i need to enable the extension then?
<[lutchy]> NO, I think the error might have been misleading
<z1haze> The BukGet browser uses a temporary SQLite database to cache the plugin list. Make sure your PHP installation supports the PDO SQLite extension, it is required for this feature
<sarnold> hah, it requires both mysql and sqlite to function? o_O
<[lutchy]> Again, depends how Ubuntu packages things... I would think that 'sqlite pdo' was included on default
<z1haze> well what else would make that happen
<z1haze> i just need to enable that extension i think i just dont know how
<[lutchy]> It could have been, some applications, where you can choose a DB backend
<z1haze> yea i choose mysql because thats what i have
<[lutchy]> So, have SQLITE and MYSQL requirement is not unheard of
<z1haze> is the php.ini file i need to look at in the /etc/php5/cli?
<sarnold> [lutchy]: not much is installed by default; everything is just a quick apt-get install away :)
<z1haze> guys :( how can i get this going?
<[lutchy]> Right
<[lutchy]> So, I think the error is misleading
<[lutchy]> You can run 'phpinfo()'
<sarnold> z1haze: try apt-get install php5-sqlite
<[lutchy]> be that with that and know for sure what php is loaded with
<z1haze> ok ive done that sarnold
<[lutchy]> Just create a simple php script in your document directory of your sever, make sure to start with a start tag
<sarnold> z1haze: okay, restart apache and try again :) if it doesn't Just Work, try [lutchy]'s phpinfo() suggestion
<[lutchy]> With phpinfo()
<[lutchy]> It's easier to read what's enable in PHP
<[lutchy]> Than php -r 'phpinfo()'
<z1haze> ok im not familiar with that what [lutchy] said, and unfortunately it did not fix it
<[lutchy]> Alright... I walk you through it... though... I am not sure what application you are using but to do that
<z1haze> application for what
<z1haze> i am just using putty
<[lutchy]> You don't get the basics of a 'application'
<sarnold> [lutchy]: he's installing http://www.multicraft.org/site/index
<[lutchy]> Let me look at it
<[lutchy]> If I find it fun, I might create a VM and test around
<z1haze> how do i simple enable that extension that its telling me
<[lutchy]> If you don't know what you doing, that lease to more questions
<[lutchy]> Personally, I don't think enabling that extension, is going to solve that problem as simply you thin it is...
<z1haze> thats what the help says though
<[lutchy]> Because software is clear what went wrong
<z1haze> http://pastebin.com/3tDuYSkS
<z1haze> http://www.multicraft.org/site/docs?view=troubleshooting#20
<z1haze> this is exactly my problem
<z1haze> they have atroubleshooting link just for it
<z1haze> i dont get it
<[lutchy]> What part you don't get
<[lutchy]> I am sure people will help with that
<z1haze> the fact that its saying in that link i just posted to enable some pdo
<z1haze> how do i just enable what i need man? Im tired i really need to get this up and i hve to work in the morning
<[lutchy]> You should figure that out yourself... it's very simple if you do enough research how PHP works
<z1haze> ive been trying for hours now ok
<z1haze> i really could just use a hand on it
<[lutchy]> With PHP
<z1haze> if you know, please just lend a hand
<[lutchy]> You have modules that enables a feature
<[lutchy]> DBConn error doesn't sound like you missing a feature
<[lutchy]> It's more like the program failed to connect to a DB
<z1haze> did you look at that page i just linked http://www.multicraft.org/site/docs?view=troubleshooting#20
<z1haze> "The BukGet browser shows an error with the database connection"
<[lutchy]> When you have database connection error, it's like the software can't connect to the DB
<z1haze> ok?
<[lutchy]> There are so many reasons why it may fail..
<sarnold> sadly that page is nearly useless -- there's lots of reasons why it mail fail, and that shows none of them.
<z1haze> so what do i do
<[lutchy]> 1) The Database is not running on the port that the software is trying to connect to
<z1haze> is there a place i can check what port my database is on
<[lutchy]> no...
<z1haze> god. it seems your witholding when you respond
<[lutchy]> sarnold, the directions are horrible ?
<z1haze> its like u know the answer but u wont say it, just stringing me on, its been hours i really need this fixed and i hope you can help
<z1haze> if you cannot help i will be on my way, just pleast let me know one way or another
<[lutchy]> NO.. I don't know why you would think that in the first place
<[lutchy]> I don't own a minecraft sever and I don't know why you think people would have an answer to that
<z1haze> i didnt say you did, but as for reasons it wont connect to the database, thats pretty standard right
<sarnold> [lutchy]: yeah, poor -- they could have had specific error messages with specific mediations. they gave a blanket solution for a vague problem
<z1haze> what should i even do then
<[lutchy]> That's what I thought, the error was misleading
<sarnold> z1haze: check error logs from mysql? php? apache? dunno. i've managed to avoid dealing with php for as long as I could :)
<[lutchy]> << likes php
<z1haze> [Mon Jun 09 22:09:33 2014] [error] [client 192.99.20.118] client denied by server configuration: /home/www/multicraft.terminus-mc.com/www/protected/data/daemon/schema.mysql.sql
<[lutchy]> wow
<z1haze> im assuming thats it
<z1haze> but how do i fix it
<sarnold> hey! now that's something :)
<z1haze> what do i do though? im still not understanding
<[lutchy]> right srnold
<sarnold> z1haze: check your configs .. some details.. http://httpd.apache.org/docs/2.2/howto/access.html
<z1haze> so i need to open the sites-enabled file?
<[lutchy]> I hate people who think people should guess there problems, granted that people can be smart and withhold , that's not an issues if you don't know what a 'software' is
<[lutchy]> uggg
<z1haze> then we move to belittle people i guess
<[lutchy]> Knowing what it is will solve so many issues... I've been on Windows Forums
<z1haze> im sorry i havent spent my life behind a computer screen [lutchy]
<sarnold> cmon [lutchy], he's here to learn, same as the rest of us.
<[lutchy]> They usually give 'blanket' solutions
<[lutchy]> I want him to learn
<[lutchy]> I really stress that..
<[lutchy]> It's people like you that I don't like people who are asshole treat people like you.. I am being very forward
<sarnold> that's a good goal :)
<z1haze> who are you calling an asshole? lol
<[lutchy]> I guess you don't get it
<sarnold> I certainly don't :)
<z1haze> sarnold: my host file shows this http://pastebin.com/gdk6qPTq i dont know if thats the same thing but from looking at the access control page its similar
<[lutchy]> 'I don't like people who are asshole treat people like you'
<sarnold> [lutchy]: ahhhhh.
<z1haze> speak english?
<z1haze> was odd i dont have any deny in this host fire
<z1haze> file*
<[lutchy]> I might have missed a comma
<[lutchy]> Yeah, I missed a comma after 'that'...
<[lutchy]> It's grammar I have issue with sometimes...
<z1haze> so the file is within my directory ive set, theres nothing that says deny, it says allow from all.. why would the server configreject it
<sarnold> z1haze: oh! try removing the final '/' at the end of the <directory> line
<sarnold> z1haze: <Directory /home/www/multicraft.terminus-mc.com/www>
<z1haze> alright
<z1haze> that did it
<z1haze> man :( something so silly
<sarnold> damned apache
<z1haze> so why does that trailing / cause all that
<sarnold> I wasted two hours on that one a month ago.
<z1haze> no kidding?
<sarnold> yup.
<sarnold> friendly dude in #apache guessed blindly and got it on the first try :)
<z1haze> well im glad you had been there done that haha
<z1haze> it seems like its just "one of those things"
<[lutchy]> Probably...
<[lutchy]> I am glad you have a better understanding
<z1haze> well thank you for your help i really do appreciate it
<sarnold> is it up and running? :)
<z1haze> yessir
<sarnold> \o/
<z1haze> its not seeing all my current plugins but ill figure that part out
<[lutchy]> I have to admit, that I am black, and the way I talk to black people... certain individuals
<[lutchy]> It may get in the way how I type online....
<[lutchy]> btw... I hate Apache.. I use Lighttpd on all over my servers.. it's much easier to config...
<[lutchy]> Doh, it lack few features "-p :)
<sarnold> yeah, I prefer nginx, not that I know it any better..
<[lutchy]> nginx ?
<[lutchy]> That's worst
<[lutchy]> I don't think nginx is an actual 'WebServer'
<[lutchy]> sarnold, I was a bit curious about your opinion
<sarnold> [lutchy]: yeah?
<[lutchy]> nginx is shitty.. so ?
<sarnold> [lutchy]: nah, I liked the code quality of the nginx server -- clean error handling, superb formatting functions that work better than working around the C standard functions, nice modular design
<sarnold> [lutchy]: granted the chunked encoding had a few problems, but nearly every server's chunked encoding implementation has had problems
<[lutchy]> That's how you make your decision
<[lutchy]> OK
<[lutchy]> Personally, well written code doesn't help me if it's to complex to configure ...
<[lutchy]> I understand your point of view... security ...
<sarnold> :D
<[lutchy]> I care about security as well as I care how easy it will be to implement it...... you input does help ")
<Macer> are there no free usenet servers nowadays? :/
<Macer> for an actual exchange of information not for alt.bin.awesomepiratestuff.0day.sweden ?
<sarnold> gmane..
<Macer> ah ok. so is this just the stuff that isn't related to piracy? i just wanted to subscribe to stuff like actual ubuntu newsgroups like the days of yore
<Macer> and i don't care much for forums :)
<sarnold> yeah, the closest thing is probably the ubuntu-blah email lists, or askubuntu.com.
<sarnold> neither quite like the old usenet :(
<Macer> no it is not.. but it seems because of the rampant piracy.. usenet is all but dead on the free exchange of information side
<Macer> it's all commercialized piracy nowadays :) i just want a good usenet subscription
<Macer> comcast killed their usenet server a long time ago :/
<Macer> so ic an't use the local comcast one anymore
 * [lutchy] reads
<Macer> sarnold: you can use the gmane stuff in a usenet reader?
<Macer> like thunderbird or something? looks like they should have some sort of ubuntu group to subscribe to
<sarnold> Macer: see e.g. http://dir.gmane.org/gmane.linux.ubuntu.devel.changes.gutsy
<sarnold> (randomly picked list..)
<Macer> http://johnbokma.com/mexit/2005/01/14/gmane-mail-to-news.html
<Macer> there you go... that has instructions on how to do it .. nice.. thanks so much :)
<sarnold> have fun :) bedtime
<[lutchy]> It's funny, I don't know if it's the timing, there's actually content to read
<pcn> Is this the right channel to ask about the cloud images?
<pcn> I'm trying to get the trusty cloud image ova imported into either virtualbox or vmware fusion, and both break
<[lutchy]> If it's based on Ubuntu Server.. sure...
<pcn> It's a server image, indeed.
<sarnold> 'ova'? ( I know I said bed, but.. i'm curious :) -- I don't see any .ova files at http://cloud-images.ubuntu.com/trusty/current/
<pcn> Whoops, ovf
<pcn> I'm trying to get to making an ova via import and export and some automation.
<pcn> It's failing at the get-go
<[lutchy]> sarnold, if you go to bed, I am going to hunt you in your sleep
<sarnold> [lutchy]: good luck :) I'm a big guy and I'm good with knots
<[lutchy]> I am good with aliens to do my bidding.. end...
<pcn> Does anyone know how canonical creates the .ovf files?
<[lutchy]> From I what I read, it's a standard
<sarnold> pcn: utlemming or smoser may be able to help when they arrive; not sure what timezones they're in, but it may be a little while..
<[lutchy]> he was smoking something ^^
<[lutchy]> He can clarify later
<[lutchy]> I think, it's better to explain, from I read.. Only VirtualBox support that format
<[lutchy]> Don't you still need VDH.. The Virtual Disk that hold the data
<[lutchy]> What Virtual Solution are you using ?
<[lutchy]> I just read sarnold, las comment, I guess those people can offer more infor
<[lutchy]> Does VMWare even support OVF ?
<pcn> [lutchy]: you can use qemu-img to convert the disk format
<[lutchy]> Well, you did say it beak
<pcn> [lutchy]: the problem I'm having is that most of the productsection's properties don't seem to be getting to cloud-init, and so e.g. no ssh key, no user password set, etc.
<pcn> No ssh pubkey is getting installed, I mean
<pcn> And trying to import the ovf into vmware fusion, or convert it using vmwares ovftool, results in both (ovftool and vmware fusion gui) complaining about syntax that appears to be valid according to the spec
<pcn> So... fun
<[lutchy]> Seem like you giving yourself to much headache
<[lutchy]> If I may...
<[lutchy]> I would create a format both understand very well
<[lutchy]> I would make original copy, then split into copies.. I am not sure that would be efficient but that's what I what I would do
<pcn> That suggestion is not going to help me at the moment.
<[lutchy]> It doesn't hurt me.. I hope you get better help
<pcn> Thanks
<Macer> sarnold: gmane.org was perfect. thanks :)
<Macer> i already set it up in thunderbird. works like old school usenet.
<lastarms> Does anyone know how to patch the add-apt-repo problem on 12.04?
<lastarms> Does anyone know how to patch the add-apt-repo problem on 12.04?
<histo> lastarms: do you have a link to the patch?
<YamakasY> hi guys
<YamakasY> anyone some tips about autofs a webdav share with ldap credentials ?
<lastarms> histo: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/968756
<uvirtbot> Launchpad bug 968756 in software-properties "apt-add-repository fails while adding ppa if signing_key_fingerprint does not exist" [Medium,Fix released]
<histo> lastarms: download the patch and use the patch command to fix the ppa.py  so 'patch /path/to/ppa.py < patch.file
<pmatulis> morning
<lastarms> histo: wow... you just made me feel so dumb...
<YamakasY> man I need autocompletion!
<lastarms> histo: sorry, what do you mean by /path/to/ppa.py
<histo> lastarms: find that ppa.py file the patch is made for it's part of the package you are having an issue with
<histo> lastarms: locate ppa.py   should show you the path
<lastarms> histo: the patch is supposed to be for pycurl
<lastarms> https://bugs.launchpad.net/ubuntu/+source/pycurl/+bug/1063350
<uvirtbot> Launchpad bug 1063350 in pycurl "curl corrupts floating point context" [Medium,Triaged]
<lastarms> sorry, I think I gave you the wrong site
<lastarms> it's #11
<histo> lastarms: let me check that one
<histo> lastarms: yeah same file has the issues
<histo> lastarms: it's patching ppa.py
<lastarms> locate ppa.py comes up with nothing
<histo> lastarms: I show it in /usr/lib/python3/dist-packages/softwareproperties/ppa.py
<lastarms> histo: I don't have that...
<lastarms> histo: I guess I'll just downgrade it then... too much time spent on this...
<histo> lastarms: find / -name 'ppa.py' 2>/dev/null
<lastarms> /usr/share/pyshared/softwareproperties/ppa.py
<lastarms> /usr/lib/python2.7/dist-packages/softwareproperties/ppa.py
<lastarms> I'm guessing the one in lib
<histo> lastarms: most likely
<histo> lastarms: you could diff them and see if they are different
<histo> lastarms: find / -name 'ppa.py' 2>/dev/null | xargs diff
<lastarms> histo: patch: **** Only garbage was found in the patch input.
<lastarms> histo: nvm i did something stupid
<histo> k
<lastarms> histo: yup, that seemed to have worked allright. Thanx for your help!
<histo> lastarms: np anytime
<Voyage> the 65000 port limit on a machine is a hardware limit? if yes, if I have a VPS one a machine and one that machine there are 3 more vps hosted. I will get shared number of ports and not 65000 ?
<rbasak> Voyage: it's a protocol limit. However if you give each VPS its own IP address, then you won't hit that restriction.
<rbasak> (but if you do NAT, then you will depending on how you use it)
<Voyage> rbasak,  so its 65000 ports for http , and 65000 ports for some other protocol . e.g xmpp?
<Quoexl> anyone home?
<Quoexl> all night long I had a chinese fellow trying to hack my ssh
<rbasak> Quoexl: finding that people are trying to bruteforce your ssh is pretty common.
<cfhowlett> Quoexl and presumably he failed - which is good!
<rbasak> Just make sure that you don't use password auth (or if you do then all possible logins have secure passwords)
<Voyage>  whats the max number of ports a machine can have opnned up?
<Quoexl> 65536
<Quoexl> I use 26 digit pass-sentences
<ikonia> so why the concern ?
<ikonia> you know it's being attacked, follow your standard white hat practices and secure the box/ignore the threat
<Voyage> Quoexl,  the 65000 port limit on a machine is a hardware limit? if yes, if I have a VPS one a machine and one that machine there are 3 more vps hosted. I will get shared number of ports and not 65000 ?
<rbasak> Just make sure that you don't have some login available that you don't know about. I use "AllowUsers" to whitelist ssh logins.
<ikonia> (as you said you where a white hat security professional) this should be school boy basics
<Quoexl> not really concerned, I threw up sshguard just in case
<Quoexl> no I said I am a white hat from wayback
<ikonia> right, so that is a security professional
<Quoexl> well, people do pay me to do it
<ikonia> so you should be able to manage this standard attack with ease
<Quoexl> its done, I win
<Quoexl> just sharing
<ikonia> don't need break down of your day to day management of the host
<cfhowlett> Quoexl share that kind of stuff, if you must, at http://thedailywtf.com/Default.aspx
<maswan> tou know what also helps against ssh bruteforce attempts: PasswordAuthentication no
<zul> jamespage: debian has packaged designate its still in proposed because its foobared
<YamakasY> any webdav expert here ? or actually autofs ones ?
<histo> !any | YamakasY
<YamakasY> histo: you belong to any(one) :)
<YamakasY> histo: you use it ?
<ws2k3> Hello, my ubuntu machine got stuck while upgrading
<ws2k3> i use do-release-upgrade and now it hangs at setting up nfs-common
<pmatulis> ws2k3: upgrade from lucid to precise?
<ws2k3> no
<ws2k3> natty to ï»¿Oneiric
<ws2k3> what can i do about this ?
<zul> jamespage: oh good you did logutils and signledispatch already
<pmatulis> ws2k3: i don't think Oneiric packages are still in the regular repositories
<pmatulis> http://archive.ubuntu.com/ubuntu/dists/
<ws2k3> i use old.releashes as repository
<pmatulis> oh
<ws2k3> so i have the normale oOneiric repository
<pmatulis> dunno.  all that comes to mind is
<pmatulis> https://bugs.launchpad.net/ubuntu/precise/+source/nfs-utils/+bug/863741
<uvirtbot> Launchpad bug 863741 in nfs-utils "apt doesn't want to replace portmap with rpcbind on upgrade" [Medium,Fix released]
<ws2k3> ah oke well i cancalled the upgrade and did dpkg --configure -a so the upgrade showed up again haning on setting up nfs-common i cancesseled the upgrade of nfs-common and luckly it continue to do all the other packages
<Cyberspirit> https://www.youtube.com/watch?v=seFWvCDQFv0
<YamakasY> mhh automount is not running ?
<ikonia> Cyberspirit: please don't post that sort of thing in this channel
<Cyberspirit> roger
<ikonia> thanks
<jcastro> jamespage, are you guys going to be all set for running the UOS session in ~1 hour?
<jamespage> jcastro, yup - gaughen is leading things
<jcastro> rock
<gaughen> jcastro, having some issues getting a hangout setup. getting an error message that "hangouts on air is disabled by the administrator"
<gaughen> have you started one successfully?
<YamakasY> anyone using autofs here ?
<YamakasY> I need to mount a webdav share on ldap auth
<jcastro> gaughen, I use my personal account for hangouts
<YamakasY> it seems to create the folder for the mount, but no mount is made
<jcastro> I don't think we can on-air from our work accounts
<gaughen> jcastro, guess I have to relearn this each time
<jcastro> how did it work last time?
<gaughen> don't remember. gotta look. just finished making some caffeine. will drink some and then look.
<gaughen> don't trust my brain until then. jcastro
<jcastro> I agree
<gaughen> jcastro, hmm, I used my work g+ last time
<jcastro> gaughen, let me ask around
<gaughen> jcastro, Leann has already asked IS, and we bugged mhall too
<jcastro> oh
<jcastro> she is having problems too?
<psih0man> hello everyone!
<psih0man> what is the future init in ubuntu server? upstart or systemd?
<psih0man> I was looking at the bug tracker http://reports.qa.ubuntu.com/reports/rls-mgr/rls-r-tracking-bug-tasks.html#server and could not find an answer to this question
<jcastro> gaughen, looks like we're supposed to talk to IS if you have issues
<jcastro> psih0man, we're switching to systemd
<jcastro> http://summit.ubuntu.com/uos-1406/meeting/22277/ubuntu-server-plans-around-systemd/
<jcastro> there's a meeting tomorrow about it if you want to follow along ^^^^
<psih0man> jcastro: thank you
<gaughen> psih0man, yeah, please come ask questions tomorrow!
<psih0man> jcastro: is the switch to systemd planned for the next release or is this to be discussed during the meeting?
<jcastro> I am not sure, last I heard foundations wanted to switch asap, but I haven't been following the discussion
<jcastro> http://www.piware.de/2014/04/booting-ubuntu-with-systemd-now-in-utopic/
<jcastro> https://lists.debian.org/debian-devel-announce/2014/05/msg00001.html
<pcn> Is there anyone familiar with the process that canonical uses for creating the .ovf files, and/or what platforms the file is meant to be able to work with?
<pcn> ^^^ the .ovf files for the server cloud images
<lordievader> Good evening.
<stgraber> zul: thanks for the patches, I was just about to refresh the python2 binding based on all the changes that went into the python3 recently. I believe there are 2-3 more changes to cherry-pick. I'll apply your changes and do the remaining cherry-picking ones I'm done with vUDS
<zul> stgraber:  coolio...thanks
<heph> Not sure if y`all are aware, but the us-west-2 ec2 mirrors are returning 403s when trying to download packages.
<heph> my guess is someone uploaded some files but forgot to set the s3 permissions
<heph> but it's turning my deploys into derploys, so I was hoping someone here could get that resolved
<sarnold> heph: s3 is funny, it never returns 404 -- it returns 403 instead, to avoid leaking information if an URL exists but permissions wouldn't allow it
<heph> ah, that's weird
<sarnold> heph: certainly annoying :)
<sarnold> heph: just to make sure, you ran apt-get update just before? or the tools appear to do that for you before upgrading?
<heph> sarnold: so, when i use archive.ubuntu.com I can download the package gettext=0.18.1.1-10ubuntu3 (raring) fine, but when I use us-west-2.ec2.archive it fails with 403
<heph> yes, apt-get update was ran
<sarnold> heph: thanks :)
<heph> so, sounds like an incomplete mirror in s3 then?
<sarnold> heph: perhaps. we're a fairly .. "heavy" user of s3, our archive mirrors have found problems in s3 hosting before..
<heph> I bet =)
<heph> It's your own fault, really... being so successful and all =P
<sarnold> heph: haha :D yes, exactly :)
<heph> Can I relay to my team that someone is going to look into the s3 mirrors?
<sarnold> heph: yes; I've kicked it up the channels :)
<heph> thx =)
<sarnold> thanks for reporting it :)
<sarnold> heph: oh cripes. I'm just now noticing that you mentioned 'raring' in your error message. raring was EOL'd back in january.
<sarnold> heph: https://wiki.ubuntu.com/Releases
<sarnold> heph: note that saucy EOLs in a month; it would be best to aim for 12.04 LTS or 14.04 LTS, depending upon which set of software versions you want
<heph> yeah, it's legacy, we're working on it. can we expect the ec2 mirrors to not be kept up to date with the main archive mirrors though?
<heph> even though it's eol, the main mirror works
<sarnold> heph: at some point the main mirror will stop carrying it, and it'll move to old-releases
<sarnold> heph: I don't know when they get around to culling old content from the main archives, but I'm surprised it still works :)
<heph> doh, thanks for that clarification. guess it's time to switch our legacy systems to the archive.ubuntu mirror =|
<sarnold> heph: do realize that since raring was EOLd, there've been some high-visibility security problems -- at least one local->kernel privilege escalation, heartbleed, half-dozen other openssl issues, and scores more CVEs. Upgrading to an LTS release would cover a lot of asses^Wbases :)
<friendlyguy> hi there. i'm trying to setup a lab with a sendmail server receiving mail via smtp in a virtual network(from another host/application). most things work already, BUT the sendmail server rejects the e-mail because the sender address does not resolve. i know that it doesn't resolve, and i don't want it to resolve. can someone tell me a easy way to deactivate this "feature"?
<sarnold> smoser: thanks for collecting some nice tweets :)
<smoser> that was fun.
<smoser> hopefully now ubuntu security will pop up on random people's youtube searches
<sarnold> ha
<mdeslaur> thanks smoser :)
<parallel21> vsftpd allows root login by default?
<[lutchy]> friendlyguy, people still use 'sendmail' :s
<[lutchy]> In postfix, it would be part of smtpd_sender_restrictions, that does FQDN check
<[lutchy]> Look through 'sendmail' docs that will you tell how to disable that
<histo> YamakasY: What?
<marshall> hey ubuntu
<marshall> how do I start iptables? it's installed but i don't think it's running
<[lutchy]> iptables is part of the kernel
<[lutchy]> So, there is no enable or disable or service to run... One would need to apply rules
<[lutchy]> Some distributions have software that manages that for you... Take a look at http://www.thegeekstuff.com/2011/06/iptables-rules-examples/
<marshall> how do i get `iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 5984` to work?
<hallyn> rbasak_: hey, i'm trying to run uvtool on precise from the ppa, but it appears to be not installable?
<hallyn> http://paste.ubuntu.com/7625825/
#ubuntu-server 2014-06-11
<histo> marcoceppi: it's running you just have to setup rules
<histo> marshall: ^^ run sudo iptables --list
<robbyt> hello all, Iâm working with `reprepro` to create a repo for some custom packages. I would like to add multiple versions of the same package- is this possible with reprepro?
<z1haze> when creating a virtual host does the document root have to be the same as the <directory> in the host file
<z1haze> like which one tells apache where the root folder is, and which one tells the web where to look i guess is what im asking
<z1haze> like if i want a site thats test.mysite.com but i want the web to go to test.mysite.com/public, how would i do that
<lastarms> z1haze: the easiest will be an html redirect...
<z1haze> well im just trying to setup a technicsolder which i doubt you have any idea what it is unless u playwith technic.. but basically a repo to update individual files in a modpack rather than updating the entire modpack everytime something changes
<lastarms> I redirect my main www folder
<z1haze> and i got all the way to the point where im supposed to just naviagte "to the directory i installed tehcnicsolder" which i did.. but i just get the default it works apache page
<lastarms> so if someone goes to  let's say site.com
<lastarms> they will get redirected to site.com/~site1
<z1haze> ive got like 5 other virtual hosts runing just fine ive never had a problem like this before
<lastarms> z1haze: oh... then I don't know...
<z1haze> what could cause me to get that default page?
<z1haze> obviosuly the dns records are working if its directing me there
<z1haze> but isnt the only that it could be is that my hosts file is just wrong?
<z1haze> if i reinstall a package on accident will it overwrite anything
<OpenTokix> z1haze: unless you change options for dpkg from the default, it will ask for overwrite of configuration files etc.
<z1haze> ok
<z1haze> cause im following a tutorial for something and it says to install several packages
<z1haze> and i didnt wanna have type each one individually
<z1haze> because im not sure if i ahve some or not
<OpenTokix> z1haze: ok, ok - you will not reinstall unless you add --reinstall to the apt-get install line
<z1haze> ok thanks
<OpenTokix> z1haze: so, it is not a problem if you try to install something you already have it will say "Already installed"
<z1haze> great thank you
<z1haze> maybe i can finally get this working
<OpenTokix> z1haze: yes, ofc you will
<OpenTokix> z1haze: pro-tip: Dont just paste stuff from webpages into your terminal, make sure you understand what it does
<z1haze> no i am reading it
<z1haze> but im also not so PRO haha
<OpenTokix> z1haze: but if you learn what you are doing, you will be pro =)
<z1haze> i hope so, maybe one day, or at least become novice
<OpenTokix> =)
<OpenTokix> How long have you been using linux?
<z1haze> its just on a dedi that i use
<z1haze> i dont personallyuse it
<z1haze> i host game servers and the server has ubuntu on it
<OpenTokix> ok
<OpenTokix> Its a start =)
<z1haze> i dont think i could ever use linux for a o/s at home
<OpenTokix> I use linux on everything except my laptop =)
<z1haze> i can barely make my way around with ssh
<z1haze> wow
<OpenTokix> z1haze: I only start windows7 sometimes when I play games occationally
<z1haze> yea, not many games that have linux versions
<OpenTokix> I only play two games, and they dont =)
<z1haze> what games
<OpenTokix> z1haze: I could use wine, but I think wine sucks. - Wow and hearthstone
<z1haze> oh ive heard stories of how wine just kills ur performance
<OpenTokix> wine is annoying
<z1haze> can i ask you something? im stuck here
<z1haze> i passed my last obstacle now i get another error
<z1haze> unhandled exception "module 'memcache' already loaded
<z1haze> Module 'memcache' already loaded in Unknown on line 0
<z1haze> is actually what it says; how can i fix this? or do you need more details on what im doing?
<OpenTokix> z1haze: the memcache module is already loaded, so you only need it once in your (I assume) php configuration
<OpenTokix> z1haze: look around in your conf.d directories  - you can do a a grep -ri memcache /etc/apache2
<OpenTokix> so see where it is loaded - and remove all but one line
<z1haze> i should disable it in my config?
<z1haze> im confused
<z1haze> ohh ok
<z1haze> its on there twice on accident?
<z1haze> i did grep -ri memcache /etc/apache2 and nothing happened
<OpenTokix> z1haze: I am guessing you have installed two phpsystems using memcached, and they have their own included configuration files, both including memcached
<OpenTokix> Are you using apache2?  - or what webserver are you using? - And is it a webservice you are installing?
<z1haze> apache2
<z1haze> no, its a.. .. repo i think ?
<OpenTokix> z1haze: do the same grep in /etc/php5
<z1haze> ok that spilled a bunch
<z1haze> http://pastebin.com/Nfb5Dytu
<OpenTokix> z1haze: that looks correct
<z1haze> following that, what should i look for/do?
<OpenTokix> When did you get that error?
<z1haze> just now when trying to access this url
<z1haze> im during installing this repo thing
<z1haze> this is what im putting on my server https://github.com/TechnicPack/TechnicSolder
<z1haze> its so i can update my servers modpacks with individual mods rather than change one file then have to reupload 200mb of files every time
<OpenTokix> *puke* github-shit
<OpenTokix> ok
<z1haze> i did just installed php mcrypt extesion i dunno if that would do it
<apb1963> i'm trying to use debootstrap, and I keep getting: E: Failed getting release file http://archive.ubuntu.com/ubuntu/dists/trusty/Release  any ideas?
<OpenTokix> z1haze: What ubuntu version are you running?
<z1haze> 12.04
<OpenTokix> z1haze: and installing php-stuff from repos?
<z1haze> hmm?
<z1haze> this is supposed to help me update my mod packs without having to uplaod hundreds of mb's for small changes
<OpenTokix> z1haze: I understand what you are trying to accomplish
<z1haze> oh alright
<z1haze> i think im ALMOST there too, im at the last step where im supposed to login but i just have this error
<OpenTokix> z1haze: where do you see the error?
<OpenTokix> z1haze: btw. - is memcached running?
<z1haze> i dont know if its running
<OpenTokix> z1haze: pgrep memchached
<z1haze> but the url http://technicsolder.terminus-mc.com/public is where its giving me that error
<z1haze> oh wtf
<z1haze> now its not
<z1haze> hmmmmmm
<OpenTokix> z1haze: I see a loginpage
<z1haze> yea me too.. before i wqas getting an error
<z1haze> and i didnt change anything at all
<OpenTokix> z1haze: =)
<z1haze> maybe i didnt wait long enough after i reloaded apache
<z1haze> uh oh
<z1haze> it did it again
<z1haze> soo weird
<z1haze> its sporatic..
<z1haze> what in the world
<OpenTokix> check the apache errorlogs
<OpenTokix> and try to trigger it
<z1haze> ok good idea
<OpenTokix> apb1963: Where are you bootstrapping? - Does that host have working network?
<apb1963> OpenTokix: Yes, I'm on the host now.
<OpenTokix> apb1963: and no proxy configured for apt or so?
<apb1963> OpenTokix: not that i'm aware of... i.e. I didn't configure one.
<OpenTokix> apb1963: ok
<apb1963> OpenTokix: I can ping it, I can see the index from a browser.
<OpenTokix> apb1963: and it consistently fails when you run debboostrap?
<apb1963> OpenTokix: Yes.  I tried 2 additional mirrors.... same results.
<OpenTokix> apb1963: that is indeed wierd
<apb1963> OpenTokix: I'm wondering if this is the result I'd get if my target is bad.  So I can test it by unmounting the target USB drive and see if it installs to the mount point.  But, if I do that... I'm wondering if I can simply copy or move the results to the disk later, so as to save network time.
<OpenTokix> apb1963: try to touch files on the usbdrive
<apb1963> OpenTokix: quite touchable
<OpenTokix> then its not a proublem to write on it
<apb1963> OpenTokix: maybe... but I just unmounted and now debootstrap is working
<OpenTokix> apb1963: wierd
<OpenTokix> apb1963: I dont use much usbdrives
<apb1963> OpenTokix: I never used to... but then they started getting too cheap not to
<OpenTokix> I dont have a single usecase for myself =)
<apb1963> OpenTokix: system restoration, alternative boot to try (and show to others), backup... the list is almost endless... or at least 3.
<OpenTokix> apb1963: boot: pxeboot; backup: I have systems for that; recovery: also pxebooting
<OpenTokix> =)
<apb1963> guess I need to google pxeboot
<OpenTokix> yes
<OpenTokix> pxeboot is the complete win
<OpenTokix> apb1963: In my lab I have like 10 different bootoptions, presseded ubuntu and debian, livesystems, recoverysystems etc.
<apb1963> lab.  This implies multiple computers.  "The firmware on the client tries to locate a PXE redirection service on the network ...".  I have one computer.  And pxe wouldn't be of much help when trying to demo a linux system to a windows house.
<apb1963> So yes I can see why you wouldn't necessarily have a need... but I do. :)
<OpenTokix> apb1963: ahh, ok =) fair enough
<OpenTokix> apb1963: I have hundreds of computers =)
<OpenTokix> apb1963: easiest for you would be to just dd a livecd onto the usbdrive
<apb1963> so the question remains... can I simply move the downloaded debootstrap directory to another place (the usb drive).
<OpenTokix> apb1963: yes, but it will not be bootable, since you need to information in the mbr for the booting
<apb1963> Hmmm.  Well, that's a good point... I've had so many paths to follow I've lost sight of what I'm doing.
<apb1963> I believe fdisk /mbr will fix that problem?
<OpenTokix> apb1963: yes, should work - you can try your bootable usbdrive in virtualbox
<OpenTokix> or with qemu-x86
<apb1963> I presume qemu is like virtualbox?
<OpenTokix> its more rudimentary
<apb1963> I've had trouble getting my usb drive to mount in virtualbox... and I haven't tried booting it that's for sure.
<OpenTokix> but it will show if your usbdrive work you just boot it with: qemu-system-x86_64 -hda /dev/[usbdrive]
<apb1963> virtualbox SEES the drive, it just won't mount it
<apb1963> i.e. I can't access it
<apb1963> so... debootstrap finished it's thing....  what just ... mv /mnt/installer/* /dev/usbdrive  ?
<OpenTokix> apb1963: I would use rsync
<apb1963> hmm
<OpenTokix> you need to mount the usbdrive
<apb1963> options for rsync?
<OpenTokix> btw, is the usbdrive formatted as ext?
<apb1963> ext 4
<OpenTokix> rsync -avP source dest
<apb1963> bzzt!  I blew that.  W95 FAT32 (LBA)
<OpenTokix> apb1963: I think you have your debootstrap problem, right there =)
<apb1963> I've been running back and forth between the house and another borrowed system.
<OpenTokix> holy shit, you need to extra hardware man =)
<apb1963> let me check the money tree.
<apb1963> Wintertime.  No leaves.
<OpenTokix> =)
<apb1963> E: Failed getting release file http://archive.ubuntu.com/ubuntu/dists/trusty/Release   means wrong file system on the target device.  Nice.
<apb1963> I'm going to make a note of that.
<OpenTokix> apb1963: probably want to set owner and permissions on the file
<sarnold> naah, apt-get runs as root and files are owned by root..
<apb1963> hmm?  what?
<OpenTokix> Im just speculation why it would not work on fat32
<sarnold> apb1963: sorry, I was responding to OpenTokix
<OpenTokix> sarnold: Do you have another idea why the debootsrap dont work?
<apb1963> OpenTokix: sounds reasonable
<sarnold> OpenTokix: sorry, debootstrap is complete mystery to me. I'm not surprised that it makes assumptions that it has a POSIX filesystem to work with though :)
<OpenTokix> sarnold: =)
<OpenTokix> sarnold: I have very basic knowledge of it, used it maybe once or twice
<OpenTokix> But now I am getting curious of it, for my virtual machines =)
<sarnold> OpenTokix: about the same here, I've only used it via mk-sbuild, only done that a handful of times...
<sarnold> OpenTokix: heh, it's been on my todo list to try just downloading one of the cloud images, those are available as disk images.
<sarnold> no installer to debootstrap needed :)
<apb1963> it took some head scratching, but I was able to create a working bootstrap awhile back.  Now trying to create one for trusty using precise as my starting point.
<apb1963> i've been aggravated by what are potentially bad disks.
<genii> Grrr, bad disks
<apb1963> they seem to work fine on the borrowed machines under windows, but I seem to have problems with them here.
<sarnold> the badblocks program may be able to help with that..
<apb1963> but then I've only done quick formats under Windows
<apb1963> I ran badblocks... it's what reported zillions of bad blocks
<sarnold> quick format will touch less than 1% of the drive
<sarnold> haha
<sarnold> okay, so you're pretty familiar with it then :)
<apb1963> yeah, that's why the jury is still out
<apb1963> Yes I have 28 solid hours of experience with badblocks :/
<apb1963> it's excruciating
<apb1963> oh and I did a chkdsk over on Windows... it reports shiny squeaky clean bits.
<sarnold> o.u.c.h.
<sarnold> "thanks windows"
<apb1963> so i'm still puzzled over it all
<OpenTokix> Good luck, going to get ready for datacenter trip today =)
<apb1963> I mean 3 bad usb flash drives all at once?
<apb1963> OpenTokix: thank you most kindly for your help
<apb1963> OpenTokix: about to start the debootstrap with the ext4 fs
<sarnold> apb1963: dang. that's some luck.
<apb1963> OpenTokix: yup.  It was the ext4 fs....  it's going fine now
<apb1963> sarnold: tell me about it
<apb1963> I think I might need a new mamaboard
<apb1963> my mouse freeeezes up periodically and replugging it cures it for awhile.
<apb1963> and it's a usb mouse
<sarnold> might be a dying usb controller..
<apb1963> exactly
<apb1963> my sound card already gave up the ghost on the output
<apb1963> which is of course onboard
<apb1963> it's also why I have to wonder if these flash drives really are bad... or it's just my usb controller that is the cause of these badblocks
<sarnold> yeah I wouldn't throw them out yet
<apb1963> I was going to format them under windows, the slow way... but didn't as I figured it would take too long.
<apb1963> that was weird.. it double mounted the same partition
<apb1963> I didn't know you could do that
<sarnold> yup :) it can lead to some real confusion..
<apb1963> and make debootstrap fail
<apb1963> in yet another indecipherable way
<apb1963> having the wrong filesystem also made chroot fail in an obscure way.  I've learned a lot.  If only I could remember it :/
<apb1963> at least... I'm assuming that was the problem... I'll find out in a few minutes.
<sarnold> apb1963: can you pastebin this one?
<apb1963> which one?
<apb1963> the chroot?
<sarnold> oh! I'm sorry, I'm doing too many things at once, I thought you had a new failure that you didn't udnerstand
<apb1963> haha   join the club
<sarnold> :)
<apb1963> no that's from earlier.. I'm assuming the reformat will cure it.
<apb1963> ok now I have something new and strange
<apb1963> sarnold: http://pastebin.com/0QvTQe2Lhttp://pastebin.com/0QvTQe2L
<sarnold> apb1963: looks like you have a gpg key or message stored in /mnt/installer/etc/bash.bashrc
<apb1963> exactly right
<sarnold> which is some kind of accomplishment. :)
<apb1963> question is... how did it get there and what does it all mean? :)
<apb1963> i'm going to ignore it and just continue with the rest of the process.
<sarnold> apb1963: maybe try again with ext3 -- there've been repors of ext4 corruption.
<apb1963> i'm reasonably sure I used ext4 awhile back to do this... of course I was going from precise to precise so maybe trusty isn't so trusty?
<apb1963> jeez... I can't continue... it can't find apt-get ... obviously something failed quietly
<sarnold> apb1963: yeah, I think it's pretty recent
<apb1963> 14.04 .. I thought it was supposed to be stable?
<sarnold> yes, it should have been, but this was discovered after shipment sadly enough :/
<apb1963> so how come I havent heard anything about it?
<apb1963> I AM in fact telepathic so, I would have expected to hear something.
<sarnold> apb1963: http://marc.info/?t=139710836700001&r=1&w=2  :)
<apb1963> marc.info ??
<sarnold> awesome mail list front end
<apb1963> Monsters Are Real Creatures?
<sarnold> heh, i've always guessed Mail ARChive, but never looked into it :)
<apb1963> I can't keep up with that stuff
<apb1963> I had hoped to get past my 12.04 problems with 14.04, but I guess it's not meant to be
<sarnold> apb1963: it -could- be hardware issues through-and-through :(
<apb1963> nah
<apb1963> doesn't feel like it
<sarnold> dunno, a mobo that's busted enough to misread three usb disks and one use mouse and dead audio might also send disk data to wrong sectors or similar
<apb1963> yeah but then I'd likely get disk errors
<apb1963> I just get crashes
<sarnold> one hopes, but if it just gives bad data back to a program..
<apb1963> hmm
<apb1963> oh to be rich
<apb1963> again
<sarnold> *nod*
<apb1963> i've been trying to back stuff up before doing anything hardware-wise
<apb1963> hence the 3 usb flash drives
<apb1963> sadly, i've been unable to do so
<apb1963> so really I've just been trying to validate whether they're good or not
<sarnold> maybe you could yank the drive, bring it and usb flash drives to a friend's machine, boot up a linux livecd, and make backups that way?
<apb1963> that's certainly a thought
<apb1963> a painful one.. but a thought.
<sarnold> what matters to you is just the disk. that's the hard part to replace...
<apb1963> yeah.... I imagine I'd have to bring along an external enclosure
<apb1963> I just hate cracking this machine open... again.
<apb1963> I mean if I need a new mamaboard... why not just get it and then deal with the disk?
<sarnold> because backups++ :)
<apb1963> i'm depressed... my head hurts... I think I'm gonna go cry in my pillow
<zombu2> have you checked the psu??? a bad psu can do some pretty whack stuff
<sarnold> good plan.
<sarnold> zombu2: oooh.
<apb1963> zombu2: right you are... but no, the only way I  know of checking is to replace it
<zombu2> yup
<apb1963> i've had more than my fair share of bad power supplies
<apb1963> i actually have a spare here
<apb1963> but... I'm not sure it will fit in this machine
<zombu2> had a evga board the other day which gave me error 67 on post
<zombu2> bad psu
<sarnold> bed time :) good luck apb1963
<apb1963> yeah I only get missing hard drive errors on post... then it moves past and boots and my heart beats again
<zombu2> and usb either works or it don t
<apb1963> sarnold: ty
<apb1963> ok well, i wanted to be in bed almost 2 hours ago so... thanks guys and g'night!
<zombu2> nn
 * apb1963 waves and exits stage left
<caribou> with Trusty is it still required to set a bridge on the NIC if we want to access KVM VMs from the outside ?
<rbasak_> hallyn: you need to enable the cloud-tools pocket. It's needed for cloud-localds from cloud-image-utils, which didn't ship in Precise.
<pmatulis> morning
<pmatulis> caribou: yep
<tomixxx7> hi, what is the equivalent of sh file command $@ in batch files?
<tomixxx7> $@ <- gives me the remaining parameters of cmd line after some shift cmds
<Pici> tomixxx7: have you asked #bash ? they are pretty knowledable there.
<tomixxx7> Pici: ty, will try
<zetheroo1> I need help with Samba4 and LDAP Account Manager in Ubuntu 14.04
<hallyn> rbasak: oh, ok, thanks.  is that documented somewhere?  (it didn't use to be the case, as i'm certain i at one point used it without that)
<hallyn> (certain of it, i tell you!)
<LarsThalmann> Hi. Is there anywhere where I can read what is intended for next Ubuntu release?  Which is the best page for that?
<Pici> LarsThalmann: The developer summit is actually happening right now, agendas at https://uds.ubuntu.com/agenda/
<Pici> LarsThalmann: actually, this is a better link: http://summit.ubuntu.com/uos-1406/
<DarkStar1> Hi all https://help.ubuntu.com/community/PostfixAmavisNew is it still releveant? I noticed a few packages are missing when installing for 12.04
<DarkStar1> At the end of the Postfix integration section on this page: https://help.ubuntu.com/community/PostfixAmavisNew it says âAlso add the following two lines immediately below the "pickup" transport serviceâ. can anyone tell me what it is referring to?
<rbasak> hallyn: it might not have been a hard dependency, but you did need to acquire cloud-localds from somewhere by hand manually before that.
<hallyn> rbasak: yeah and i assume i'd gotten it somehow elsewhere before - thx
<ws2k3> i'm using ubuntu and i just upgraded mysql hoever when i do service mysql restart it does not work, when i do /etc/init.d/mysql restart then it does work, which file is executed when i do service mysql restart and how to fix this ?
<LarsThalmann> Pici: Thanks.  I'm actually interested in how the planning is done.  Are there *required* things for an Ubuntu release, or is there just a list of "hopes" and what is ready in time gets included in the release?
<Pici> LarsThalmann: Typically there are blueprints on launchpad filled out with what some developers and teams want, and then during UDS/UOS they spend the time discussing the feasbility and planning of those, as well as anything else that might come up.
<zul> jamespage:  neutron is buidling again
<LarsThalmann> Pici: So for the next release (14.11), is there anything marked as "required"?  I would assume the answer is "no".  If the release is to be on time there can not be any "holy cows".  Right?
<LarsThalmann> Pici: Any link where I can see the plan?  I don't find it following the summit links...
<Pici> LarsThalmann: I haven't really looked at any of this cycle's blueprints, but they are located here: https://blueprints.launchpad.net/ubuntu/utopic
<LarsThalmann> ah, I see it here: https://launchpad.net/ubuntu/+milestone/ubuntu-14.10
<LarsThalmann> seems there are "high" items, but not really anything that says "required"..  so I'm assuming anything can be dropped...
<LarsThalmann> Hmm, I wonder if one can even specify "required" in launchpad...
<LarsThalmann> Pici: Ok, by looking at different milestones etc, it seems the highest prio is "High". so then I know.  Thanks for the help and links.
<Pici> LarsThalmann: iirc, there is 'critical' too, but I don't see anything set as that.
<LarsThalmann> ah, ok, thanks
<rbasak> LarsThalmann: anybody wanting to work on something is welcome to join us. The planning stage is where we coordinate - if there's something you'd like to see happen in the next release and are willing to put resources into making that happen, then now is the time to get involved
<rbasak> Nothing is "required", except the schedule :)
<rberg> a few days ago I asked about a problem I am having where I was unable to hit S,M or I to recover a failed block device during boot, I have this tracked down to serial over lan being enabled in the kernel command line, ie if I have "console=tty1 console=ttyS1,115200n8" then those key presses are not registered over tty1.. do anyone know how I can have both enabled and still be able to skip that mount?
<z1haze> hello, what could cause Module 'memcache' already loaded Unknown on line 0 to "sometimes" show up when trying to access a page, but sometimes not
<z1haze> i just commented out the memcache.so in php.ini and it seemed to work.. hmm
<hxm> i have this crontab */5	*	*	*	*	php /var/www/osTicket/inc/mail/hesk_pop3_sometokenhere.php >/dev/null
<hxm> the script works but I keep receiving the email
<hxm> with this: PHP Warning:  Module 'memcache' already loaded in Unknown on line 0
<hxm> i can fix the warning, but i'll keep receiving the email
<hxm> i dont want the report
<hxm> why >/dev/null fails?
<rberg> the error is coming out stderr you are redirecting stdout only
<hxm> oh damn
<hxm> 2>&1
<hxm> sorry and thanks
<rberg> I would recommend fixing the error so you can still get other error emails should the script fail in the future
<hxm> yes
<abosamoor> hi, I upgraded my server from ubuntu 12.04 to 14.04, I got a dependecy error about avahi-daemon and libnss-mdns not being configured properly
<sarnold> abosamoor: what error do you get?
<abosamoor> sarnold: adduser: The user avahi already exists, Exiting. dpkg: error processing pacakage avahi-daemon (--configure): sub process installed post-installation script returned error exit status 1
<abosamoor> sarnold: dpkg: depedency problems prevent configuration of libnss-mdns:amd64: Package avahi-daemon is not configured yet.
<sarnold> abosamoor: crazy. please file a bug (with ubuntu-bug avahi-daemon) to make sure this gets captured -- please copy-and-paste that into the bug report :) -- and then probably dpkg --purge avahi-daemon -- chances are good that won't work, but it's worth a first shot
<abosamoor> sarnold: and I can not resolve URLs on the machine like "wget google.com" will fail at resolving the IP address.
<sarnold> abosamoor: argh. that's annoying. what's in /etc/resolv.conf?
<abosamoor> nameserver 127.0.0.1
<sarnold> abosamoor: are you running a local dns cache or recursor?
<abosamoor> sarnold: yes, this machine supposed to be the gateway of the local network, so it runs bind in principle, though after this failed upgrade I am not sure what is running and what is not
<sarnold> abosamoor: aha. okay. well, for now you can put nameserver 8.8.8.8 into the file and start fixing things again :)
<sarnold> abosamoor: don't forget about that, you'll probably want to change it back to 127.0.0.1 once you're all fixed up.
<abosamoor> sarnold: it still fails to resolve IP addresses :(
<sarnold> abosamoor: can you ping 8.8.8.8?
<abosamoor> sarnold: no
<sarnold> abosamoor: drat. then you probably have busted iptables rules
<abosamoor> sarnold: I am running a local network in a campus, so yes, there maybe some complexities. Thing were working, is there any way I can fix avahi and the dependency issues locally
<sarnold> abosamoor: probably, all the .deb files should have been downloaded .. I don't know if the upgrader sticks them in /var/cache/apt/archives/ or somewhere else, but it'd be a good starting point to try to find the packages
<sarnold> abosamoor: i think trying dpkg --purge avahi-daemon would be a  good starting point. (heck, does the gateway even need it?)
<abosamoor> sarnold: to be honest I am lost, I do not know what avahi is or even libnss mdns
<abosamoor> sarnold: will purge it
<sarnold> abosamoor: yeah, I don't know enough about it; it helps manage the .local pseudo-domain thing, similar to apple's bonjour
<rbasak> I like avahi-daemon and libnss-mdns. It saves me having to operate a DNS server on my local network.
<Aergan> Hi, I'm running Ubuntu Server 14.04 LTS under Hyper-V 2012 R2 and I'm having an issue where running 'sudo reboot' causes the guest OS (Ubuntu server) to wait at "Stopping System V runlevel compatibility [OK]"
<Aergan> If I issue a shutdown or reboot action from the Hyper-V console GUI, it behaves correctly
<Aergan> 'sudo halt' behaves the same
<Aergan> Kernel version: 3.13.0-29-generic x86_64
<TTGG> Anyone ever tried to use SSMTP or an equivalent in place of sendmail?
<TTGG> I'm having some issues and I don't know how to begin troubleshooting.
<TTGG> I tried checking my /var/log already and I can't find anything useful
<OpenTokix> TTGG: I always use exim4 for sending mail
<TTGG> Can I auth exim4 up with an external SMTP server and use it to send my mail?
<TTGG> That's why I'm using sSMTP
<TTGG> I'm very open to alternatives at this point because the project is barely off the ground.
<sarnold> TTGG: I use msmtp, like it well enough.
<TTGG> Can msmtp auth with an external SMTP server for sending functions?
<sarnold> TTGG: yes, my ~/.msmtprc is configured with a user and password for the account in question
<TTGG> with an external smtp server? IE gmail or yahoo or something like that?
<TTGG> Sorry if my question sounds stupid, I just got lead down the wrong path with Postfix already
<z1haze> is there a way to find out the ipv6 address for my server? apparently this repo will only connect via ipv6 or something
<rena_> z1haze: Terminal command - ifconfig  (ipv6 for the server should be on eth0 -> inet6 addr:)
<z1haze> ok thanks
<z1haze> when i try to import from solder it keeps telling me a modpack already exists with that name?
<z1haze> is it typical to get 500 internal server error when i create a modpack on technic with solder?
<z1haze> lol mybda wrong channel
<z1haze> what is the easiest way to make a virtual host point to a port other than 80
<z1haze> i think i messed something up because i have somthing that used to work and now it doesnt.
<z1haze> im using a proxypass/proxypassreverse but it isnt working
<rena_> You have to be listening on the port wanted (check if the port appears in the output of netstat -lnpt)
<rena_> Then you have to set the virtual host in a sites-available directory and activate it with sudo a2eensite <host_file_name>.
<z1haze> if i go to my ip:port
<z1haze> it works
<z1haze> but if i go to my subdomain that i created an arecord for i tdoesnt work
<z1haze> i looks like its trying to connect on port 80
<z1haze> heres the actual subdomain im using: http://map.terminus-mc.com/ it was working as of like 3 days ago i dunno what happened
<rena_> By accessing that uri/subdomain from a browser, it will try to request on port 80. If you want to go to another port you have to specify subdomain:port, just like you did with ip:port. Because a subdomain is only translated to an IP address.
<rena_> z1haze: I think you need to set both ports to be listening 80 and the proxy port
<z1haze> rena_ http://paste.ubuntu.com/7630946/ thats my hosts file i dont really get what ur saying
<z1haze> what have i dont incorrect?
<rena_> z1haze: Change line ProxyPreserveHost On to ProxyPreserveHost Off. Or you can just remove it or comment it, because the default is off.
<rena_> Then do a service apache2 restart and test it
#ubuntu-server 2014-06-12
<z1haze> how can i remove a symlink without deleting the whole directory it points to?
<MontyH> I have what will be a simple question for you, but my google fu has failed to find an answer
<MontyH> how do you deny all to cron
<MontyH> oh, yeah, ubuntu 12.04 server 32bit
<MontyH> the google fu says I should edit /etc/cron.deny which does not exist
<MontyH> any help?
<sarnold> z1haze: rm will only delete the symlink; I couldn't even find any way in the manpage to get it to follow a link :) -- and bonus, deleting a directory requires the -r command line option :)
<z1haze> oh ok lol
<z1haze> was just nervous
<sarnold> MontyH: check the cron(1) manpage, it describes the interations between /etc/cron.allow and /etc/cron.deny
<sarnold> z1haze: it's good to be nervous :)
<MontyH> sarnold: ok read the whole man page twice, no mention on how to shut everyone out of cron
<sarnold> MontyH: oh! nuts, maybe it was an addition between precise and trusty..
<MontyH> it WAS there in 10.04 I used it
<sarnold> MontyH: oh man. I'm sorry. it's in crontab(1). :( http://manpages.ubuntu.com/manpages/precise/en/man1/crontab.1.html
<MontyH> ok long story short, monday night some guys, 1 geolocated to China, the other to Viet Nam somehow slipped a cron job in that repeatedly attacked the password on the root user. no biggie it can't log on, but how did they get it in there?
<sarnold> MontyH: things to check: (a) do you still allow password logins via sshd? require keys (b) do you use any cpanel or webmin or plesk or other "control panels"? those are normally crap
<MontyH> yeah I know control panels are a no go. working on sshd as we speak
<MontyH> I need some words of wisdom, how would someone from china or viet nam slip a cron job into my server that repeatedly bangs the root door?
<MontyH> I know they arent that good because theyre trying root on ubuntu
<MontyH> and I mean 46 pages of logs bangin the door
<sarnold> MontyH: can you share some log entries?
<MontyH> unfortunately the server that contained the log has been removed and quarantined. my desktop at work has the log
<MontyH> and naturally I got no way to get there
<MontyH> and naturally I didnt email it to myself. I'll be back tomorrow with it, thx
<sarnold> MontyH: heh, sounds like a good way to enjoy the rest of the night :)
<PryMar56> MontyH, if its an ssh login attempt, move the service off port 22 on the WAN
<stoned> IdleOne, here too I hope?
<IdleOne> keep it up with your attitude and yes you will get banned her also
<stoned> There was no attitude.
<stoned> You're just an asshole.
<stoned> Please get your dick hard.
<IdleOne> if you would like to discuss how to resolve your bans you can join #ubuntu-ops
<stoned> ban me.
<stoned> NOW.
<stoned> No thanks.
<IdleOne> fine
<MontyH> friends and neighbors I have a problem you guys can unite around. Monday 00:00:00 to  Wednesday 12:32:00 I was the recipient of a hack. I geolocated the 2 ip's to china and viet nam. they did not penetrate ssh, but they DID somehow penetrate cron. leaving behind a coocoo's egg that kept beating on root's door and trying to log in. now we all know root cannot log in so I brought up just
<MontyH> ssh on a different machine
<MontyH> I need help shutting off cron
<MontyH> pls, thx and all the niceties I can present
<cfhowlett> MontyH *I* can't help, but if no response here, ask the ##linux channel.
<MontyH> well therein lies the rub, other distros have cron.deny, ubuntu does not
<cfhowlett> MontyH sadly such technical discourse far exceeds my paygrade
<MontyH> 46 pages of logged attempts in 3 days all after root, wonder why they dint find out it was ubuntu first
<cfhowlett> MontyH kiddiescripters will do that
<MontyH> somehow they slipped my cron a crontab without breaking ssh
<hilarie> I'm on Lubuntu 14.04 server, and have it running openVPN and DHCP it NATS everything on my LAN over the openvpn tunnel, I'd like to exempt things from SSL from going over the tunnel, is there any way to use IPtables to make it so some traffic that is being natted doesn't go through the tunnel?
<sarnold> hilarie: you may get more traction in an openvpn channel -- I don't know how to do it, but I'd first guess that you need to modify routing table to have some IPs that have traffic routed through openvpn, some IPs that don't, and then use iptables rules to re-write port 443 traffic to an IP that's not routed via openvpn..
<hilarie> sarnold, I'll try over there in the morning, thank you
<sarnold> hilarie: good luck :)
<ws2k3> hello i'm trying to install ubuntu 12.04 but it hangs after selecter the mirror it shows an emty purple window
<ws2k3> i restarted the installation twice so this is the 3th time it happens
<pmatulis> morning
<tarvid> In a rash move I upgraded apache2 to 2.4.9 and now all the virtualhosts are broken
<tarvid> is there a way to run the upgrade again and answer the configuration questions more carefully? I answered "keep"
<pmatulis> tarvid: man dpkg-reconfigure
<tarvid> pmatulis, I can't invoke the configuration prompts,
<pmatulis> tarvid: have backups of your original configurations?
<tarvid> yes pre upgrade
<tarvid> they don't work with 2.4.9
<pmatulis> that's odd
<tarvid> I never had a working 2.4.9
<pmatulis> what release of ubuntu is this?
<tarvid> 12.04
<tarvid> but I munged things by trying to get to php 5.5
<tarvid> which prompted an upgrade to apache 2.4.9
<pmatulis> how did you get 2.4.9?
<tarvid> from a PPA I am looking it up
<tarvid> ondrej-php5
<pmatulis> well, you are installing PHP and Apache outside the Precise archives.  problems should be expected
<tarvid> I've got them
<pmatulis> there you go
<pmatulis> apache 2.4.9 will only available in 14.10 , and you're installing it on 12.04
<pmatulis> *be available
<tarvid> I trusted the PPA
<pmatulis> i bet that PPA installed a lot of other stuff right?
<tarvid> yes
<pmatulis> yeah, tons of libraries prolly
<tarvid> and that makes restoring old files problematic
<tarvid> I do have a recent backup of most things
<tarvid> will etc and bin catch most of that
<pmatulis> if you need php 5.5 then why not install 14.04 LTS?  i'm not sure why you were forced to install apache 2.4.9 b/c trusty ships with 2.4.7
<pmatulis> (14.04 = trusty)
<OpenTokix> pmatulis: I am guessing some idiot developer gagging for the 0.0.2 difference
<tarvid> I can run the rsync backwards,  I don't want to push homes
<pmatulis> heh heh, gagging
<OpenTokix> =)
<aboSamoor> Hi all, I upgraded my ubuntu server on my gateway, and the connectivity with the internet stopped working, I am not sure how to debug what happened, is there any default values changed in the new ubuntu, everything used to work
<markthomas> aboSamoor, the first thing I would check is your network interfaces and the routing table to make sure they're intact.  Have you done this?
<aboSamoor> markthomas: my /etc file is kept under etckeeper, I could not see anything that should the networking changed, I am kind of lost, do not know which tool I should use to debug the situation. The gateway runs DHCP, DNS, NIS and the local network services running really fine, it is just the gateway can not connect to the internet. One more thing, the gateway is able to ping the router it is behind.
<markthomas> aboSamoor okay, so that's a partial answer to my question.
<markthomas> If you can ping out, then it's likely that the external interface and at least a portion of the routing table are correct.  You may want to run netstat -rn (or route) and verify that the default route is set up correctly.  Then, check that IP forwarding is enabled, and check your iptables rules
<markthomas> aboSamoor, cat /proc/sys/net/ipv4/ip_forward
<aboSamoor> markthomas: after two days of work
<aboSamoor> markthomas: and nothing worked, I just restarted it and it works
<aboSamoor> markthomas: :-D, man you are a miracle, I do not know what happened, but it works
<tarvid> Managed to revert but the process was ugly
<s0x_> hey guys ... im trying to setup an ubuntu server atm but am struggling with setting the domain for it. It gets its ip from an existing DNS but the domain should be set manually. I tried to add a domain entry into /etc/resolvconf/resolv.conf.d/head so it does add it to resolv.conf. Even though hostname -d or -f does not recognize the domain
<s0x_> there is hardly any documentation online how to properly set the domain name ... could anyone give me a bit of support?
<markthomas> s0x_ have you tried adding the FQDN to /etc/hosts?
<markthomas> or adding the FQDN to /etc/hostname?  I'm not clear what the problem is, but one of those might help.
<s0x_> markthomas: thats not the proper way to do that, is it?
<s0x_> if you do so hostname acts kind of weired
<s0x_> hostname gives you the fqdn while hostname -f does not
<markthomas> s0x_ the question is, what problem are you trying to solve?
<s0x_> i tried that earlier
<markthomas> FQDN is a function of DNS.  I'm not sure what behavior on the local system you're trying to modify.
<s0x_> we are setting up a private cloud over hear ... and there is no way to influence the dns that it could give us the domainname
<markthomas> Okay, working in a cloud environment is 1000x more complex than setting up "a server"
<s0x_> it is actually just a couple of vm's inside a dmz which act as kind of a mini cloud
<markthomas> You mentioned "it gets its IP from an existing DNS" and I'm not sure from that what your setup is.
<markthomas> Since IPs are not assigned by a DNS server.
<ryan_turner|MTW> so all you're really trying to do is set the fqdn
<markthomas> Okay, so you have two VMs.  And these have statically-assigned IPs?
<s0x_> aehhh sry DHCP
<s0x_> just a typo :D
<s0x_> no DNS at all :p
<markthomas> Okay.  What are you trying to solve by assigning server IPs by DHCP?
<markthomas> Because if you want to use DHCP to assign IPs and you want the hostnames to resolve, you have to have dynamic DNS set up.
<markthomas> For such a tiny setup, would you not be better off using static IPs?
<s0x_> these are public ips so there is no way to set them statically
<ryan_turner|MTW> ^^ which most of the time is unnecessary
<markthomas> That statement in itself is not accurate.  Who is issuing the IPs?
<s0x_> well ... we are deployin machines on demand
<ryan_turner|MTW> coulsnt be dhcp
<s0x_> an existing DHCP we cant influence
<lordievader> Good evening.
<ryan_turner|MTW> set your fqdn and then have your dns folks give you a dyndns script.
<markthomas> Okay.  So back to my initial question: if this is external DNS resolution, you will need a properly-configured dynamic DNS.  If not...then what are you trying to solve?
<s0x_> well ... we have to setup the FQDN manually ... .there is no point in discussin if that makes sense ...
<ryan_turner|MTW> Reading your original question, all you're asking is how do you ignore the domain-name given during dhcp negotiation?
<s0x_> i dont get one!
<ryan_turner|MTW> Then that's your DHCP server configuration's issue.
<ryan_turner|MTW> But in all honesty that's not really... normal
<ryan_turner|MTW> it's usually a search domain that it gives out
<lock> Is there any way to check if a NIC is supportted on ubuntu?
<markthomas> s0x_ when you don't have a FQDN assigned by DHCP, what affect is it having?
<sarnold> lock: easiest is to just try; next easiest is to look through e.g. http://www.ubuntu.com/certification/catalog/search/?query=nic
<sarnold> lock: you could also look for model number or chipset numbers in /lib/modules/`uname -r`/kernel/drivers/net
<lock> thank you sarnold
<med_> jamespage, have you ever had kernel panics using neutron with VXLAN?
 * med_ is stuck in kernel panics on a neutron node
<genii> jahayes91: If you just state ( as briefly as possible) the actual type of help you need into the channel, someone may know how to assist you.
<genii> Like, if you're having a specific question about setting up your dhcp server, etc
<jahayes91> I'm looking for some help with isc-dhcp server
<jahayes91> Ah apologies, I'm having issues with starting the service. I have it all installed and configured as far as I can see.
<genii> jahayes91: If you put what's in your /etc/dhcp/dhcpd.conf into a pastebin for us to see please :)
<jahayes91> Sure
<jahayes91> http://pastebin.com/WNi5Q9XE Thanks guys :)
<jahayes91> http://pastebin.com/WNi5Q9XE Thanks guys :)
<sarnold> hey jahayes91, you didn't miss anything while you were gone
<jahayes91> New to this irc business... I think i managed to disconnect myself...
<sarnold> you did :) but just for twenty seconds
<forrest> Hi guys, is anyone familiar enough with febootstrap to know why this error:febootstrap: aptitude: error: no file was downloaded corresponding to package dpkg would be generated when running  update-guestfs-appliance? I've already reviewed the relevant search via google and confirmed I am running febootstrap 3.14-2. This is on a 12.04 machine.
<znf> Hello.
<znf> Can someone give me a hint of how to configure the network interface with dhcp on a server? I did edit /etc/networking/interfaces but it doesn't do anything after reboot, just like I haven't touched it
<sarnold> znf: can you pastebin your /etc/network/interfaces? someone might be able to give it a look (lunchtime for me ;)
<znf> nevermind, I somehow typed "auth eth0" instead of "auto eth0"
<cloudman> Hi is mod_expires.c installed as default on 12.04?
<zartoosh> HI I am using ubuntu 12.04. The top command indicates one of the applications are running %172  how is that possible?
<cloudman> Hi is mod_expires.c installed as default on Buntu12.04?
<cloudman> and mod_headers.c
<cloudman> I cannot locate them on a system
<sarnold> zartoosh: one core = 100% -- so your application is using 1.72 cpu cores.
<zartoosh> sarnold, thanks
<tarvid> I have a remote machine with 13.10 desktop. I want to load 14.04 server. I can access the 13.10 desktop with ssh
<sarnold> tarvid: do-release-upgrade ought to get you there
<tarvid> I suppose the remnants of the desktop installation will not be all that significant
<sarnold> ?
<tarvid> It has 13.10 desktop installed
<tarvid> but do-release-upgrade is running
<sarnold> do-release-upgrade can upgrade desktops :)
<tarvid> I am going to make it a server and I have this lingering attachment to the rubric that real servers don't run desktop
<sarnold> ah :) feel free to apt-get purge whatver you don't want to keep, either before or after the upgrade.
<tarvid> but frankly, I don't give a damn as long as it works reasonably well
<tarvid> shbouldn
<tarvid> t be too hard to make a recovery partition
<genitrust_> hey everyone! i have a server that is giving the internet to all other computers on the network through eth1  192.168.0.1
<genitrust_> ...but for the machines (there are many) that grab the DNS automatically from my gateway, how do I tell these machines to use 8.8.8.8 as the default DNS?
<sarnold> genitrust_: why not run a caching recursor yourself?
<genitrust_> sure why not? i mean if that helps us solve this , great :D
<sarnold> genitrust_: I've used powerdns recursor and enjoyed it :)
<genitrust_> is that somethign i can apt-get install ? :D
<sarnold> genitrust_: package pdns-recursor -- some online documentation (of newer version, of course) is at http://doc.powerdns.com/html/built-in-recursor.html
<genitrust_> instead of us logging into every machine and saying, "ok use 8.8.8.8 every time you boot up!" ... we want to have our gateway tell the machines, "hey dumbass, use 8.8.8.8 for your DNS, not 127.0.0.1"
#ubuntu-server 2014-06-13
<znf> instead of using multiple packages
<znf> you should just use dnsmasq
<sarnold> genitrust_: anyway, you can do that if you're assigning addresses with dhcp, you can tell them to use an IP for DNS that way
<znf> dnsmasq does everything you need, perfect for small lans
<znf> dns, dhcp, tftp etc.
<genitrust_> all of the machines are static
<genitrust_> i guess we will just have to set them up on each machine :(
<genitrust_> How to get iptables saved after rebooting??
<tarvid> tasksel: aptitude failed (100)
<tarvid> apt-get install -f throws errors
<tarvid> apt-get purge dictionaries-common restores equanimity
<mdeslaur> soren: dude, happy birthday. :P
<ddsss_> say I wrote a daemon. Right now it's just a binary that forks, syslogs and does some work inside of a while(1) loop. How would I create a .deb package with separate logging file in /var/log/mydaemon and config in /etc/mydaemon or something?
<jrwren> ddsss_: write a makefile which follow DFHS (or use autotools to do the same) and then  make a tarball out of that and use dh_make to debianize it
<jrwren> see the new maintainers guide for details
<riz0n> Is Ubuntu 12.04.1 released yet?
<riz0n> errr 14.04.1
<sarnold> riz0n: not yet, no
<riz0n> Thanks. Was just wondering so I could update my 10.04 server to it
<riz0n> Looks like the schedule date is July 24th.
<teward> sarnold: wouldnt he have to go to 12.04 before 14.04?  Or did I misunderstand LTS-to-LTS upgrade paths
<Kawaiola> Hey guys so I built a ubuntu server 14.04 and I made a habit of always logging in as root which was fine until I had a co worker ftp into the server and need access to files as sudo
<Kawaiola> So I changed the owner and the group to the sudo account now when I try to do anything as sudo or as root I get this error messege
<Kawaiola> sudo: /etc/sudoers is owned by uid 100, should be 0
<Kawaiola> Anyone have an idea of what I have done and if it is possible to fix it in all honesty this is my first run at linux I know enough to get around because all the phone systems I work on are unix based
<Kawaiola> So I read a lot and knew how to get around enough to make it work but I can't do anything at this point
<Kawaiola> I went online and looked around before I came to this channel and it looks like people have fixed it in a few ways but none of them seem to work for me and I think it might be because I'm running ubuntu server on a vm but I'm not sure if that makes a difference or not
<soren> mdeslaur: Thanks :9
<soren> mdeslaur: Um, that was meant to be a ":)" :)
<Oplex> anyone awake in here
<mardraum> looks like you are
<Oplex> yo
<caitanya> up and running :)
<Oplex> is there anything out there already that can parse distrowatch for all netboot installation links
<Oplex> trying to create a mega menu for a home pxe server
<caitanya> mega menu ?
<caitanya> ouh. got it
<Oplex> yah.. seems fun enough
<caitanya> dÃ¤mn. i called my isp tech support cause i wanted own domain and a reversr-dns but it was not  possible for normal consumers
<caitanya> i gave some feedback to them
<caitanya> allready paying 60e a month to them
<caitanya> 2 phones and a 4g internet with open ports
<caitanya> one dynamic ip but a fixed ip would cost +8e a month but didnt take it if i cant get a reverse-dns
<caitanya> :(
<Oplex> been using cloudflare's service with dd-wrt ddns feature
<Oplex> https://cloudflare-updater.appspot.com/
<caitanya> i'd buy a cheap vps but i like more of the idea of having a own ssh-sever in my own apartment
<soren> caitanya: You don't need reverse dns for that.
<caitanya> soren: i want it to be "displayed" in irc so i need reverse
<caitanya> i got dyndns offcourse
<caitanya> i dont even need vhosts like *.skizo.fi, just *!*@skizo.fi would satisfy me
<caitanya> its hard to get other admins to op people cumming from my dhcp-dns address
<caitanya> and i primarily use IRCnet
<caitanya> stupid ircnet, but most are just too lazy to use multiple ircnets
<soren> caitanya: Sounds like you have an IRC problem, not a ISP problem to be honest.
<caitanya> soren: no, if i connect from my sh server and have my own domain my isp makes r-dns allways to their hostname
<soren> caitanya: I understand.
<soren> caitanya: Just like EVERONE ELSE ON THE PLANET.
<caitanya> i think my isp is stupid. they dont want my moneys :D
<soren> caitanya: And for everyone else on the planet, it's not a problem.
<soren> caitanya: You have a problem with IRC that you're trying to fix by talking to your ISP.
<caitanya> soren: ok. now im interested
<caitanya> how do i get my host <hidden>.allowed.org to be seen as my irssi users reverse-dns in IRCnet or any ircnet ?
<soren> caitanya: You should talk to IRCnet about this.
<caitanya> k
<caitanya> but the same problem is also with every ircnet
<caitanya> i really dont understand how could i fix this
<caitanya> gotta google
<caitanya> http://superuser.com/questions/439483/is-the-reverse-dns-lookup-performed-by-irc-networks-usually-validated-against-th
<caitanya> damn tablet. hard to use copy/paste
<caitanya> ok so it is a problem with ircnets and not my isp
<caitanya> but the solution would still be to have isp set r-dns pointing to my domain
<caitanya> or then just make ircnets to allow "spoofing" by giving users tonpoint rdns to domains they dont even own
<caitanya> *to point
<caitanya> after reading that superuser.com article
<Oplex> is there a all preseed links on distrowatch
<soren> caitanya: That's nonsense.
<soren> caitanya: Why would IRCnets fake something to fool their own checks?
<soren> caitanya: Look, for Freenode, for instance, I just register when I log on. Using a password.
<soren> caitanya: Sorry, not register. Identify.
<soren> caitanya: And then my hostname gets replaced with ubuntu/member/soren. For others, it'd be something else.
<caitanya> soren: freenode just supports hostname cloaking but i am talking about reverse dns not ircnets abilities
<soren> caitanya: But you say you want reverse dns because of something related to IRC, right?
<caitanya> yeah
<soren> Ok, so that doesn't make any sense, does it?
<caitanya> but if id had reverse dns done/allowed by my isp then it would be seen every were that checks reverse
<soren> You're say you're talking about reverse dns, not ircnet's abilities, but you're wanting to deal with reverse dns, *BECAUSE* of ircnet's abilities.
<caitanya> soren: true reverse dns
<caitanya> did u read that superuser.com article and u understand that my ip allways is pointing to my isp's hostname
<soren> caitanya: I didn't read it, no.
<soren> caitanya: But EVERY ISP ON THE PLANET DOES THINGS THIS WAY.
<soren> caitanya: You're trying to fix the wrong problem.
<soren> ...and this is about as much time I'm willing to spend convincing you of that. If you insist on fixing the wrong problem, enjoy and good luck. You'll probably not succeed, but if you do, you'll be forever stuck with that ISP, because you'll be avoiding this (wrong) problem.
<Ben64> how is any of this an ubuntu server issue?
<caitanya> off topic
<soren> Yeah, there's that, too.
<Ben64> if you want a reverse dns, get an ip that you can do that with. problem solved
<soren> She (he?) doesn't want reverse dns. She (he?) wants... to have ops on IRCnet or something along those lines.
<soren> Phrasing it as a reverse dns problem is disingenuous.
<soren> Basing any sort of security on reverse DNS lookups is mental. Noone does that.
<Ben64> i kind of skimmed it but it really seems like more of a rdns thing
<soren> Because you can change it. that's the whole point.
<soren> This problem has exactly nothing to do with rdns. Nothing. Not a bit.
<caitanya> soren: propably every isp in finland allways makes rdns to their stupid hostname no matter how many domains or fixed ip's i'd own
<soren> caitanya: EVERY ISP ON THE PLANET.
<Ben64> caitanya: what is your actual goal
<caitanya> ffs
<caitanya> knows
<caitanya> again: having a fixed ip from my isp and getting rdns to my domain
<Ben64> then get an ip from somewhere that allows you to do that, done
<soren> YOU DONT NEED REVERSE DNS!
<Ben64> hey if caitanya wants rdns, whats the problem with that
<soren> caitanya: Ok, suppose you got an IP and set your rdns to point to foo.caytanya.fi or whatever.
<caitanya> ben64:  and how could i get my isp allowing me to get ip from not them if i'm stuck using their fixed or dynamic ip and theyr dns server which makes my rdns record ?
<soren> Suppose I do THE EXACT SAME THING.
<soren> CAn you trust that reverse dns for anything? No.
<soren> Does anyone in their right mind trust it for anything? No.
<ben64_> see, i got rdns. it's super sweet
<soren> I give up. This is a joke. You're fixing the wrong problem. Have fun with that.
<Ben64> caitanya: if your isp doesn't let you change the rdns, then you can't change it. find somewhere (usually datacenters and other hosting things) that will let you
<soren> Ben64: WRONG PROBLEM!
<Ben64> soren: i really think you're misunderstanding it.
<soren> Pray tell.
<caitanya> ben64: that is the idea
<Ben64> i re-read the whole thing, seems like caitanya just wants it
<Ben64> not for any specific purpose, besides it looking cooler
<caitanya> i agree with ben64 soren
<soren> caitanya: Of course you do.
<soren> caitanya: You're human.
<soren> Hmm.. At least I think you are.
<soren> Anyway..
<caitanya> no, im a fallen arch-angel ;)
<soren> caitanya: Humans are much more likely to agree with anything that reinforces views they already hold, regardless of reason or facts.
<caitanya> at least i believe
<soren> caitanya: Do you want rdns because it looks cool or do you think having rdns will solve some problem for you?
<caitanya> it does not solve anything. period.
<caitanya> except my irc-shell hosting would have a neat hostame every where that rdns is checked
<Ben64> then the real answer is get a real server in a real datacenter and stop using residential connections for servering
<caitanya> even on myip.is rdns check just to clarify
<caitanya> ben64: i have said that already above
<caitanya> i have a vps
<maswan> Or get a real ISP to deliver service to your home instead of a crappy second class citizen residental ISP
<caitanya> and 2 domains
<Ben64> vps isn't real
<soren> Netflix doesn't exist?
<caitanya> and im below eu-defined poverty definition
<caitanya> so getting vps is and option but i have 3 users on my sever in home
<caitanya> so a vps eould be overkill
<caitanya> dÃ¤mn tablet "keyboard"
<caitanya> and im not gonna make accounts on my vps that is reserved for my commercial projects
<caitanya> i dont even use it to irc because it cant be updated because its an old gentoo with broken portage
<caitanya> so has many security issues because i cant get security updates
<caitanya> and calling my vps provider would charge me too much if id want ubuntu server and all data and confugurations to work
<caitanya> and downtime costs money
<caitanya> which i dont have
<caitanya> every thing would be ok if that stupid portage would work
<Ben64> so you have commercial products on a broken vps
<Ben64> lol.
<caitanya> *every* thing broken on portage
<caitanya> ben64: not that much commercial
<caitanya> ben64: one solution with out downtime would be to buy another vps and doing it manually but overlapping vps prives are too much for my budget
<caitanya> *prices
<Ben64> so your solution is to be completely insecure. good plan
<caitanya> ben64: there are no remote exploits
<caitanya> just local
<caitanya> so giving access there for my "friends" is not an option cause im paranoid by security
<Ben64> not paranoid enough if you don't care about updates
<caitanya> ben64: no remote exploits and a broken gentoo
<caitanya> just local exploits so giving access is something that makes me loose my ability to sleep
<caitanya> i have already said that chancing gentoo to ubuntu would fix every thing but is takes too much money and configuration time
<caitanya> i have a solution for my home ssh server
<caitanya> calling tech support today
<HackVictim1001> evening y'all
<caribou> smoser: rbasak: I'm listening to yesterday's systemd UOS session and just had a wild idea : woudn't it be possible to kexec to systemd from upstart ?
<histo> lol
<rbasak> caribou: possible - yes, I guess. But what would be the advantage over a reboot? Some saved time?
<caribou> rbasak: mostly for interim test purposes
<caribou> rbasak: especially for cloud instances if possible
<caribou> rbasak: a bit like what smoser talked regarding reboot after kernel upgrade
<rbasak> caribou: from the point of view of the distribution on the system (both kernel and userspace), I guess a kexec is pretty much identical to a reboot.
<rbasak> So I think it could work and you can do it.
<caribou> rbasak: well, you save on instantiation time on cloud & H/W + F/W initialization on bare metal
<caribou> rbasak: again, this could be just a kludge for testing the migration to systemd
<caribou> rbasak: I'll keep it in the back of my mind & try to test it if I get time
<rbasak> caribou: my concern is that, as a hack, it might be difficult to tell the difference between an issue with the systemd setup in distro, and an issue caused by the kexec attempt.
<caribou> rbasak: true
<rbasak> caribou: for testing, I think I'd prefer to just hack the image and modify /sbin/init or something.
<rbasak> caribou: smoser's mount-image-callback makes this easy and scriptable
<caribou> well both this talk & the simplestreams demo made my day; was well worth the time reviewing the recording
<rbasak> Thanks! kexec is a neat idea - I'm just not sure what it gains us in this particular situation.
<jamespage> coreycb, looking at 2014.1.1 now
<coreycb> jamespage, thanks
<jamespage> coreycb, just hit fixed bugs in the NSX support in neutron :-)
<jamespage> coreycb, hmm - the icehouse branch has utopic entries....
<coreycb> jamespage, yeah...
<coreycb> jamespage, wasn't sure about that
<jamespage> coreycb, its because we don't do an new upload with just the Vcs fields changed at the opening of utopic
<jamespage> we should do
<coreycb> jamespage, ok - btw  I think only neutron has utopic entries
<jamespage> coreycb, tis OK - I can fix it
<coreycb> jamespage, thanks
<Kully> Hey all; how can I set up a bind to run at startup?
<ikonia> Kully: it does by default
<ikonia> the init script launches it at startup
<jamespage> coreycb, urgh - looks like six>=1.6.0 is all over the place
<coreycb> jamespage, oh?
<jamespage> coreycb, yeah - looks like it synced in from global requirements
<jamespage> coreycb, we only have 1.5.2 in trusty
<coreycb> jamespage, can we get 1.6.0 into trusty?
<jamespage> coreycb, no
<coreycb> jamespage, should they all get patched to 1.5.2?
<smoser> caribou, yeah, i had that same kind of thought.
<jamespage> coreycb, just thinking about it
<smoser> hm..
<caribou> smoser: I'll take that as a compliment ;-)
<smoser> it would work/
<smoser> right now we dont have kexec in our images
<smoser> so that means 'apt-get install kexec-utils'
<smoser> which is a pain
<smoser> but it could work.
<smoser> xnox, ping
<smoser> had a quesiotn on systemd
<smoser> will we support systemd as /sbin/init ?
<smoser> for this idea of "boot upstart, tell cloud-init to reboot into systemd"
<caribou> smoser: btw, since I've been adding kdump remote dump functionalities, I was also thinking of creating a subordinate charm to enable remote dumping
<smoser> that would work for grub
<smoser> but would not work for lxc
<caribou> smoser: this would also require adding kexec-tools. not related though
<smoser> or some other case where the kernel loader is external
<smoser> but cloud-init could dpkg-divert /sbin/init and hook up systemd there
<smoser> and then we'd be good to go
<smoser> and we could test just as easily in lxc as we kvm.
<xnox> smoser: holla =)
<xnox> smoser: at the moment to boot with systemd one must pass kernel cmdline option init=/lib/systemd/systemd
<xnox> smoser: at the moment we do not support installing systemd-sysv with upstart for e.g. systemd to take over /sbin/init binary.
<xnox> smoser: you can crudely do $ cp /lib/systemd/systemd /sbin/init
<xnox> smoser: that would break booting user-session desktop =) but you wouldn't care about that ;-)
<xnox> smoser: i believe/hope that in 16.04 /sbin/init will ifact be systemd binary.
<genii> Is there any way to revert from using biosdevname to the 70-persistent-net.rules ?
<smoser> xnox, well, sure i'd hope that too for 16.04
<smoser> but containing "what is the init system" *INSIDE THE SYSTEM* is just cleaner
<smoser> i'd probably dpkg-divert rather than 'cp'
<smoser> i do see that as easier than poking around at grub config.
<xnox> smoser: grub config is easy.
<xnox> smoser: we have now /etc/default/grub.d where one can drop your own snippets and they get applied.
<xnox> GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT init=/lib/systemd/systemd"
<xnox> and update-grub
<xnox> if that at all works with grub-<ec2 thing variant>
<xnox> smoser: whilst reboot into systemd is interesting, the more fun case would be to boot the cloud-image into systemd direct.
<xnox> smoser: when booting cloud-image with e.g. lxc-container or qemu one can typically pass the init= param
<xnox> and then if all cloud-init stuff just works(tm) we are good to go.
<zul> jamespage: ping
<jamespage> zul, hey
<zul> jamespage:  can you check to see if im missing anything obvious? https://jenkins.qa.ubuntu.com/job/utopic-adt-neutron/43/ARCH=i386,label=adt/
<smoser> xnox, grub-config is not easy.
<smoser> 'update-grub' is about 1000 times more overhead than 'dpkg-divert'
<jamespage> zul, apt0t-neutron-daemons FAIL non-zero exit status 1
<xnox> smoser: yeah.
<jamespage> zul, look at the bug report that pitti assigned you
<zul> jamespage:  oh
<smoser> and, yeah, on amazon we also have that 'grub-legacy-ec2' thing that updates /boot/grub/menu.lst
<smoser> and it does not (and argubly should not) read /etc/default/grub.d
<jamespage> zul, basically unless the service is fully configured, it will exit on startup
<zul> jamespage:  right
<smoser> (since that is grub2 config and it is a grub1 config writer :)
<smoser> also, the fact that running 'update-grub' a.) wont work in lxc
<smoser> b.) wouldn't do what you wanted even if it didnt fail
<smoser> (maybe it doesn't fail nay more , but at one point it would fail, exiting non-zero)
<smoser> so that really leads me to want to change my /sbin/init
<jamespage> coreycb, nova + neutron did not resync but everything else did :-(
<coreycb> jamespage, ok I'll refresh the rest of the branches with requirements.txt patches
<jamespage> coreycb, +1 thanks
<coreycb> jamespage, no problemo
<jamespage> coreycb, I'll hold off uploads until we have the complete set :-
<coreycb> jamespage, sounds good
<Kully> ikonia: sorry for the delay; I'm trying to run a mount --bind /vol/bind/www /var/www at startup, this doesn't happen automatically
<ikonia> ahh you mean a bind mount point
<ikonia> sorry
<ikonia> I thought you mean bind as in the named application
<Kully> sorry for not being clean
<ikonia> put it in fstab, I 'think' the file system type is "bind" but you'd need to check that
<Kully> ikonia: thanks! added /olddir /newdir none bind 0 0 to fstab
<Kully> worked great
<zul> jamespage:  btw ceilometer doesnt ship a configuration file anymore
<jamespage> zul, interesting - why not?
<zul> jamespage:  gate failures looks like it https://github.com/openstack/ceilometer/commit/7dab3be0175fd9214fc2b40e112e53573a6d5362
<jamespage> zul, "bash tools/config/generate_sample.sh -b . -p ceilometer -o etc/ceilometer"
<jamespage> lets generate it instead!
<zul> yeah
<sarnold> teward: probably for an important machine I'd be conservative and upgrade 10.04 to 12.04 before 14.04.
<Yaannnn> Hi !
<Yaannnn> I have trouble NATing 10gbits with 1000 1-to-1 rules and many flows
<Yaannnn> it doesn't reaches 10gbit/s
<Yaannnn> reach *
<Yaannnn> I tryed with normal iptables, XTables with rawdnat and DNETMAP, tc
<Yaannnn> Did anybody experience with this kind of setup ?
<smoser> hallyn, ping
<smoser> say i were to do this:
<smoser>  qemu ... -serial pty
<smoser> it makes a pty for me.
<smoser> any easy way to connect to that ?
<hallyn> smoser: hm, i usually do it over a tcp server
<hallyn> i.e. -serial tcp:192.168.0.2:4444  (from manpage)
<coreycb> jamespage, I've pushed the rest of the 2014.1.1 branches
<chuck__> hallyn:  no change
<iman> Hi, I have ubuntu server and some times in a day my server gets slow, I am thinking someone is attacking my server, can u let me know how can I monitor server bandwidth or something like that to understand what happen for my server
<iman> I use nload but i just show me incoming and outgoing
<Rimminen> Erm, how can I enable mcrypt on my PHP/apache setup? I've installed it with apt-get but it doesn't show up on php5 --version.
#ubuntu-server 2014-06-14
<hallyn> zul: meaning libvirt ftbfs?
<tgm4883> On an openldap server, can I just delete the contents of /var/lib/ldap/accesslog/ or is there another way to get rid of those?
<tgm4883> currently taking about 29GB of disk space
<sarnold> ouch :)
<sarnold> maybe there's a nice way to integrate openldap with logrotate, so you don't have to think of it again
<tgm4883> sarnold: well I'm not 100% sure that they are just regular logs
<sarnold> tgm4883: oh, you figure they may be more like an online database instead?
<tgm4883> yea, not sure if openldap is using them for something instead of output logs
<tgm4883> the files are binary it seems
<sarnold> tgm4883: could be, this looks Complicated[tm]: http://www.zytrax.com/books/ldap/ch6/accesslog.html
<sarnold> tgm4883: but 'logpurge' looks promising -- does this look right?
<tgm4883> yea that might be it
<zul> hallyn:  yep
<pmatulis> tgm4883: accesslog is not a default setting.  you can remove that feature/overlay completely if you want.  it's purpose is to provide extra logs regarding DIT access
<pmatulis> s/it's/its
<fridaynext> Why are there so many Plex processes running on my media server?  Is that just the way plex works?
<fridaynext> https://lh3.googleusercontent.com/-4UHuLRNbDxE/U5u98Hor-BI/AAAAAAAAGqE/rfvbcF44ORc/s800/Screen%2520Shot%25202014-06-13%2520at%252010.06.47%2520PM.png
<dkorras> Hi all. please can someone help me. I have a headless media server (Plex) that i need the "Server" pc to sleep when noon e is watching any media from Plex
<rahuldroy> hi guys, I am getting a "exit signal Segmentation fault (11)" error on my apache error logs. Can someone help me with this...
<rahuldroy> hi guys, I am getting a "exit signal Segmentation fault (11)" error on my apache error logs. Can someone help me with this...
<SCHAAP137> rahuldroy: just a description of the error is not enough for us to help you, we would need more info. After what change has it stopped working?
<Guest38970> Hi there. I'm having trouble with GRUB on a RAID setup. If I unplug the second drive (sdb), the machine boots fine. If I unplug the first drive (sda), GRUB displays the boot menu, acts like it's started booting and then the machine reboots to the BIOS.
<Guest38970> This is md RAID-1 with LVM on top. md0 is /boot, md1 is the LVM.
<Guest38970> Partitioning is GPT
<mojtaba> Does anybody know how can I load balance a web server between several machines?
<davidparker> Hi everyone! What is the quickest way to get a wordpress or drupal install running on my LAMP stack on my new ubuntu-server install? Fully integrated with the MySQL database, etc.?
<jpds> davidparker: sudo apt-get install wordpress ?
<jpds> davidparker: It is going to need some configuration, of course.
<jpds> davidparker: Alternative is to use Juju: https://juju.ubuntu.com/
#ubuntu-server 2014-06-15
<fridaynext> does anyone know of a wmv codec that will allow plex to transcode wmv's (in ubuntu 12.04) ?
<Nautilus> typically, what would a good setting for the owner:group of /var? root:root?  And does that fo for /var/www?
<Nautilus> go for*
<genii> Nautilus: root:root for /var and www-data:www-data for /var/www
<genii> ( because that's the user Apache and other httpd typically run under in Ubuntu)
<Nautilus> ok, that seems to make sense. researching commands
<Nautilus> what kind of perms on /var/www then? 2755?
<Nautilus> or maybe I just do that on /var/www/this_individual_site
<Nautilus> so confused ;)
<genii> Nautilus: http://askubuntu.com/questions/386928/default-permissions-for-var-www
<Nautilus> genii: answer #2 there?
<genii> Pretty much
<Nautilus> I think that indicates the owner should be my username, and group as www-data. eg: naut:www-data   ... that seem good?
<qman__> www-data is not supposed to own /var/www
<qman__> it should be root.root
<qman__> apache doesn't need to own the files to read them
<qman__> you can optionally create a new group for web content management and have that group own the files to make it easier to change the sites
<qman__> genii: ^; changing the owner to www-data is a security hole and a bad idea
<genii> qman__: I realized my mistake after they had left :(
<isNoOp> Hey folks.  In cloud-init, is it possible to write arbitrary files with the contents of a URL?
<histo> isNoOp: what?
<histo> isNoOp: You could use something like tmux or screen and copy and paste
<isNoOp> Sorry, I think we're talking about different things.  Cloud-init is non-interactive boot time automation.
<isNoOp> http://cloudinit.readthedocs.org/en/latest/topics/examples.html#writing-out-arbitrary-files
<dkorras> Hi everyone. i have setup WOL for my ubuntu os and once the PC returns from suspend, the only active WOL mode is g (magic packet), how can i get it to permanently remain on all modes WOL active
<Marek1211> How can I manage Openstack cloud with Landscape as one system instead of individual nodes?
<Marek1211> http://blog.canonical.com/wp-content/uploads//Screenshot-for-F2.png
<Marek1211> i have free 30 days account
<bekks> An openstack cloud consists of individual nodes which can be managed individually.
<Marek1211> i know it does, but the screenshot above shows management of the cloud as the whole thing...i think this is not supported anymore
<rbasak> Marek1211: I believe you can do that. There have been many Openstack-related enhancements to Landscape recently, too.
<rbasak> Marek1211: being Sunday I'm not sure there are many Landscape folks around right now. Monday working hours might be better time to ask.
<ledrog> Hello guys. I'm trying to set up apache2 as reverse proxy but can't enable ssl on it. I need some help.
<ledrog> It is working on port 80, but can't set up 443.
<bekks> Why not?
<bekks> Can't you use port 443 or cant you setup SSL?
<ledrog> Can't set up ssl.
<ledrog> Sorry
<ledrog> Any example how to set up ssl?
<bekks> Why not?
<bekks> How are you trying to set it up?
<ledrog> wait
<ledrog> whta do you think about this
<ledrog> <VirtualHost *:443>
<ledrog>     <Proxy *>
<ledrog>         AddDefaultCharset off
<ledrog>         Order deny,allow
<ledrog>         Allow from all
<ledrog>         #Allow from .example.com
<ledrog>     </Proxy>
<ledrog>  ServerName x21.my.domain.com
<ledrog>  SSLEngine on
<ledrog>  SSLCertificateFile           /etc/apache2/ssl/testing.crt
<ledrog>  SSLCertificateKeyFile /etc/apache2/ssl/testing.key
<ledrog>  ProxyPreserveHost On
<ledrog>  ProxyRequests off
<ledrog>  ProxyPass / https://192.168.0.21/
<ledrog>  ProxyPassReverse / https://192.168.0.21/
<ledrog> </VirtualHost>
<bekks> It is spam.
<bekks> USe a pastebin instead.
<ledrog> I don't know how to use pastebin.
<ledrog> The thing is when  enabled ssl mod apache2 stops.
<ledrog> I doesn't works.
<ledrog> It doesn't works.
<bekks> !pastebin | ledrog
<ubottu> ledrog: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<mwhudson> does ubuntu work ok, generally speaking, with nfsroot?
<mwhudson> because it's not working for me right now but well, pre-prod hw and stuff
#ubuntu-server 2015-06-08
<jamespage> gnuoy, python-logutils	Liam Young <liam.young@canonical.com> (James Page <james.page@ubuntu.com>)
<jamespage> showing up on my merge report for wily if you want todo that
<gnuoy> jamespage, ack
<zzxc> Hey. Does anyone know if its possible to have mutliple machines on the same Subdomain, where the url path determines wheres to which machine the connection goes?
<roaksoax> exit
<zzxc> roaksoax: I think you may have a slash.
<smoser> strikov, around ?
<strikov> smoser: yep
<smoser> it seems that multipath might hav efoobarred some stuff
<smoser> getting a console log for you just a minute.
<strikov> smoser: i wonder if this machine has multipath or not?
<smoser> $ PS1="$ "
<smoser> $ for d in /dev/sda /dev/sdb; do echo "$d:" $(sudo /lib/udev/scsi_id --replace-whitespace --whitelisted --device=$d); done
<smoser> /dev/sda: 35000c5001feb99f0
<smoser> /dev/sdb: 35000c5001feb99f0
<smoser> it does not have mlutipath
<smoser> but it is identified as such. because we have the same scsi_ids
<smoser> nice, eh?
<strikov> smoser: such a naming is not multipath-friendly at all; i don't mean curtin-multipath but multipath in general;
<smoser> right
<smoser> interestingly..
<strikov> smoser: i suspect that if you manually install multipath-tools there machine won't boot
<smoser> if i drop hte '--whitelisted' flag, i get ''
<smoser> strikov, yeah, its completely a bug there.
<smoser> strikov, '--whitelisted'
<smoser>    --whitelisted                 threat device as whitelisted
<strikov> smoser: 'The --whitelisted option must be specified on the command line or in the scsi_id configuration file for scsi_id to generate any output.'
<smoser> where'd you come up with that flag.
<smoser> ?
<smoser> really? where did you see that
<strikov> smoser: http://linux.die.net/man/8/scsi_id
<smoser> strikov, i think back to blkid then.
<smoser> we created a root filesystem on a device
<smoser> outside of UUID collision if we see other devices with that UUID, we can assume multipath
<smoser> right?
<strikov> smoser: raid1
<strikov> smoser: scsi_id used with --whitelisted inside 60-persistent-storage
<smoser> well, we a.) dont set up raid1
<strikov> smoser: i probably took it from there
<smoser> b.) would know if we did
<smoser> right?
<strikov> smoser: we don't create multipath as well, system has it by default; same with raid1
<strikov> smoser: we may mix some additional bytes into what we get from scsi_id
<smoser> smb, https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1462530
<smoser> what did you mean there ?
<smoser> you want multipath -ll output ?
<smoser> no iscsi in place.
<strikov> smoser: not me, smb
<smoser> these are power8 systems like yours that have multipath on internal devices
<smoser> strikov, that suggestion might work also.
<strikov> smoser: oh, sorry, i misread the nick :)
<smb> smoser, whatever info to know what the environment looks like
<smb> smoser, at least multipath -ll to see how the devices got arranged
<smoser> smb, sure. i can do that. i suspect if you try this on the power8 system that you have access too, you'lll see it also
<smoser> smb, i'm pretty sure you have a power8 system, right? if not i can get you to that one
<smb> smoser, we should have one but I have not yet had need for access
<smb> and then I would not know whether the hw is the same and resulting whether things look the same
<strikov> smoser: okay, i think i know what's happening with that machines; i just read that scsi_id may return non-unique serial numbers for ATA/SATA devices;
<strikov> smoser: could you verify that hdds are indeed sata there?
<smoser> strikov, opened bug
<smoser> https://bugs.launchpad.net/ubuntu/+source/multipath-tools/+bug/1463046
<smoser> strikov, is lshw enough for you?
<strikov> smoser: i think so
<smoser> attached to bug.
<strikov> smoser: attach it to the bug please
<strikov> ack
<smoser> smb, all the power8 have these
<smb> strikov, hm... not sure but I thought the udev rules at least limited multipath to bus scsi but I would need to look
<strikov> smb: what i see is pretty strange, disk is 'ATA disk' but attached to 'scsi' bus as 'emulated'
<strikov> smb: i have no idea what it means
<smb> ah doh!. Yeah libata making all disks scsi-like
<strikov> smb: so we basically need to fetch the real nature of the device somehow
<strikov> smb: because scsi_id output for ata devices is not unique
<smb> strikov, one should how it would be. at least here it is different for those devices I could try quickly
<smb> I am not sure what is taken to get the number I see
<smoser> strikov, so smb tells me that you can have the IO use both links
<smoser> in multipath. that'd be a useful thing.
<strikov> smoser: smb: you mean some options to add to the default config?
<smoser> strikov, yeah.
<smoser> man multipath.conf
<smb> strikov, yep to change grouping to multibus
<Teduardo> Has anyone gotten apache2.4 logging to syslog properly for errorlog?
<smoser> it *says* its the defualt, but smb disabrees
<smoser> just have to set defaults path_grouping_policy = multibus
<Teduardo> doesnt seem to work at all for me
<strikov> smoser: what does multibus mean, i didn't get it
<strikov> smb: ^^
<smb> strikov, means all paths are usable at the same time
<smb> Which is not always true
<smb> Same storage servers need manual scsi magic to switch active paths
<strikov> smb: are you sure about it? i read it as grouping all disks into a single mpath0?
<smb> Or need time
<strikov> smb: you mean  path_grouping_policy = multibus, right?
<smb> strikov, yes, it depends on multipath -l, the multibus layout shows all sd* devices under the same path group
<smb> while failover shows multiple path groups with one device in them
<smb> strikov, whatever the man page says. I read that myself to be sure :)
<strikov> smb: i just can't figure out if it is related to performance only or it changes device naming
<strikov> smb: let's say we have two multipath pairs
<strikov> smb: will it merge them into a single /dev/mpath (which is wrong) or not?
<smb> strikov, it will always be a one mpath device but the way that is created differs
<strikov> smb: oh, so we can't have two for two separate pairs of disks?
<smb> strikov, I can give more explanation later. I  have to bail out for a bit right now (real world appointments and such)
<strikov> smb: ack, ping me when you return please
<strikov> smoser: could you run scsi_id with additional -p 0x80 option please
<smoser> $ for d in /dev/sda /dev/sdb; do echo "$d:" $(sudo /lib/udev/scsi_id --replace-whitespace --whitelisted -p 0x80 --device=$d); done
<smoser> /dev/sda: SATA_SMvDi02lGylQfF1qi02lGylQfF1qfjGL9Go6
<smoser> /dev/sdb: SATA_SMvDkoWziOynRqDDkoWziOynRqDDMpLqadMA
<smoser> strikov, ^
<strikov> smoser: interesting
<strikov> smoser: i really don't want to disturb you :( but could you get the same info from the power machine?
<strikov> smoser: from real multipath i mean
<smoser> strikov-lunch, lk.
<strikov-lunch> smoser: i read that ata devices need to be identified by the id from page 0x80 and i think that we may read the same page for scsi as well
<smoser> # for d in /dev/sd?; do echo "$d:" $(/lib/udev/scsi_id --replace-w
<smoser> hitespace --whitelisted -p 0x80 --device=$d); done                              /dev/sda:
<smoser> /dev/sdb:
<smoser> /dev/sdc:
<smoser> /dev/sdd:
<smoser> /dev/sde:
<smoser> /dev/sdf:
<smoser> /dev/sdg:
<smoser> /dev/sdh:
<strikov-lunch> smoser: okay
<smoser> /dev/sdi:
<smoser> /dev/sdj:
<smoser> /dev/sdk:
<smoser> /dev/sdl:
<smoser> /dev/sdm: SIET_VIRTUAL-DISK
<strikov-lunch> smoser: okay, so scsi disks don't have such info at all
<strikov-lunch> smoser: so my proposal is to create scsi_id by combining 0x83 output (default) and 0x80 output
<strikov-lunch> smoser: this id should be truly unique
<patdk-wk> why is it not using the wwn from scsi?
<strikov-lunch> smoser: does scsi_id return any errors with 0x80 or just empty string?
<strikov-lunch> patdk-wk: is it what scsi_id returns by default (with page 0x83)?
<strikov-lunch> brb in 15 mins
<patdk-wk> not sure, don't have access at the moment to scsi disk (all in production, except one machine, but that is in storage powered off)
<smoser> strikov-lunch, //paste.ubuntu.com/11650647/
<smoser> strikov-lunch, http://paste.ubuntu.com/11650647/
<smoser> fsking gnome-terminal!
<patdk-wk> looks like it is 0x83, http://stackoverflow.com/questions/22072039/algorithm-to-get-scsi-id-as-page-0x83
<patdk-wk> with one extra info
<patdk-wk> wwn are uniq per disk, but sata doesn't have wwn's only real scsi disks, unless the hba makes one for sata (depending on firmware, it will or won't)
<smoser> patdk-wk, thank you.
<smoser> strikov and i are learning of these things, when first fixing bug https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1371634
<smoser> and then hitting bug 1463046
<strikov> Thanks patdk-wk. We basically trying to detect multipath w/o multipath tool installed. So we initially wanted to do that by looking for two disks with the same scsi_id (0x83). Unfortunately sata disks may have the same scsi_id (0x83) even if they different disks not multipath ones. So I think that we may want to generate id by concatenating scsi_id(0x83) and scsi_id(0x80).
<patdk-wk> no problem, I haven't done this *much* on linux, but do this a lot on solaris
<patdk-wk> and on solaris, I stick to just wwn for everything
 * smoser thinks of some snarky comment wrt solaris, but doesnt find one.
<patdk-wk> makes it simple to know what disk failed :)
<patdk-wk> ya, on linux the best we have is disk-by-id, that I kindof don't like
<patdk-wk> by path is nice, but also annoying
<Walex> strikov: SCSI IDs may be a lot longer than that...#
<Walex> strikov: why not use WWNs
<Walex> ahhh SATA. Oops.
<strikov> Walex: how can I get WWN for a scsi disk? Which command line tool does that?
<Walex> strikov: well, in that stackoverflow page the WWNs are listed too
<Walex> strikov: but note that when you say "SCSI disk" you are talking of somewhat mythical entities.
<Walex> strikov: for Linux "SCSI" means "the storage abstraction layer called 'scsi'". Then you have SAS, SATA, FC, ... devices.
<Walex> if you want to uniquely identify devices that's device-type dependent.
<strikov> Walex: Yeah, thats a good point. The problem here is that multipath-tools afaik identify multipath by looking for two disks with the same scsi_id. Taking all ^^^ into account I suspect that this is wrong.
<strikov> Because scsi_id returns some data from the page 0x83 which contains useful info for iscsi disk but contain non-unique info for sata disk.
<patdk-wk> yep, cause sata lacks wwn
<patdk-wk> how exactly are people doing multipath over sata?
<patdk-wk> or is it a mixture of scsi + sata, that is confusing it?
<strikov> patdk-wk: i don't think they do; the problem is that we can't detect multipath reliably :)
<strikov> patdk-wk: because sata disks destroy 'two disks with the same scsi_id ==> multipath' logic
<patdk-wk> looking here
<patdk-wk> hmm, mine is giving my sata disks wwn's
<strikov> patdk-wk: another side of this issues is that systems fails to boot with multipath-tools installed if sata disks are available; they return same iscsi_id, multipath try to use them as multipath, everything fails because they are not multipath (just two disks with the same scsi_id)
<patdk-wk> so not borken, atleast for my workstation :(
<strikov> patdk-wk: it return something, it's just not unique!
<patdk-wk>  for d in /dev/sd?; do echo "$d:" $(/lib/udev/scsi_id --replace-w hitespace --whitelisted -p 0x83 --device=$d); done
<patdk-wk> /dev/sda: 350014ee6ad4008e7
<patdk-wk> /dev/sdb: 350014ee6ad400df4
<patdk-wk> two sata 2.5" laptop disks
<patdk-wk> ya, it depends heavily on the hba used, and firmware on that hba
<strikov> patdk-wk: hm, you're lucky :) you can install multipath-tools w/o any issues I think ;)
<patdk-wk> now, people using lsi hba with IR firmware, should have issues I believe
<patdk-wk> IT firmware makes uniq wwn's, IR doesn't make wwn
<patdk-wk> that one above was from just build in intel sata ports
<patdk-wk> looking to see if I have anything that doesn't behave right for wwn's
<patdk-wk> ah nice
<patdk-wk> scsi vm disk has no wwn :)
<patdk-wk> it's blank
<patdk-wk> maybe I should multipath it :)
<patdk-wk> my lsi IT card behaves also
<strikov> patdk-wk: yeah, so my understanding is that multipath requires some manual setup in general case; you need to know which exact disks are multipath and tell it to the system; auto detection is somewhat problematic
<patdk-wk> but that is also in a vm
<patdk-wk> for d in /dev/sd?; do echo "$d:" $(/lib/udev/scsi_id --replace-w hitespace --whitelisted -p 0x83 --device=$d); done
<patdk-wk> /dev/sda:
<patdk-wk> /dev/sdb: 350014ee601eaa88b
<patdk-wk> /dev/sdc: 350014ee05859790a
<patdk-wk> /dev/sdd: 350014ee3aabd0240
<patdk-wk> /dev/sde: 350014ee0ad16a2fe
<patdk-wk> /dev/sdf: 350014ee2afd87b05
<patdk-wk> the vm (root) disk is blank
<patdk-wk> the passed though lsi card, gives the wwn's
<patdk-wk> yes, when I used multipath in linux, I always manually configured it
<patdk-wk> but maybe using a vm will help *fix* the issue? since it seems to have the same problem with empty disks
<patdk-wk> and could, like if I did the above system, with multipath for the attached disks, could have issues with the vm virtual disks
<patdk-wk> I imagine that will become a more common setup
<strikov> patdk-wk: could you run last command with -p 0x80 please?
<strikov> patdk-wk: i'm trying to convince myself that 0x80+0x83 approach is something useful
<patdk-wk> for d in /dev/sd?; do echo "$d:" $(/lib/udev/scsi_id --replace-w hitespace --whitelisted -p 0x80 --device=$d); done
<patdk-wk> /dev/sda:
<patdk-wk> /dev/sdb: SATA_WDC_WD20EARX-00P_WD-WCAZAD473283
<patdk-wk> /dev/sdc: SATA_WDC_WD1502FAEX-0_WD-WMAY04018797
<patdk-wk> /dev/sdd: SATA_WDC_WD2002FAEX-0_WD-WMAWP0328862
<patdk-wk> /dev/sde: SATA_WDC_WD1501FASS-0_WD-WMAY00241536
<patdk-wk> /dev/sdf: SATA_WDC_WD15EARS-00S_WD-WCAVY6072338
<strikov> patdk-wk: bah, still no idea for sda
<strikov> *no id
<patdk-wk> ya :)
<patdk-wk> but that is a vmare disk
<patdk-wk> likely if both produce no id, I would ignore that disk totally
<patdk-wk> nothing you can do
<solo1> is there a way to share a folder on a server to download ( option to upload ) files from gdrive ?
<solo1> is there a way to share a folder on a server to download ( option to upload ) files from gdrive ?
<med_> do any services need to be manually restarted after a tzdata (leapsecond) update? It doesn't seem to do any itself.
<med_> do any services need to be manually restarted after a tzdata (leapsecond) update? It doesn't seem to do any itself.
<med_> Do any services need a manual kick in the pants (HUP, etc) in order for the tzdata leap second change to be effective. The tzdata upgrade/install doesn't restart any services afaict.
<hallyn> zul: groan,
<hallyn> ubuntu@lw1:~/qa-regression-testing/scripts$ virt-install --connect=qemu:///system --wait=0 --force --name qt --ram 64 --disk /home/ubuntu/qa-regression-testing/scripts/libvirt/qatest/qatest.img --import
<hallyn> Starting install...
<hallyn> ring any bells?
<hallyn> ERROR    XML error: No PCI buses available
<zul> hallyn: nope
<sarnold> med_: I believe all services that do time -> string conversions via the tzdata packages will automatically use the new databases without any effort on your part
<med_> sarnold, I got some good feedback from the maintainer of tzdata, infinity, in #ubuntu-motu.  Basically, if you are using ntpd (and we are) we don't have anything to do or to worry about.
<sarnold> med_: though I'll note java has their own time -> string generation things, I haven't got a clue if those auto-recognize updates of their version of their tzdata..
<hallyn> zul: d'oh!  you dropped debian/patches/ubuntu_machine_type.patch
<zul> oh shit i didnt think i did
<hallyn> and now i just lost an hour of compile time by doing debian/rules clean in the wrong window
<hallyn> yeah you rediffed it properly, but left it commented in series :)
<zul> oops :(
<zul> hallyn: coreycb should be able to figure this out shouldnt he? ;)
<hallyn> agreed!
<hallyn> zul: that patch probably ought to be sent upstream, ther'es no reason for delta there
<hallyn> and btw while i lost a lot of time to this, i should have started by looking at the debdiff and i'd have noticed it - myown fault :(
<zul> sorry about this
<hallyn> no i shoulda noticed.  anyway should have coreycb send that patch upstream? :)
<coreycb> hallyn, I'm sure zul can handle it
<hallyn> hrmph, still a lot of failures.
<teward> stupid totally not insane question: is it possible to get OpenSSL 1.0.2 and OpenSSL included with 14.04 working together?
<teward> such that I have 1.0.2 executable via openssl_1.0.2 or similar
<teward> it's needed for a CLI script I use to test SSL settings, hence why I need both, one for Ubuntu normal stuff to use, and one for the script to use :/
<cryptodan> teward: you can compile one and place it in /usr/local/sbin
<teward> cryptodan: mmm, know what deps I might need for that?
<cryptodan> teward: not sure
<teward> i'll go hunting, starting with the openssl build deps we already have, then
<teward> thanks
<cryptodan> welcome that way those in /usr/local/sbin remain untouched
<TheEagerPadawan> hi does anybody know where i could find some good videotutorials relating to linux server configuration (like DNS, DHCP, Web servers, FTP, Samba, NFS etc ...)
<teward> TheEagerPadawan: unfortunately not, each of them has their own quirks and hellish configuration problems
<teward> TheEagerPadawan: and are totally different from eac other
<TheEagerPadawan> well i do know there is a diffrence between ubuntu and centos, starting from the package manager alone, and file setup
<teward> TheEagerPadawan: i mean service to service
<teward> not OS to OS
<TheEagerPadawan> oh :)
<TheEagerPadawan> my bad
<sarnold> TheEagerPadawan: the serverguide in the /topic is the best intro-level resource I can think of; I can't say I've seen videos, but I've never gone looking
<teward> ^ that
<teward> i agree with sarnold
<teward> start with the server guide
<teward> and ask questions here if you get stuck (we'll try and help you probably)
<sarnold> these things are just complicated enough that it doesn't lend itself well to a linear video presentation: there's dozens or hundreds of choices to make for each service based on what you're trying to accomplish
<teward> sarnold: stupid question, but would replacing 14.04 LTS OpenSSL 1.0.1 with 1.0.2 from upstream break any core functions that you're aware of?  Putting it on a server because it's going to run scheduled SSL checks with a given tool that needs 1.0.2 for bit strength checks for ciphers andsuch
<teward> also agree with sarnold there
<teward> (dedicated to this server, that is)
<sarnold> teward: yikes, uh... that's definitely a "you get to keep both pieces" situtation. I'd compile from source, stick it in /usr/local/. and compile whatever tools you need against that version.
<teward> sarnold: the tool uses openssl binaries for all the checks, and has fun with the output (the tool is a bash script xD).   i was planning a from-source compile anyways, Debian only has 1.0.2a
<teward> this is a very specialized use case I know but... :P
<sarnold> teward: it has somewhat bothered me that we've neutered our packages for forensics use, forcing someone to maintain their own copy if they're writing tools, but honestly, keeping up with the security issues in these crypto toolkits is bad enough that having purpose-written tools is probably for the best
<teward> sarnold: was also going to see if I could get the thing to compile the binary as openssl_1.0.2 so i don't break existing functions but meh
<teward> sarnold: agreed.
<teward> sarnold: before i went and started stabbing the openssl source tarball to try and build openssl as openssl_1.0.2 i wanted to see if using 1.0.2 instead of 1.0.1 would nuke anything core, my guess is "Yes, it will"
<teward> judging by your statement
<sarnold> teward: you might get away with doing some namespace hackery, create a new private filesystem namespare with unshare,  mount -o bind the binaries and libraries you need..
<teward> mmm
<teward> yeah, perhaps, i'll give it some thought :P
<sarnold> teward: I think the openssl team -tries- to maintain ABI, but .. keeping the abi within an upstream release is a lot more likely than across upstream releases.
<teward> sarnold: BTW, next not as stupid question, I assume 1.0.2a in Wily is patched up for any bugs between a and b?
<teward> or rather, security bugs
<teward> :P
<teward> you would probably have a better insight on that answer than me after all :P
<sarnold> teward: everything I know is here: http://people.canonical.com/~ubuntu-security/cve/pkg/openssl.html :)
<teward> sarnold: might want mdeslaur to double check the upstream link on 2015-1791 that isn't the 1.0.1 one... getting 400s from upstream git tracker there
<sarnold> (and that lone CVE I very nearly marked 'low' last week; multithreaded ssl servers just seemed like a strange strange thing, but I decided 'medium' since it -is- openssl after all..)
<teward> sarnold: oh so you set that one there, good, you can check the upstream links :P
<sarnold> teward: openssl git is _funky_, half the time I get ABE errors from noscript
<teward> lol
<sarnold> at least noscript lets you resubmit the requests unsafely, and that usually works
<teward> sarnold: well, "400 - Invalid hash parameter" from their system sounds different :P
<teward> o wait that's the 1.0.1 one
<teward> nevermind
 * teward bashes head against screen
<teward> sarnold: cve breakage on the second upstream link - the space and the 1.0.1 break the link
<teward> otherwise it works
<sarnold> heh so it does
<sarnold> we use that (..) notation everywhere; it might be worth fixing our html-generator some day
<teward> sarnold: probably :0
<teward> sarnold: probably :P
<teward> sarnold: or maybe add a comment to the bug, such that "This link works, the one below for 1.0.1 doesn't - linkhere"
<teward> :P
<teward> but that's your guys stuff
<teward> :p
 * teward is mostly hands off :P
<teward> except where it comes to nginx usually :)
#ubuntu-server 2015-06-09
<soren> I have a qemu process on Trusty that doesn't respond to SIGKILL. Any good ideas? I don't see any bugs reported about this.
<YamakasY> ok, so my whole mem is filled up but top doesn't show it
<OpenTokix> soren`: I had that exact problem yesterday
<OpenTokix> soren`: Had to powercycle that machine
<solo1> http://paste.ubuntu.com/11669695/
<solo1> http://paste.ubuntu.com/11669695/
<OpenTokix> solo1: You just pasted your link a second time? Why?
<OpenTokix> solo1: I think you have to give some other information to
<rbasak> jamespage: need a place to coordinate with kickinz1 on the docker backports. Could you create a docker PPA in ~ubuntu-server for me please? Or would somewhere else be appropriate?
<rbasak> kickinz1: https://code.launchpad.net/~ubuntu-server/+git/docker-backport-tools
<rbasak> kickinz1: https://git.launchpad.net/~ubuntu-server/+git/docker-backport-tools/tree/all
<rbasak> kickinz1: reverse-depends
<Sling> why isnt mirror://mirrors.ubuntu.com/mirrors.txt in sources.list by default :(
<Sling> would make more sense than the us mirror for all installs
<kickinz1> rbasak, thanks
<kickinz1> ls
<rbasak> kickinz1: https://launchpad.net/~racb/+archive/ubuntu/docker/+copy-packages
<TheEagerPadawan> anyone around here that holds the lpic-2 cert?
<Sling> http://paste2.org/DCsKdPAW what am I doing wrong here?
<Sling> or maybe this package is 32-bit only... hmm
<Sling> linux32 ./configure seems to work
<dannf> rbasak: hey - have you had a chance to look at https://code.launchpad.net/~dannf/ubuntu/wily/mysql-5.6/lp1427406 ? wanted to see if you were cool w/ the patching method
<rbasak> dannf: sorry, looking now
 * dannf stole that method for edk2 fwiw
<rbasak> dannf: completely happy with the method - looks ideal
<rbasak> dannf: it might be worth explaining somewhere why we've chosen to make the patch arch-specific though. Maybe in the changelog, or in a comment in the rules file or something?
<rbasak> dannf: but +1 for upload to Ubuntu
<dannf> rbasak: good point, i'll do that. other than, the last bit i'm working on is testing on powerpc (32-bit) to see if i can reproduce there
<dannf> cool, will do after that testing. ta!
<rbasak> ack, thanks.
<strikov> dannf: oh, that's really good to see that we have this issue sorted (at least at some point) now; good job dannf
<dannf> thanks strikov ! yeah, still have the copyright assignment problem preventing it from going upstream, but at least ubuntu can limp along :)
<rbasak> squisher: around? Just looking at bcache-tools now.
<smoser> smb, i can get you access to system and you can deploy it and watch its log.
<smoser> basically all we do is deploy to /dev/<device>, chroot apt-get install multipath-tools-boot; unmount everything; reboot
<smoser> this system seemed to have been happy on reboot after first one was angry.
<smoser> but other times reboots didnt cure the ill
<smb> smoser, or you could give me a log when it happens to you again. Which would not require me to figure out how and with which versions MAAS you do that deploy?
<smoser> i did giv eyou a log
<smoser> i can give you access to the system and let you deploy it.
<smoser> https://launchpadlibrarian.net/208389797/my.log
<smb> smoser, you gave me a log from the boot after deploy (if I understood correctly)
<smoser> right.
<smoser> what do you want a log of ?
<smb> The deploy run itself. If that is even possible
<smb> Because that boot seems just to run into a corruption that probably existed on disk before. And maybe sometimes fsck can fix that
<smoser> the first time i noticed it, i fsck'd painfully from initramfs
<smoser> and still had errors later on.
<smoser> i'll deploy the node with vivid and get a log.
<smb> smoser, Great. Thanks!
<strikov> smb: could this corruption be related to the fact that we install the system to one of paths (say /dev/sda) but not to /dev/mpathN?
<smb> strikov, No that is completely valid
<smb> In fact this looks to be the way those systems are provisioned  right now without updated curtin
<strikov> smoser: smb: are we sure that this is vivid-kernel related thing but not vivid-multipath-tools/vivid-dm related one?
<smoser> smb, right. that is how they work without the update.
<smoser> but with the update, we basically then just install multipath-tools-boot and expect it to work.
<smb> strikov, the multipath target and balancers are part of the kernel so it still could be both. But since it is a failover setup those systems practically only use the one device after
<smb> smoser, yeah, this should be a valid approach and I manually did that without issues like this
<smb> If things go bad it were rather the unable to find a complete device type of errors
<smb> not fs corruption
<smoser> right.
<smb> smoser, strikov, So one detail you may want to add to multipath.conf is to change the scsi_id call into one that includes the '-u' option. That replaces spaces in the wwids with an underscore. This somewhat was working better for me
<smoser> smb, we do that.
<smb> Ah ok
<smoser> and that should be fixed in the future
<smoser>  https://bugs.launchpad.net/ubuntu/+source/multipath-tools/+bug/1432062
<smb> smoser, OK. Right, somehow in my memory that was the default at least a long time ago... But I may remember incorrectly.
<smoser> smb, well it is repoted fixed by that patch. (that is not in ubuntu yet)
<smoser> but does strikov reported it worked for him
<smb> smoser, Oh actually that works the other way round by letting the other pieces handle spaces. While I usually just went and set the getuid_callout in multipath.conf to use -u for scsi_id and not have spaces in the first place
<strikov> smoser: i didn't test the patch proposed in the bug, i just verified that with 'user_friendly_names' we don't suffer from spaces because names look different (like mpath0-part1 not <serial-with-spaces>-part1)
<squisher> rbasak, ping
<squisher> s/i/o/
<smoser> strikov, oh. i thought you actually built and tested that.
<strikov> smoser: i can do that tomorrow morning
<smoser> strikov, nah. dont worry.
<rbasak> squisher: o/
<rbasak> squisher: I'm finished for the day so am in and out right now, doing DIY.
<rbasak> squisher: it all looks good. One question and one comment I think.
<rbasak> squisher: you're using "git archive" to generate the tarball artifact for pristine-tar I presume? I think I'm fine with that given that upstream do nothing else but jamespage will probably ask.
<rbasak> squisher: your commit 2f15970ecc04b37e965097807117765368524062 added a spurious whitespace change to an unrelated patch. Please avoid that if you can, but no worries about it this time.
<rbasak> squisher: +1 for upload.
<squisher> rbasak, yeah I don't know what happened with the white space
<rbasak> jamespage: please could you sponsor commit 057b6a854342266cfb60bcd0ccd0567a46b22b24 from bcache-tools Debian VCS?
<squisher> I use gbp pq since the beginning
<rbasak> squisher: only two changes from upstream between 1.0.7 and 1.0.8 it looks like? Are we still having issues getting upstream stuff committed right now?
<squisher> great, thanks, I think it's nice to close those bugs :)
<rbasak> squisher: thanks for sorting them :)
<rbasak> squisher: I looked at the BTS to see what else might need a clear up with the intent of doing them at the same time, but you'd already done them :)
<squisher> sorta, the ML seems pretty dead and the main author seems to be working on some sort of next-gen tools I think
<squisher> rbasak, :)
<teward> sarnold: rbasak: if I see ONE MORE BUG on "Subprocess failed to install" on nginx without useful data my head's gonna explode
<teward> apache apparently is default installed everywhere and it breaks everything :/
<teward> sarnold: rbasak: ^ with regard to https://bugs.launchpad.net/bugs/1463383 and the thousand other ones like it
<hexch> Hi I have an problem with isc-dhcp-server, I have 1 dhcp server for all my 1000 vlans, and problem is that it is giving clients ip from the first subnet.
<hexch> I have on my cisco switched enabled ip-helper
<sarnold> teward: does that mean you need to COnflicts: with apache?
<teward> sarnold: if and only if apache is already installed
<teward> sarnold: the last four email issues on this the default Apache conflicts with Nginx, they both try and bind :80
<teward> which of course blows up
<teward> sarnold: I need the server manifests including the Amazon images documented, and information told to me whether Apache is actually installed
<sarnold> what's really annoying is I could see wanting both apache -and- nginx installed on one system. and the default "listen on 0.0.0.0:80" business is just gonna be annoyuing...
<squisher> the conflicts seems rather harsh: you can certainly use ngix and apache side by side
<sarnold> squisher: exactly :(
<squisher> possibly use a post-inst script which updates the default configuration not to listen on 80 if something else is?
<teward> on a default 15.04 with no other config options
<teward|foobar> okay, so, i have no idea where my bouncer left off
<sarnold> teward|foobar: you had an excess flood quit immediately after < teward> on a default 15.04 with no other config options
<teward|pc> sarnold: the issue is not that Apache and nginx conflict - it's that they both try to bind to 80 in a default instance
<teward|pc> sarnold: yeah, i kinda flooded the system with rage briefly
<teward|pc> sarnold: the issue goes back NOT to the need of a conflicts: but the fact they both in a default setup bind to 80
<teward|pc> the PROBLEM is, this is new as of 15.04
<teward|pc> and ther'es no useful information in the already included apport data to debug what the cause of the failure on install is
<sarnold> teward: can you change the scripts to something like service restart nginx || true;  to avoid the bugs/
<teward|pc> sarnold: i'll look into what's run after installation, my guess is yes, we can get past it, but ideally systemd and apport would be less stupid and provide the output
<sarnold> teward|pc: the trouble is, it's a script that's not supposed to make any output anyway. I've thought before it's a real shame there's so many failing postinst scripts but zero debugging information for any of them :(
<teward|pc> sarnold: Job for nginx.service failed. See "systemctl status nginx.service" and "journalctl -xe" for   <-- this is during the Configuring... step
<teward|pc> sarnold: indeed, but we may just need an apport hook that puts out those data
<teward|pc> but iirc there's no way to say "If it fails to configure"
<teward|pc> fail to install is a different bug in the terminal output
<teward|pc> fail to configure is another
<teward|pc> sarnold: i should really poke -devel and get in touch with an apport hooks expert, and try and incorporate one for the nginx package...
<teward|pc> because it's really needed at this point
<sarnold> teward|pc: indeed, but you might not get the output you want. knowing what is bound to port 80 might go a very long way thuogh :)
<teward|pc> sarnold: the past 5 directly emailed issues on this were Apache
<teward|pc> sarnold: hence why I'd like a manifest of what's on the Amazon images, as well as whatever the other stuff cloud touches or our server images default-install (when we skip tasksel)
<teward|pc> if the Apache binaries end up on there by default, then we need to smack the images back to the stone age
<teward|pc> and remove Apache defaultinstall
<teward|pc> because that's SourceOfProblem
<sarnold> teward|pc: meh, if it's installed where it wasn't before, it was because someone wanted it :)
<teward|pc> sarnold: and therein lies the problem - Admin Error
<teward|pc> sarnold: from https://launchpadlibrarian.net/208651215/DpkgHistoryLog.txt though I don't see apache on there (that's the bug i mentioned earlier)
<teward|pc> although the problem would exist with lighttpd and others too
<teward|pc> they all try and default-bind to *:80
<teward|pc> which explodes all the things
<teward|pc> sarnold: however, the only tricky part of this, is that 15.04 seems to be the start of all the issues - and systemd further complicated the issue :/
<squisher> teward, hm, I've seen changes in the error reporting from start-up scripts in debian (sysv->systemd)
<squisher> maybe it's something along that line?
<squisher> (like what wasn't fatal before, is now considered fatal because systemd is more strict?)
#ubuntu-server 2015-06-10
<Vainglory> apparmor is blocking my nginx server from reading a file. i get the following: audit: type=1400 audit: apparmor="DENIED" operation="open" profile="/usr/sbin/nginx" name="/etc/nginx/sites-enabled/" comm="nginx" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
<Vainglory> i have the following : /etc/nginx/sites-enabled/* r, but i still get a DENIED when attempting to read that folder
<linuxmint> Anyone know how to setup RAID? Do I follow Debian net-install? I cancelled my CloneZilla idea as I have to manuall backup, whereas RAID automatically runs the 4 disks, saving my server if 1 disk breaks.
<sarnold> don't confuse raid with backups
<sarnold> raid is there so you can go buy a new hard drive when one dies
<sarnold> backups are there so you can get your databack if the computer burns down / stolen / or some yahoo types rm -rf / :)
<linuxmint> sarnold: yes, but I think RAID will help ensure I don't have to reinstall the OS when the 1 disk breaks.
<sarnold> linuxmint: yes :)
<linuxmint> my challenge is building the RAID.
<sarnold> wow our docs on that are really .. iffy
<sarnold> the serverguide only covers it during the install phase https://help.ubuntu.com/lts/serverguide/advanced-installation.html
<linuxmint> Maybe I need to stick with 1 disk, but less peace of mind.
<sarnold> and everything else seems to make the same assumption -and- is quite old. that's annoyuing.
<linuxmint> A lot of people said not to bother with RAID. E.g., Server grade hardware doesn't need RAID. Or use CloneZilla backups. I need an automatic assurance running with my 4 disks if 1 breaks, the OS/server should still run.
<linuxmint> ClonzeZilla is good, but it's a manual process.
<sarnold> some server hardware come with raid cards already, you can configure it via their own bios-like interfaces before booting
<sarnold> those raid cards give and take, of course, if something happens to the raid card, your data is probably toast. maybe you can get it back if you buy identical raid card again, but I've heard of arrays just not coming back regardless of what is done to try to bring it back
<linuxmint> ok, sounds like too much work/risk. Might just get used to reinstall of broken server OS and restore VM backups.
<sarnold> another option is to investigate zfs; it's not shipped with ubuntu, but I think it's a much nicer interface for storage pools. But I wouldn't use it for the system drives, because it adds in too many odd wrinkles. (People do, and they like the end result, but I don't think it's worth the hassle.)
<linuxmint> k, thanks, will explore :)
<pmatulis> sarnold: yes, the server guide could use some TLC, hint hint, merge proposals welcome, etc, etc :)
<seijirou> Hello.  I've got emulex HBAs on ubuntu 14.04 and I'm wondering if it's possible to configure them in target mode and use SCST or LIO or something else to expose a target.  I've found some info on qlogic but almost nothing on emulex.  I believe the driver shipped with 14.04 is lpfc but I can't find any information on lpfc configurables to switch from initiatior to target.
<rbasak> jamespage: two items for you please. 1) a docker PPA in ~ubuntu-server for kickinz1 and I to coordinate, and 2) bcache-tools upload.
<jamespage> rbasak, on that now
<rbasak> Ta
<jamespage> rbasak, can't do that under ubuntu-server "Open or Delegated teams can not create PPAs."
<rbasak> Hmm, OK.
 * rbasak didn't want to create Yet Another Team.
<rbasak> And kickinz1 isn't in ~ubuntu-server-dev
<jamespage> rbasak, indeed - I'd just do it under another team
<jamespage> bcache-tools now
 * rbasak wonders if there's some other suitable general team we can use for this type of thing
<rbasak> Daviey: o/  ^^ do you happen of any please?
<jamespage> rbasak, wait - there was an ubuntu-server-edgers team once
<jamespage> nope apparently no longer
<Daviey> rbasak: be careful with u-s-dev, that is the ACL team for serverset uploads.
<rbasak> Daviey: right, so we can't use that (also I think I can't add anyone anyway - that's have to be the DMB)
<rbasak> Daviey: and we can't use ~ubuntu-server for PPAs because it's open AIUI.
<rbasak> Daviey: so I think we want a third team that is nominally restricted even though we'd add anyone capable or being trained who wants to be involved.
<rbasak> Any name suggestions?
<rbasak> Or does anything like that already exist?
<jamespage> rbasak, where is bcache tools?
<rbasak> jamespage: git+ssh://git.debian.org/git/collab-maint/bcache-tools.git
<rbasak> jamespage: pristine-tar included in there. Upstream don't publish tarballs so squisher has been generating and importing them AIUI.
<jamespage> rbasak, ok
<Daviey> rbasak: It sounds like you are trying to grow a community, are you crazy!?
<rbasak> Daviey: :)
<rbasak> Daviey: I specifically am trying to avoid closing this work when it can be open.
<rbasak> (or else I'd just use ~canonical-server or something)
<Daviey> rbasak: There was a ~ubuntu-server-contribs IIRC, trying to mimic the contributing developer thing.. But it didn't grow, so i dropped it.
<rbasak> Daviey: hmm. Perhaps I should recreate that?
<rbasak> Daviey: intended membership would be anyone who is working with us as a team, but doesn't have upload rights. In practise that'd probably be Canoncial people, but I don't want to restrict it to that.
<rbasak> It's silly because ~ubuntu-server would be fine except for the restriction on PPAs.
<jamespage> rbasak, squisher: uploaded and tagged in git
<rbasak> jamespage: thank you!
<Daviey> rbasak: The trouble with an open team and PPA's is that if anyone adds them to their system, i create a new LP account, join the team and p0wnz users.. At least vetting a smaller team, they rely on their reputation.
 * rbasak finds ~ubuntu-server-staged-uploads but that's ~ubuntu-server-dev so won't do
<rbasak> Daviey: yeah that makes sense
<rbasak> Daviey: in this case I want a PPA for easier build dependency management and testing, rather than for end users actually using the packages.
<Daviey> I suspect ~ubuntu-server-staged-uploads can be dropped... That was an effort (jamespage) to try and gate all archive uploads for server stuff through Jenkins... but it didn't take off..
<Daviey> jamespage: agree ^ ?
<rbasak> ~docker-maint exists. Maybe we can ask to join that.
<friendlyguy> hi there! I'm trying to boot a fresh ubuntu 15.04 server installation but upon start i receive a message: "ERST: Cannot request [mem ADDR] for ERST."
<friendlyguy> and it's not progressing any further
<friendlyguy> any idea what this could mean?
<friendlyguy> I'm going to try the lts version next
<OpenTokix> friendlyguy: Where do you get this error?
<friendlyguy> after selecting ubuntu entry in grub
<OpenTokix> friendlyguy: ok, is your bios st for UEFI or BIOS boot?
<friendlyguy> it's bios
<OpenTokix> and secureboot is disabled?
<friendlyguy> i guess, haven't seent this in bios. let me check.
<TJ-> friendlyguy: Is it a Dell R900 ?
<friendlyguy> nope, it's a supermicro x7db8 with two quad-core xeons
<friendlyguy> http://www.supermicro.nl/products/motherboard/xeon1333/5000p/x7db8.cfm
<OpenTokix> friendlyguy: And the ram is whole, and properly configured?
<friendlyguy> with two xeon e5420
<friendlyguy> 8 of 8 modules installed, 32gb ram
<OpenTokix> friendlyguy: if its supposed to be a server, - I would recommend the LTS, since the rolling releases tend to be far to quick for a server enviroment
<friendlyguy> haven't run memtest. but: it's ecc fb ram and no problem running windows on this machine before
<friendlyguy> okay, i've just prepared a stick with lts ... going to install and check with this release
<TJ-> friendlyguy: looks like an ACPI/BIOS issue. That error is reported from drivers/acpi/apei/erst.c::1180 ... "pr_err("Can not request [mem %#010llx-%#010llx] for ERST.\n","
<friendlyguy> TJ-: interesting... afaik i've the latest bios version installed. maybe i could have tried factory defaults
<friendlyguy> right now i'm trying 14.04.2 lts
<TJ-> friendlyguy: It's trying to read the MCE log via ACPI ERST ... maybe that's a configurable option in the BIOS?
<friendlyguy> okay, finished installation. lets c if it boots
<friendlyguy> looks better actually
<friendlyguy> but, for some reason i don't have a console via ipmi after selecting ubuntu in grub. but: the attached monitor displays everything
<TJ-> friendlyguy: maybe grub is putting the console into graphics mode which is causing IPMI issues?
<jamespage> Daviey, agreed
<jamespage> Daviey, tbh we get that via proposed now anyway
<Daviey> jamespage: right!  Good to see the server team innovating before the rest :)
<friendlyguy> TJ-:  i really don't know yet :) i've never used those ipmi cards on linux
<jamespage> Daviey, indeed ;-)
<kyle__> At what point in the boot does init handle luks?
<kyle__> I tried to make a luks encrypted /var/lib, set it all up with /etc/crypttab and /etc/luks/keyfile, rebuilt my initramfs using update-initramfs -k all -c, so I'm guessing I need to tell it to setup luks/cryptdisks earlier?
<TJ-> kyle__: cryptodisks should be unlocked before the /etc/fstab mounts get scanned by mountall
<kyle__> TJ-: I think I just found it.  I forgot installing haveged and cryptsetup-bin doesn't install cryptsetup.  Doh!
<friendlyguy> i have a weird problem with luks / dmcrypt. i've got a os hdd which has unencrypted /boot and encrypted / (lvm) partitions on it. also there are 11 more drives in the server which i also encrypted. (lated used for zfs) i derived the key from my os, and added it to all 11 drives. i also created a entry for every drive in crypttab.
<friendlyguy> however, upon restart i get error msges like:  "conflicting device node '/dev/mapper/hdd500_4' found, link to '/dev/dm-8' will not be created" and symlinks to dm-X are missing
<friendlyguy> entries in crypttab look like: hdd500_4 UUID=e5f010ec... sda5_crypt luks,keyscript=/lib/cryptsetup/scripts/decrypt_derived
<TJ-> friendlyguy: bug #1358491
<friendlyguy> oh no
<friendlyguy> but thanks ;)
<TJ-> And I've not worked on it since I was able to work around it I assumed it was a udevd race
<friendlyguy> could you explain your workaround? i think i didn't get it
<TJ-> friendlyguy: use another controller and disks!!!
<TJ-> friendlyguy: what controller are those disks on?
<patdk-wk> hmm, I never worked around the issue :)
<patdk-wk> but I do use a custom initramfs script to setup mine on boot
<friendlyguy> i'm using a 3ware 9550-12
<onorua> How to configure multiple bonding interfaces on Ubuntu 15.04 ?
<onorua> when I configure it, it can't startup
<onorua> and my system doesn't boot, and hang on the networking service
<friendlyguy> patdk-wk: could you explain / show this custom initramfs script?
<friendlyguy> but first... need to get pizza :)
<xcyclist> I have have instructions to install libxml-dev package on my ubuntu server.  It is not found.  Please advise what is equivalent?  There is an libxml2-dev...?
<xcyclist> Okay, I found an ubuntu thing that says libxml2-dev:  http://askubuntu.com/questions/62849/installing-libxml-dev-package
<friendlyguy> patdk-wk: could you please explain what u did to your initramfs script?
<Patrickdk> a lot actually
<Patrickdk> does a few udev settles
<Patrickdk> but it's goal is to read the key stored externally
<Patrickdk> and to decrypt that key using a password
<Patrickdk> and then feed that key into the crypttab entries
<Patrickdk> it's probably just the udev settles you need
<friendlyguy> i think so too
<friendlyguy> could you give me some advice what i need to do
<friendlyguy> Patrickdk: i found that there is actually a "function" wait_for_udev which does a udevadm settle
<friendlyguy> but where do i need to call it
<keithzg> Hmmm running a long-awaited upgrade on an Ubuntu 14.04 server, and it's been "Setting up mysql-server-5.5 (5.5.43-0ubuntu0.14.04.1)" for over a minute now, which makes me uneasy...
<TJ-> keithzg: any databases that might need their tables upgrading?
<keithzg> TJ: I wouldn't have thought so, it's just a minor point upgrade. Anyways, it turns out the issue is a quasi-known one that seems to crop up from time to time. Merely stopping the mysql service *before* the upgrade solved it.
<keithzg> (In total it hung for 10 minutes and seemed to be using no CPU or disk, so it really didn't seem to be upgrading anything; didn't see any such processes in ps -ef either)
#ubuntu-server 2015-06-11
<Zarathuztra|2> anyone around that can help out?
<sarnold> with what?
<lordievader> Good morning.
<friendlyguy> good morning ;)
<diytto> hi, i have my server set to only accept pubkey ssh connections, but my server seems to not be accpeting those connections for my user
<diytto> i haven't changed anything with ssh configs, and i can still login as another user
<diytto> however, this other user does not have sudo rights
<diytto> any suggestions?
<diytto> i am still open on an sftp connection with the server on the account i am lockedout of
<friendlyguy> diytto: did you add your pubkey to authorized_keys?
<diytto> yeah, i have had it in there since the beginning
<diytto> i have always been able to log in with it
<diytto> i haven't changed it in any way, yet am unable to log in
<friendlyguy> kk, and you were able to connect with ssh via pubkey before? Or did you enter a password upon login?
<diytto> i used pubkey previously
<diytto> i have password disabled
<friendlyguy> k
<friendlyguy> did you change anything at all?
<diytto> no
<diytto> only thing i have done is copy the authorized keys to another user on the server
<friendlyguy> have you tried to login to another host with this keypair? maybe something is broken
<OpenTokix> diytto: what does ssh -vvvvv say?
<diytto> i don't know how that would make a difference
<diytto> same key works on another user
<diytto> OpenTokix: i am getting nothing with that
<diytto> it just tells me correct usage of ssh
<friendlyguy> i think he ment to add verboooooose output to your connection
<diytto> the exact same authorized keys works on a seperate account
<diytto> ah okay hold on
<friendlyguy> maybe you could also check your file permissions in ~/.ssh... should be 700 over the place
<diytto> is there a paste tool you would prefer i use?
<friendlyguy> i don't care, but maybe there are some "rules" in here for which pastebin to use
<friendlyguy> ...f you want to show large texts, such as errors, use the pastebin and post the URL to the paste instead.... http://paste.ubuntu.com/
<friendlyguy> from: https://wiki.ubuntu.com/IRC/Guidelines?action=show&redirect=IrcGuidelines
<diytto> http://paste.ubuntu.com/11695170/
<friendlyguy> did you checkt the permissions?
<diytto> how do i check specific permissions
<friendlyguy> ls -la ~/.ssh
<OpenTokix> .ssh should be 700 and files in .ssh 600
<OpenTokix> btw.
<OpenTokix> and owned by your user and your personal group
<diytto> everything looks fine
<diytto> on my end
<friendlyguy> this last "Permission denied (publickey)."...
<diytto> server is fine with permissions too
<diytto> i am able to edit my authorized_hosts
<diytto> i have an sftp connection that was open previously before this issue
<diytto> no cli access
<friendlyguy> could you try to use the -i (together with -vvv) option of ssh, to point directly to the right keyfile?
<davegarath> diytto: the file name for the public keys is authorized_keys, not authorized_hosts
<diytto> davegarath: i am using the authorized_keys file, i am tired atm
<diytto> friendlyguy: let me try
<diytto> http://paste.ubuntu.com/11695216/
<friendlyguy> r u using selinux?
<diytto> no
<friendlyguy> maybe you messed that up
<diytto> i am on OS X, server is ubuntu
<OpenTokix> diytto: debug1: Offering RSA public key: /Users/diytto/.ssh/diyttoaws.pem
<OpenTokix> I am guessing that is the problem
<OpenTokix> diytto: for the -i you have to provide the full path to the key, it will not select that name of key from your .ssh dir
<diytto> OpenTokix: even if i am in the .ssh dir?
<OpenTokix> I think so
<friendlyguy> i just found one mac user with "slightly" the same problem:
<friendlyguy> ...on my Mac, the file /etc/ssh_config had the line  PubkeyAuthentication = no   I commented out that one line, and now everything works fine....
<OpenTokix> friendlyguy: that is not standard behaviour on the mac.
<friendlyguy> kk
<friendlyguy> I've got very little clue about macs
<OpenTokix> diytto: but you might also want to check out your /etc/ssh_config
<diytto> I've never had a problem with logging in before
<OpenTokix> debug3: Could not load "id_rsa.pub" as a RSA1 public key
<diytto> OpenTokix: i get the same thing with the full path
<OpenTokix> diytto: ok, post the debug-output
<friendlyguy> i though: "debug2: key: id_rsa.pub (0x7ff35b700140), explicit" is indicating the use of the keyfile
<friendlyguy> maybe you could also show us some log output from the server
<diytto> http://paste.ubuntu.com/11695243/
<diytto> i can possibly
<diytto> where is log info located
<OpenTokix> debug3: Could not load "/Users/diytto/.ssh/id_rsa.pub" as a RSA1 public key
<OpenTokix> There is your problem
<OpenTokix> do a ls -l /Users/diytto/.ssh/id_rsa.pub
<OpenTokix> oh
<OpenTokix> haha
<OpenTokix> now I get it
<OpenTokix> =)
<diytto> -rw-------+ 1 diytto  staff  402 Jul 18  2014 /Users/diytto/.ssh/id_rsa.pub
<OpenTokix> You are trying to login with your public key
<OpenTokix> ssh -i ~/.ssh/id_rsa diytto@de.diytto.com
<OpenTokix> this will work
<friendlyguy> ouch
<OpenTokix> haha, - so easy to miss
<diytto> still denied
<OpenTokix> ok, now with -vvvv and see the output
<diytto> http://paste.ubuntu.com/11695253/
<OpenTokix> debug3: Could not load "/Users/diytto/.ssh/id_rsa" as a RSA1 public key
<OpenTokix> file /Users/diytto/.ssh/id_rsa
<OpenTokix> what does that command output?
<OpenTokix> do _NOT_ paste your private key
<diytto>      /Users/diytto/.ssh/id_rsa: ASCII text
<OpenTokix> ok
<OpenTokix> if you look into that file
<diytto> also, this fails with a separate pubkey on my phone
<OpenTokix> does it start with ----BEGIN RSA PRIVATE KEY----
<diytto> if that's helpful
<friendlyguy> whats still bugging me, he tols us he is able to login with this same key to another user
<OpenTokix> and proc-type 4,encrypted - etc.
<OpenTokix> friendlyguy: I am guessing the other user is with the aws-pem-file
<diytto> OpenTokix: it does
<OpenTokix> ls -l /Users/diytto/.ssh/id_rsa
<OpenTokix> What does that output?
<diytto> -rw-------+ 1 diytto  staff  1679 Jul 18  2014 /Users/diytto/.ssh/id_rsa
<OpenTokix> looks correct
<diytto> the aws one is for an amazon server
<diytto> fyi
<friendlyguy> guessed that ;)
<diytto> it's not used here
<OpenTokix> yes, I guessed that to
<OpenTokix> and if you do the exact same command, just switchout user@
<OpenTokix> it works?
<diytto> my phone has it's own pubkey and is also unable to log in
<diytto> yeah
<OpenTokix> ie. ssh -i /Users/diytto/.ssh/id_rsa otheruser@sameserver ?
<diytto> to sb1@de....
<skylite> can I enable an apache module only for one vhost?
<OpenTokix> skylite: no
<skylite> never? :(
<OpenTokix> skylite: but you can do the handler only for one vhost
<OpenTokix> skylite: so it will be effectivly "hidden" for others
<diytto> OpenTokix: that works fine
<skylite> so I enable a module and hide it in all the other vhosts but one?
<OpenTokix> skylite: no, you enable module and add the handler for that module only to the vhost that should have it
<friendlyguy> hm... you could verify if your keypair is "cool"
<OpenTokix> diytto: hmmm
<friendlyguy> ssh-keygen -y -e -f <private key>
<friendlyguy> and compare this to your pubkey
<diytto> successful connection http://paste.ubuntu.com/11695290/
<OpenTokix> diytto: im guessing there is something wrong on the serverside in the authorized_keys file, or its rights
<OpenTokix> lunch now, *gone*
<skylite> OpenTokix this is a quite simple module Is that gonna work the way you suggest? https://github.com/danghvu/mod_dumpost
<diytto> friendlyguy: they appear to be identical
<friendlyguy> weird weird
<diytto> okay, i have shell access through my znc
<diytto> so i can send commands
<diytto> friendlyguy: only the last user i added to the server i am able to log in to
<diytto> i am afraid i must go to sleep. it's 4am here. i will try to figure this out more in the morning
<diytto> thank's for the help you've provided
<friendlyguy> youre welcome
<friendlyguy> gn8
<friendlyguy> ist sdc denn wirklich "sdc"
<friendlyguy> oh, sry... wrong window
<friendlyguy> hmmm :) maybe one can help me to debug my server a little further... there is a "issue" which is driving me crazy. when i first start my server i can see the post until grub is supposed to start. -> thats when my monitor goes blank. IF i restart it (using ctrl-alt-del) i can watch the POST and grub appears
<friendlyguy> AND, if i need to reboot again: i'll get a blank screen opposed to grub. hit ctrl-alt-del again, wait for the post stuff... and grub is there again
<friendlyguy> precisely every 2nd "attempt"
<OpenTokix> skylite: mod_audit already does that for you
<skylite> OpenTokix thx I'll try that one ... already trying with mod_dumpio
<OpenTokix> skylite: http://dev.prositen.com/wp/log-post-data-with-apache/ <--- there you have how mod_security does it.
<skylite> thx a lot
<OpenTokix> skylite: and then you add the Secrules in your vhosts
<OpenTokix> skylite: my collegues site =)
<skylite> OpenTokix great writing thx it works :)
<OpenTokix> skylite: I forwarded your thanks to my collegue
<rbasak> dannf: thanks for the memory corruption fix for MySQL. Any opinions on me pushing this to Debian too? I'm working on Debian mysql-5.6 right now.
 * rbasak goes for a walk/lunch while stuff builds
<dannf> rbasak: yeah, i'd definitely +1 applying it to debian
<rbasak> dannf: OK, thanks!
<dannf> rbasak: also, i'd like to get it sru'd back to trusty - should i just go ahead and upload backports?
<rbasak> dannf: that's fine - go for it.
<friendlyguy> anybody got some experience with zfs dedup? i'd like to turn on dedup for a relative small pool ~ 2t where I'm going to store vm backups. i read that dedup takes 1-2 gb ram per tb in pool, so here max 4gb. I've got 16gb ram sitting in this machine, so looks good to me. BUT, I read on the german ubuntu wiki to "NEVER" turn on dedup.
<ogra_> kickinz1, my ownclÃ¶oud snappy install constantly pops up an upgrade warning, are you working on a 8.0.3 snap ? (or is anyone)
<kickinz1> ogra_, no
<ogra_> kickinz1, well, it would be nice to have that upgraded somehow ...
<kickinz1> ogra_, yes planned around next week.
<ogra_> kickinz1, awesome, thanks :)
<ogra_> if you need a tester, just ping me :)
<kickinz1> ogra_, Ok, I'll do!
<squisher> rbasak, another look at bcache-tools please... someone already spotted a bug :)
<squisher> it's again rather trivial changes
<rbasak> squisher: that looks fine. Is that two separate fixes in one commit or are they related to the same issue?
<rbasak> squisher: and does piuparts pass now?
<squisher> rbasak, hm, yeah, they should probably be separate
<squisher> I'll check piuparts, but I tested it in pbuilder
<rbasak> squisher: "Fix dracut" isn't really helping me. Maybe describe what you're fixing and why?
<rbasak> (well, clearly you're fixing "dracut", but I mean the actual problem you're fixing)
<squisher> rbasak, hmm, I wonder how I can fix that now with the gbp workflow
<rbasak> squisher: don't bother rebasing, it's not worth it. So just add extra commits fixing up the changelog for this time I guess.
<squisher> rbasak, yeah, I agree. I should be more careful with my descriptions (basically dracut wasn't working at all before, I was just being lazy)
<Gregor3000> why is the check disk failing and reports corrupted files? i tried 3 different USB image burners - 1. Unetbooting in windows, LinuxliveUSB in windows and startup disk creator in linux. every time checking of disk reported error. despite the fact that md5sum matches, i've tested also USB it has no errors in readin & writing.
<squisher> rbasak, I'll have to fix that later. I don't really like the gbp changelog handling, but on the other hand I would like to automatically generate the changelog :-\
<Gregor3000> i also can not proceed with installer - it stops at 33% when formating /. i have preexisting software RAID1 that holds /swap and /var/log /data
<squisher> Gregor3000, the md5sum of the downloaded image I assume?
<squisher> I'd run memtest over night
<Gregor3000> correct - miniiso or server - it's not memorry as i cretaed and booted the image on different PC's
<Gregor3000> in the end it said it can't even detect the image (eventhough it was botoing from it and running other programs on it)
<Gregor3000> hwo do i report bug with installer? also when reporting it do i add pictures? or what?
<Gregor3000> sorry how
<diytto> Hi, I was here last night with my issue if anyone saw it. Basically my server has locked me out from ssh. It is refusing my pubkey auth on my account, even though I have used previously. I can access a different account on the same server with the exact same authorized_keys, but not my personal account. Any ideas?
<diytto> My account has sudo access, while the account i am able to access does not
<sarnold> diytto: check permissions on your ~/.ssh and ~/.ssh/* files
<sarnold> diytto: the sshd is very picky about e.g. too-wide group write support or files owned by the wrong user
<diytto> permissions are fine, we went over them last night
<diytto> that was the first thing we went over last night :(
<sarnold> hehe nice :)
<sarnold> is there anything in the logs?
<diytto> where can i find the logs on the server
<lordievader> diytto: /var/log/ (from there you want auth.log and the syslog)
<diytto> alright let me take a look
<diytto> well this is a problem
<diytto> i can't read the logs
<sarnold> can you su, sudo, or login, to the account that can read the logs?
<diytto> no
<diytto> unless there is a way to login without sudo
<lordievader> diytto: He means to your user account with sudo powers.
<diytto> no, that is the account i am locked out of
<lordievader> diytto: Your ssh is locked, not local login, right?
<squisher> afaik ubuntu doesn't use wheel for su, right? So you should be able to su into your sudo-able account if you know your local password
<diytto> just ssh is locked
<squisher> diytto, that's probably what lordievader is talking about too :)
<squisher> then you shouldn't have a problem :)
<lordievader> Yes, su'ing into the 'locked' account.
<diytto> ah okay
<diytto> i wasn't aware i could do that
<diytto> okay i am in
<lordievader> diytto: Then read the logs.
<diytto> it looks like permissions for my home directory are wrong?
<squisher> I guess if your home dir is 777 then other people could change the perms of your ~/.ssh dir
<diytto> i am the only one on the server
<lordievader> Still, sshd doesn't like that.
<squisher> hm, I may be wrong on that, but anyway, what lordievader said
<lordievader> As sarnold said, sshd is very picky.
<diytto> i never changed that though, and I've never had an issue logging in previously
<diytto> home dir perms drwxr-xr-x  8 sb1  sb1   4096 Jun 11 01:55 diytto
<squisher> diytto, that's not 777 - you should paste the error from the logs
<diytto> drwx------  2 diytto diytto    4096 Jun 11 04:04 .ssh
<sarnold> sb1 vs diytto??
<diytto> oh wow i missed that
<diytto> that fixed it
<diytto> wow
<diytto> i have no idea how that happened
<squisher> `history | grep sb1` ;-)
<diytto> thanks so much guys
<diytto> i never would have found that issue
<sarnold> all sorted?
<diytto> yep, thanks
<sarnold> sweet :)
<shirgall> Hrm, the openssl update seems to have no changlog other than the Debian one.
<sarnold> shirgall: what are you looking at? it should be quite extensive: https://launchpad.net/ubuntu/+source/openssl/+changelog
<shirgall> This -> /usr/share/doc/openssl/changelog.gz has a link to ../libssl1.0.0/changelog.gz which is missing
<shirgall> But, the main thing is that it looks like logjam vulnerability, fixed in 1.0.1n, is not yet integrated, that's what I was trying to determine.
<sarnold> OH!
<sarnold> I see,  you're actuyally talking about the changelog.gz file. feel free to ignore that. what you want is the changelog.Debian.gz file
<shirgall> Yeah, it just surprised me that there was a dead link in openssl
<shirgall> At any rate, i was looking for CVE-2015-4000 and didn't find it
<friendlyguy> hmmm. quick question: i've installed htop, but i don't get any percentage numbers of core / ram usage
<mdeslaur> shirgall: the CVE-2015-4000 is actually about the TLS flaw, I didn't use it in the openssl updates. WIth the last openssl update, the export ciphers were disabled, and today's update rejects shorter than 768 dh params.
<mdeslaur> shirgall: do if you install today's openssl update, you're all set with the logjam mitigations
<shirgall> mdeslaur: yeah, i poked in gnutls, but while I was looking around, I noticed the dead line
<shirgall> link
<shirgall> mdeslaur: ok, cool, thanks
<friendlyguy> is there a way to install mate-core with gdm or lightdm on a ubuntu server? (without actually installing stuff like evolution-server and crap)
<sarnold> friendlyguy: apt-get install the specific leaf packages you want, they ought to drag in whatever they need
<mitfree> I have been using apt to update my 14.04 VPS and now my /boot is full. I've been unable to update. What is the right way to keep my /boot nice and clean?
<hexch> mitfree: clean up boot
<hexch> remove unused kernel.
<RoyK> next time, use a larger /boot
<RoyK> using 200 megs or so for /boot is nonsense
<RoyK> and as hexch said, clean up old stuff
<mitfree> https://img.bi/#/mOFiH0x!YtDlPwylaNEQyiyvgAwkhpoAUTBOpAGqgQlgXood
<sarnold> RoyK: didn't you have a nice short command last time this came up, something that looked way simpler than my usual method?
<RoyK> sometimes you can't remove old kernels easily because of a full filesystem - if so - "> whateverfileyouwanttotruncate" and start over
<mitfree> The image is from cloud at cost, so I didn't choose the size. I'm also having trouble with /tmp
<RoyK> sarnold: if you remove the file, apt will get angry - if you just truncate the file, it'll remove it easily
<RoyK> sarnold: truncate the file with something like "> /boot/thatfile" and do apt-get purge "thatpackage"
<mitfree> I posted the results of df -h
<RoyK> mitfree: tune2fs -m 0 /dev/sda1
<RoyK> mitfree: but remove the old kernels
<sarnold> RoyK: I hadn't heard that about the truncation! that'll save a ton of effort :)
<RoyK> sarnold: we all learn along :)
<mitfree> what do you mean by truncate exactly? is that just changing the file name or actualy editing the file by deleting parts of it.
<RoyK> mitfree: just removing its contents
<RoyK> mitfree: setting filesize to zero
<mitfree> intersting idea, I honestly hadn't thought of that.
<RoyK> mitfree: just don't truncate the live kernel
<_piggy_> Just did a new install of server 14.04. apt-get update says that kernel for utopic (not trusty) is being held back.  Any ideas?
<_piggy_> uname -a shows 10.04
<_piggy_> bah  14.04
<_piggy_> Just tested on another 14.04 and it does not show utopic
<RoyK> never had   that issue
<_piggy_> Ya. Me neither.  Starnge
<_piggy_> Strange that is.  One of those days...
<tarpman> _piggy_: run apt-get update and check again. yesterday I had some kernels held back because the metapackages showed up in the archive before the actual kernels did, but all has been ok today
<_piggy_> tarpman, will do   thanks.  BRB
<tarpman> _piggy_: regarding utopic vs trusty, servers installed from 14.04 or 14.04.1 media will have the trusty (3.13) kernel, servers installed from 14.04.2 media will have the utopic (3.16) kernel
<_piggy_> tarpman: That's the instll media I used.  Any idea for change?  Repositories show trusty too.
<_piggy_> tarpman: I assume it will be ok to proceed then?
<tarpman> _piggy_: I don't understand "Any idea for change?", sorry
<tarpman> _piggy_: there's no need to downgrade unless something is broken, if that's what you mean
<_piggy_> tarpman: Thanks.  You have been a good help. I will see if I can figure out why the kernel change happened.  Thanks!
<shirgall> _piggy_: you can learn more about the kernel changes here: https://wiki.ubuntu.com/Kernel/LTSEnablementStack
<_piggy_> shirgall:  Thanks.  Saw that not long ago.  Thanks for posting.
#ubuntu-server 2015-06-12
<pmatulis> does anyone here use atop? i'm wondering why debian/ubuntu is 5 years behind upstream
<Patrickdk> how so?
<Patrickdk> it's in universe
<Patrickdk> if someone wanted to update it, they would have
<Patrickdk> interesting, it is up to date with upstream, exactly up to date
<tarpman> pmatulis: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729614 seems to have some activity. looks like the maintainer is just busy...
<lordievader> Good morning.
<lordievader> pmatulis: I do.
<lordievader> It's on all my servers/vm's
<OpenTokix> What is the killer feature of atop?
<lordievader> It puts a lot of information together and it has better process tracking.
<lordievader> Very short lived processes are still seen by atop were top or htop might not show them.
<lordievader> OpenTokix: http://www.atoptool.nl/
<OpenTokix> cool
<OpenTokix> If you are workign with performance issues, - I can highly recommend any talk by brendan gregg, and also his tool collection on his github-page.
<lordievader> I don't have performance issues, but please share the talk :)
<OpenTokix> any talk, he has many
<OpenTokix> check out the youtubes
<lordievader> Allright, I'll check it out. Thanks.
<rbasak> jdstrand: kickinz1 has finished backporting and testing docker.io on Trusty. He can't see a failure that we were expecting with the AppArmor profile. I think you said we'd expect to have to remove the Unix socket support for it to work on Trusty?
<rbasak> jdstrand: any hints as to how to exercise the failure mode, or is it possible that it's working correctly without needing any changes?
<huwenfeng> in pxe installation, if the dhcp failed for some reason, like tempority network congestion, it will prompt the Configure TCP/IP screen. How can I prevent this screen from showing up? just let the system keep trying to dhcp to get the address?
<huwenfeng> like the problem describe in url : http://serverfault.com/questions/169295/kickstarting-an-ubuntu-server-10-04-installation-dhcp-fails
<huwenfeng> edition is not 10.04, but the problem is exactly the same.
<Guest99947> hello
<Guest99947> can any one help me , I have one sso server which have to make public. I have reverse proxy
<OpenTokix> Why the hell are you tryuing to kickstart a debianinstallation?
<OpenTokix> Nevermind, I dont want to know
<OpenTokix> huttan: you have the answer lower, - you need to add bootproto=dhcp
<jdstrand> rbasak: we should only see the failure if the policy has the newer rules. where are the packages?
<rbasak> jdstrand: test packages here: https://launchpad.net/~docker-maint/+archive/ubuntu/staging
<smoser> smb, around ?
<smoser> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1462530 has some more information now.
<smoser> leftycb posted his install log and a boot log full of errors (comment 27)
<smoser> my install yesterday that i thought was all happy, this morning shows errors like:
<smoser> [54550.928492] EXT4-fs error (device dm-9): htree_dirblock_to_tree:914: inode #7078166: block 28319821: comm updatedb.mlocat: bad entry in directory: directory entry across range - offset=0(0), inode=0, rec_len=98572, name_len=74
<smoser> i can get you access to borbein if you want.
<smb> smoser, hm ok. I will have a look
<teward> rbasak: sarnold: ping, when's the next server team meeting i need some input from the team on some nginx things... :/
<rbasak> 2 June, apparently.
<rbasak> zul: update the wiki page please?
<rbasak> teward: Tuesday at 1600 UTC
<zul> rbasak: oops
<teward> rbasak: OK, it's mostly a need to consult with others on Course Of Action - i'll bring it up at the meeting, and *hopefully* i can get enough time in my break at work to attend.
<teward> if not i'll drop an email to the server list
<rbasak> teward: sure. Stick it in the agenda please?
<rbasak> Not that you have to, but it'll help if others know what you're asking in advance so they can think about it.
<rbasak> The mailing list works too
<teward> rbasak: link, please, since Google's down for me, and my bookmarks accidentially explodified?
<teward> :P
<rbasak> teward: https://wiki.ubuntu.com/ServerTeam/Meeting
<teward> rbasak: i'll add it, and send a ML item on it.  Basically, Debian's making life hard :P
<rbasak> Thanks!
<teward> rbasak: should i put it under "Open Discussion" or its own item, say, after the events but before open discussion?
<teward> (first time adding a big item to the list xD)
<rbasak> teward: before open discussion I guess. It doesn't really matter. We're pragmatic and flexible :)
<teward> indeed
<teward> rbasak: added, and mailed to the list, assuming it doesn't get hung up in email limbo
<teward> rbasak: and I'm not kidding - the decision that has to be made is a doozy
<teward> 'cause it impacts Wily now, and likely the LTS
<teward> s/LTS/Next LTS/
<teward> and i need input from others before making a decision on my own :P
<teward> bah it's stuck in the mod queue
<teward> figures, i need to add this email back into the list :/
<teward> (not sending with @ubuntu.com means it's stuck)
<rbasak> jdstrand: http://paste.ubuntu.com/11702193/ is the gen.go with your patch applied in Wily, and http://paste.ubuntu.com/11701102/ is the profile kickinz1 generated using the Trusty backport. Which bit of that is expected to fail?
<rbasak> I don't see anything related to sockets. dbus maybe?
<teward> can someone unmoderate my email to the Ubuntu Server list, as it is in reference to an item I've put on the Server Team agenda?
<jdstrand> rbasak: ah thanks-- I got pulled aside. let me look
<rbasak> SpamapS, Daviey: ^^ ubuntu-server list admin please. You seem to be the only moderators ATM. Should that change?
<genii> Hm
<genii> Oh, mailing list
<jdstrand> rbasak: both will work fine for trusty, however wily doesn't have any 'unix' rules so it will fail
<jdstrand> rbasak: in other words, wily is missing something it needs that would have to be removed from the trusty backport, which is why trusty is currently ok
<jdstrand> rbasak: actually, I don't see anything in vivid's package for unix rules. I guess the base abstraction is sufficient
<jdstrand> rbasak: (the base abstraction has several unix rules)
<jdstrand> rbasak: so if wily and trusty test out, it should all be fine
<teward> rbasak: list moderators discussion - item for server team meeting perhaps?
<strikov> smb: smoser: https://bugzilla.redhat.com/show_bug.cgi?id=630911
<smoser> strikov, so maybe we just have to get the bindings file created
<strikov> smoser: it gets created when you install multipath-tools-boot
<strikov> smoser: it's just doesn't go into initramfs
<smoser> i thought i saw somehwere where it got copied.
<smoser> let me look
<strikov> smoser: we may have some issues with spaces there as well, here is what i have there inside a vm:
<strikov> mpath0 0QEMU    QEMU HARDDISK   ABCDEFGH
<strikov> mpath1 0QEMU    QEMU HARDDISK   HGFEDCBA
<SpamapS> rbasak: yes that should change...
<smoser>  strikov /usr/share/initramfs-tools/hooks/multipath
<smoser> see that.
<strikov> smb: smoser: and returning back to our discussion about a possibility to partition mpath devices; i just did it with cfdisk and i see /dev/mapper/mpath1-part1 automatically created w/o a reboot (so it was able to re-read pt)
<smoser> strikov, i think /etc/multipath/bindings is not getting created by multipath install
<strikov> smoser: hm, i see it in the vm
<strikov> smoser: just after installing the package
<smoser> really?
<smoser> hm..
<smoser> on my power8 system:
<smoser> $ sudo ls -altr /etc/multipath/bindings
<smoser> -rw------- 1 root root 528 Jun 12 13:42 /etc/multipath/bindings
<strikov> smoser: could you verify it on power?
<smoser> $ uptime
<smoser>  15:53:54 up  2:12,  1 user,  load average: 0.00, 0.01, 0.05
<smoser> smb said its not in the initramfs
<strikov> smoser: let me check my initramfs
<smoser> i think on power8 system there it got craeetd on first boot
<smoser> yeah..
<strikov> smoser: i have bindings file inside initramfs
<rbasak> teward: are you volunteering as the new list moderator? :)
<strikov> smoser: could you try to unpack power8's one?
<smoser> strikov, if you update-initramfs i suspect you will
<smoser> its not there. smb says it needs to be (as does your RH link)
<smoser> i dont know what creates it.
<smoser> but when we install the package
<smoser> we have daemons disabled from starting
<rbasak> jdstrand: OK. Thanks!
<strikov> hm, but we update initramfs from curtin, right?
<smoser> (which is by design)
<smoser> so i think something that creates it is not being run . and then not picked up.
<smoser> that make sense ?
<smoser> the multipath-tools package has 2 init.d scripts that would be urn
<strikov> let me replay the whole thing in vm and note when it gets created
<smoser> so on that system..
<smoser> i did:
<smb> smoser, initrd is unpacked on the host you showed me (which I am done with btw)
<smoser> lsinitramfs /boot/initrd.img-$(uname -r) | sort > out.orig
<smb> as done as I think I am with this week
<smoser> update-initramfs -u -k $(uname -r)
<smoser> lsinitramfs /boot/initrd.img-$(uname -r) | sort > out.new
<smoser> diff -u out.orig out.new
<smoser> +etc/multipath
<smoser> +etc/multipath/bindings
<smoser> thanks smb
<smoser> we just need to do something to get it created so that it can be collected
<smoser> running multipathd definitely creates it.
<teward> rbasak: heh
<smoser> service multipath-tools stop; rm -Rf /etc/multipath; service multipath-tools start;
<teward> rbasak: y'know, I WOULD, if it weren't for the fact I have work 9-10 hours a day, and college, and a few other things
<smoser> strikov, ^ after that, then /etc/multipath exists
<strikov> smoser: you run update-initramfs after the first boot in multipath mode, right?
<strikov> smoser: ha, you know what
<strikov> smoser: i figured out why i had bindings inside initramfs w/o all this mumbo-yumbo with update-initramfs
<strikov> smoser: to speedup things i created /etc/multipath.conf with friendly names *before* installing multipath-tools-boot
<rbasak> Daviey: are you OK to continue moderating the ubuntu-server list?
<Daviey> rbasak: I am indifferent, I probably only done about 3 (on request) approvals over the last year tho.
<teward> Daviey: if you can approve the one i sent from my trekweb.org address that'd be amazing
<teward> since it's related to the action / discussion item on the agenda for the server meeting
<rbasak> Daviey: as nobody else has stepped up, could you add me as a co-moderator please?
<rbasak> Daviey: and remove SpamapS I guess, unless he objects.
<rbasak> (I think he wants to step down unless I misunderstood)
<strikov> smoser: yep, i just confirmed ^^^
<strikov> smoser: so we can include the file into initramfs by shuffling curtin's code to create file before installing the tools.
<Daviey> rbasak: I seem not to have the password on this machine, looking.
<SpamapS> rbasak: you were correct, I think it's time for me to step down from that role that I haven't been doing anyway.
<Daviey> rbasak: I just sent an RT asking for a new password.  Once that is sent to me, i'll add you as a moderator and drop SpamapS.
<Daviey> strikov: TBH, you are probably better off subscribing and then sending it again.. Will be quicker
<teward> Daviey: i think you meant me? :)
<Daviey> err, yes - sorry
<teward> i'll resend then since i subscribed xD
<teward> thanks
<OliPicard> hi everyone was wondering how do you create a simple upstart script for Ubuntu? I want to turn this  su kippo -c /home/kippo/kippo/start.sh into a script form.
<sarnold> OliPicard: if you haven't found it yet, this guide is fantastic http://upstart.ubuntu.com/cookbook/
<sarnold> OliPicard: this can replace the 'su kippo' bit: http://upstart.ubuntu.com/cookbook/#setuid
<OliPicard> sarnold: Thanks, In the end as the script is only called during boot I went with rc.local to run the script
<sarnold> OliPicard: works well :)
<OliPicard> Yup :)
<sarnold> another option, since you're running it as as user, is the @reboot directive to vixie cron
<sarnold> I prefer your method if you're also the aadmin of the server
<sarnold> but if all you have is a user account, @reboot can be handy :)
<OliPicard> ah it's all good :)
<OliPicard> it's a honeypot i'm running at the moment
<sarnold> oo fun!
<OliPicard> Yup we have hits from China, Poland and Germany
<OliPicard> I'm going to modify the virtual file system and put some fake passwords in a txt file on the home directory to see if anyone notices.
<jrwren> i used to admin one of the largest honeypots in the world. atlas.arbor.net :)
<jrwren> it was a lot of fun.
<jrwren> also, darknet is fun
<teward> so, i had to migrate a domain nameserver to a new server IP, and apparently something's blocking it although I have ACCEPT in the rules for the firewall.  Should I talk to the VPS host?
<sarnold> teward: before doing so, check netstat -lnp output against nmap -p53 add.rre.ss output
<sarnold> maybe it's something simple like a bind address in a config file..
<teward> oooo good point
<teward> i forgot about that xD
<teward> sarnold: wow I feel stupid as sin now :/
<teward> it's the python!  it's been eating at my brains for three days while i rewrite poor code in the first place
<sarnold> python'll do that ;)
<teward> sarnold: especially when it was written POOR
<teward> and when it's on a Hardy box that management won't let me upgrade
<sarnold> hardy
<sarnold> wow
<teward> sarnold: and I had to do uname -a just to do that >.<
<sarnold> my second security update was for perl, and the hardy perl package gave me more trouble than all the other supported releases put together. I was not sad to see hardy EOL. :)
<teward> s/do that/figure that out/
<teward> sarnold: i'm sad that there's so many home grown python solutions
<teward> and i spent 4 days REWRITING THE LOGIC for a program just so it can check its pid better
<sarnold> sounds miserable :/
<teward> well it's DONE
<teward> and it WORKS
<teward> and work owes me money
<sarnold> :D
<teward> sarnold: the bind9 not binding to the correct IP resolved the issue
<sarnold> teward: woot :)
<teward> i feel silly not checking that XD
<teward> (and DNSSEC migrated over too which makes me hapy)
<teward> happy*
<sarnold> hehe, it's easy to overlook amongst everything else..
<teward> :P
<teward> sarnold: well, DNSSEC is relatively easier than I thought
<teward> at first I was all "WHY IS IT THIS HARD"
<teward> then I was like "Oh......... that's not that hard xD"
<sarnold> teward: it feels like the actual mechanics of what you need to do are simpler than the descriptions of what is done and why..
<teward> mhm
<sarnold> i've been happy to avoid running my own nameservers, so it's all acedemic to me anyhow
<teward> well i'm tired of zoneedit, and gandi doesn't update nameserver data fast enough, so i said "I'LL RUN IT MYSELF!"
<teward> not sad I did though because I had to set this up for work anyways for something xD
<sarnold> woo
<teward> and i have a set of 3 dedicated VPSes just for DNS
<teward> one master, two slaves
<teward> the glue records were the hard part
<teward> oh look i'm rambling again :/
<teward> sarnold: are you going to be present at the server team meeting on tuesday?
<sarnold> teward: I'm not planning on it..
<teward> ok.  i'd like sec team input eventually, the big issue: debian has nginx 1.9.1, which is Mainline, and a feature development branch.  stable is 1.8.x.
<teward> so...
<teward> can't do merging or anything until a decision on it is reached... by consensus
<teward> since it'll affect Wily and likely the LTS
<teward> i dropped an email to the server team list though :)
<teward> sarnold: although I do have info WRT nginx backporting critical fixes and security patches and helping with that, though
<teward> not a huge issue, but more one I would like input on from MORE than just me :P
<sarnold> teward: hmm, it looks sort of like debian doesn't have any 1.8 branches packaged up; is that correct?
<teward> sarnold: they skipped it, yes.
<teward> sarnold: although i can apply their packaging to 1.8.x, which I do in the PPAs anyways
<teward> (so it's not an issue to apply that then apply the existing Ubuntu delta)
<teward> pending a req from NGINX to remove the Ubuntu specific page and use the one they ship
<teward> which is another issue, but the version to go with for Wily+ is the bigger issue
<teward> sarnold: https://lists.ubuntu.com/archives/ubuntu-server/2015-June/007072.html is the email I dropped on the list
<sarnold> thanks
<sarnold> teward: awesome, thanks for the good context there :) -- going with 1.9.x for wily is probably the thing to do. I'd love to see nginx release 1.10 early enough in april for the packaging to adapt it before 16.04 LTS, but even if it's a "late" 1.9.x it'll probably be close enough to 1.10 for security updates to mostly apply.
<sarnold> teward: since they've only comitted to one year for the stable releases, four years of 16.04 LTS support will be backporting anyway. it's not like they have some lts releases and short-term releases..
<teward> sarnold: well, i have it on the authority of a senior dev advocate from nginx itself that they'll help backporting
<teward> since Ubuntu is one of the major OSes nginx is on
<teward> that includes security fixes too :P
<teward> sarnold: I think we should stick to what we already have present in Ubuntu - use stable, for Wily and LTS, wait for LTS+1 to get 1.10, then backport, but... *shrugs*
<teward> sarnold: as I said, I want MORE than just my thoughts to be known
<teward> sarnold: since I have no idea how long Debian will follow Mainline
<teward> (which is, of course, a in-development features-are-updating-and-being-created release)
<teward> sarnold: i also believe the April release date is going to be missed
<teward> April 21 is damn close to the release dates we usually release on
<sarnold> heh, they're sending signs of that already? :)
<sarnold> ahh I see
<teward> sarnold: estimating the same release timeperiod...
<teward> then we are cutting it microscopically close to FinalFreeze dates
<teward> granted I don't have the schedule for LTS here
<teward> sarnold: have I mentioned that this is Debian's fault?  :P
<teward> sarnold: the other option is "Do nothing, wait to LTS"
<teward> and i nitpick the fixes for a few bugs to fix those, and nothing more
<teward> (the NGINX PPAs still provide both Stable and Mainline for people that want newer)
<teward> i'm more concerned about the verison in LTS than Wily
<teward> especially with the Lua question
<sarnold> well, packaging "unstable" versions of upstream software for their unstable release makes some sense, might as well have the debian unstable userbase kick fixes up to nginx
<teward> mmm
<sarnold> not having any 1.8 is an odd unfortunate consequence but I can see how they got there, too, heh
<teward> mmm
<teward> it's debian's fault for that
<teward> sarnold: debian operates weird on this, Debian Release happens, they use Mainline in unstable, until April and the next Stable release
<teward> at least AIUI
<teward> sarnold: one option is to later upgrade 1.9.x in LTS to 1.10.x *after* release, but we get into Release hell that way
<teward> but as we get closer to LTS we can discuss that, depending on what we end up with the server team meeting, as I kinda want a consensus because Main is involved
<teward> (if it were just Universe I wouldn't hesitate as much xD)
<teward> oh shoot i have to add the email link to the Agenda page, crap!
<teward> there we go
<teward> sarnold: I'm not wrong in looping in the Server Team for input on this, am I?
<teward> (you're also free to voice in on the email, as well, as that'll all end up discussed at the meeting more)
<sarnold> teward: seems like a good idea to me, they know their user desires better than I do :)
<teward> sarnold: indeed, but they also have more say on it than I
<teward> sarnold: still, especially with nginx-core in Main, I don't want to make unilateral decisions xD
<teward> sarnold: can you consider emailing what your opinion is on 1.8.x vs. 1.9.x to the list?
<teward> so that others can also know there's some discussion on this
<teward> (especially so that by the time the meeting happens we're all uptodate)
<sarnold> teward: could you please bounce me a copy of the mail? seth.arnold@canonical.com
<teward> sarnold: yeah, is a forward sufficient enough?
<sarnold> teward: a bounce would thread instead.. if not, I'll look around for an mbox to download
<teward> explain "boucne" to me btw
 * teward is tired :)
<teward> after staring and beating Hardy python to dust i'm exhausted
<teward> the coffee is keeping me awake :)
<sarnold> teward: a bounce is a lot like an after-the-fact BCC: -- all the headers are left as they are in your mbox, including message-id, references, to, from, subject, etc; but the mail is delivered to whatever address was 'bounced' to
<teward> sarnold: mmm, i'm not sure I have the capability to issue that from here... at least, not in Thunderbird
<teward> (I'm also not a list admin so...)
<teward> is https://lists.ubuntu.com/archives/ubuntu-server/2015-June.txt not sufficient enough to use for mbox and such on it?
 * teward yawns
<teward> okay, i'm off to sleep before I fall asleep on my keyboard.  (messages logged)
<sarnold> teward: heh yeah looks like thunderbird reqauires a plugin fo rit
<sarnold> teward: good night! those headeers look good enough :)
<teward> sarnold: if you know of a thunderbird plugin that'd be great
<teward> and thanks, i'm headed off.
#ubuntu-server 2015-06-13
<tarpman> teward: there's a thunderbird plugin called "Mail Redirect"
<Avenged3> !ops | permaban HFSPLUS
<ubottu> permaban HFSPLUS: Help! Channel emergency! infinity, soren, lamont, mathiaz, Pici, Daviey, Tm_T, pmatulis, Corey, IdleOne, ikonia, funkyhat, Myrtti, ocean, genii, phunyguy!
<teward> tarpman: thank you
<diytto> howdy, does anyone know of a good openvpn server that is free/open source?
<diytto> i tried using softether, but am unable to get it to work reliably
<diytto> also, is it possible to resize my root partition? it takes up 1TB of space of my 3TB
<RoyK> parted, perhaps?
<RoyK> diytto: what does lsblk have to say?
<diytto> sorry, didn't get a ping
<diytto> one moment
<diytto> http://paste.ubuntu.com/11705476/
<teward> apparently I can't sleep.
<teward> sarnold: i can bounce it to ya if you haven't gotten it yet
<diytto> RoyK: see above link
<RoyK> diytto: I'd suggest a reinstall - if it's ext4 on the root partition, you can reduce it, but it'll have to be offline, so on a live cd of sorts, then you can reduce the size of the lv and add the space to the data
<diytto> well that sucks
<RoyK> diytto: if you haven't done this before, better reinstall, or at least, make sure you have a good backup
<RoyK> I've done this in the lab, it works
<RoyK> but keep in mind that data loss may occur
<RoyK> if you do something stupid
<diytto> it's a remote server and i have no physical access
<diytto> unfortunately
<RoyK> 1TB for the root is a bit over the edge
<diytto> RoyK: i would be willing to disable RAID and use that as a backup if that's possible
<RoyK> I wouldn't recommend it
<diytto> alright
<RoyK> I've been working with storage long enough not to trust a single drive
<diytto> yeah
<diytto> well i suppose i will have to wait until i can get another server
<RoyK> do you have console access to the thing?
<diytto> yeah
<diytto> i have full root access
<diytto> if that's what you mean
<RoyK> console?
<RoyK> as in, can you see the boot screen and boot it into single without networking enabled?
<diytto> what do you mean by console
<diytto> not that I'm aware of
<diytto> i can take another look
<RoyK> you can reduce the size of ext4, but only if the filesystem isn't mounted
<RoyK> if it's xfs, no way
<diytto> yeah i don't believe i have any kind of console
<diytto> it's a server from hetzner server auction
<RoyK> bad news for you, then
<RoyK> diytto: what you could do, if you're nasty, is to dd if=/dev/zero of=somewhere and make av pv on that
<RoyK> and add that and extend the vg
<RoyK> nasty business
<diytto> I'm not really looking to take any risks here :p
<diytto> wouldn't want to lost my 2TB of data
<RoyK> do you have a backup?
<diytto> not necessarily
<diytto> it's in RAID1 (not that that counts) but there is no exact copy
<RoyK> I've been through this with a few people that have lost data
<RoyK> WHY ON EARTH DIDN'T YOU HAVE A BACKUP????????
<RoyK> several cloud services exist
<RoyK> such as crashplan
<diytto> it's not exactly the most important data on earth
<diytto> this server is primarily a seedbox
<RoyK> is it important enoough to pay $5 a month_
<RoyK> ?
<diytto> really that's all?
<diytto> i could do that
<RoyK> that's what crashplan charges for a year term
<diytto> wow that's impressive
<diytto> and i can set it up without a gui access
<RoyK> $5 per month, that is
<RoyK> and yes, remote X works well
<diytto> hmm
<RoyK> I guess you have some sort of GUI on your desktop ;)
<RoyK> not many left of the lynx people
<diytto> i use os x on my personal computer
<RoyK> which supports X
<diytto> yeah
<RoyK> I use OS X myself
<diytto> how would i set up crashplan with the server
<RoyK> install the thing
<RoyK> start it
<RoyK> connect to your account
<RoyK> I use a Norwegian firm reselling crashplan - costs a bit more, but outside of NSAs work and a lot faster
<RoyK> crashplan is a bit slow at times - probably depends where your server sits, though
<diytto> RoyK: does it matter if it's home or business
<RoyK> don't think so
<diytto> ok
<RoyK> where are you located?
<diytto> RoyK: i am in the US, server is in Germany
<teward> what's the oldest ubuntu server edition that has Landscape support? 12.04 currently?
<diytto> RoyK: if i order this now would you be available to help me set it up? :p
<RoyK> diytto: you should be able to do it yourself rather instantly
<RoyK> diytto: and last I checked, crashplan.com's servers were in the US, but that might have changed for all I know
<diytto> RoyK: they appear to have a remote ui
<RoyK> diytto: both
<RoyK> I haven't used the web thing much - perhaps it has more now
<diytto> RoyK: i can use my dektop ui to access the remote engine
<diytto> kinda neat actually
<diytto> it uses ssh tunnel
<RoyK> ssh tunnels are neat
<diytto> do you think it's fine to literally just backup /
<RoyK> just get a backup of your data before you try to mess around with partitions
<diytto> alright easy enough
<RoyK> or try anything, really
<diytto> okay it's running
<diytto> i am backing up my apache configs and my webserver data
<diytto> as well as home directories
<diytto> nice, it's uploading files at like 20Mb/s
<RoyK> that's nice
<RoyK> just turn off deduplication on that client
<RoyK> google it
<diytto> RoyK: i did it and it didn't help at all lol
<sarnold> teward: woo, thanks for the bounce! I never did get mutt to handle that mail as an mbox. sometimes mutt drives me up the wall. I hope you finally got to sleep..
<diytto> Does anyone have a good alternative to the OpenVPN server? I'm looking for something without licensing fees
<TJ-> openvpn doesn't have license fees... what kind of alternative do you want?
<sarnold> diytto: when I reviewed the strongswan code I liked what I saw; but it's more complicated to configure
<diytto> TJ-: it does if you want more than 2 clients
<diytto> sarnold: I'll take a look
<TJ-> diytto: openvpn is licensed with GNU GPL v2
<sarnold> I've never heard of license fees for openvpn; are you perchance confusing a specific service provider that uses openvpn with the openvpn packages?
<diytto> https://openvpn.net/index.php/access-server/pricing.html
<TJ-> sarnold: I think so
<diytto> maybe
<TJ-> diytto: I've been using openvpn server for a decade; it is GNU GPL v2 licensed
<diytto> where the heck do i go to get a copy that doesn't use a licensing system then
<TJ-> diytto: "sudo apt-get install openvpn"
<diytto> what's the difference between the package and the version from openvpn.net
<diytto> are they not from the same team?
<sarnold> ask them why it's worth $90/year to find out? :)
<sarnold> my guess is this bit here, "enterprise management capabilities"
<sarnold> wtf that is :)
<diytto> :|
<diytto> okay, well this should hopefully solve my issues then lol
<TJ-> sarnold: probably a pretty wrapper around generating the configuration files
<sarnold> TJ-: it also lookslike they've got an embedded polarssl of some sort. I like polarssl, but it seems odd to embed it..
<sarnold> and openssl too! neat. two ssl libraries for twice the fun.
<sarnold> I wonder h ow they squared the gpl2 vs openssl SLEay license.
<TJ-> diytto: Looks like the company is trying to steer users to pay, they hide the open-source page of their site very well. I got to it via the Wikipedia article: https://openvpn.net/index.php/open-source.html
<diytto> wow okay
<diytto> that's ridiculous
<sarnold> I really don't blame them for trying to figure out a way to make a living from it; but it feels like they would do themselves a service by better reporting what the licenses buy.
<TJ-> diytto: but if you're using Ubuntu, always use the packages from the package manager using the command I showed you.
<diytto> yeah for sure
<TJ-> sarnold: I agree entirely ... especially when they talk about a 2-client 'evaluation' version
<diytto> okay, so i was using softether for vpn and it seemed like a good solution, except it didn't work well on my connection
<sarnold> TJ-: hehe yeah
<diytto> how can i remove it as a service
<diytto> :p
<TJ-> diytto: DIY :p
<sarnold> they probably installed initscripts into /etc/init.d/ or /etc/init/
<TJ-> diytto: It depends on how you installed it and what tools are provided to remove it
<diytto> yeah, but i assume i need to change the service so it doesn't start on boot?
<sarnold> if you're lucky they've got an uninstall somewhere :)
<diytto> i know where the script is etc
<sarnold> if you're not lucky you just get to rm -rf everything.
<diytto> i know the locations and where to delete, just not how to deactive the boot setting
<TJ-> diytto: does it start using upstart or sysv-init ?
<diytto> something with update-rc.d?
<TJ-> diytto: Yes, for sysv-init
<diytto> yeah so that one :p
<TJ-> diytto: for upstart, add a .override file with the "manual" option in it
<diytto> um
<diytto> i don't know what any of that means lol
<TJ-> diytto: You don't need to if the service uses sysv-init
<diytto> oh, gotcha
<diytto> alright, time to figure out how to configure openvpn :D
<TJ-> diytto: some good help here: https://help.ubuntu.com/community/OpenVPN
<diytto> awesome
<TJ-> diytto: first task is to generate your CA cert *but* I highly recommend doing that on a PC other than the server you're going to use it on
<diytto> why is that
<TJ-> diytto: I keep a separate secure VM image for doing that
<TJ-> diytto: because if the server is compromised someone can steal the CA private key and then generate certificates using it
<diytto> hmm that's a fair point
<linocisco> anybody with small fonts on ubuntu server console CLI ?
<lordievader> Good morning.
<wizzkidd> I've noticed that services such as couchpotato and sickbeard etc do not use an apache web server, hence why we can clone from their git, setup the configuration, and execute the website.py with python, and then magically i'd have a website running locally on my custom port.  How can I create my own little website in a similar way so that i can share it on my git repo?
<Kartagis> hi
<Kartagis> suppose I modified my zone, but didn't restart named. how long will it take to propagate (correct spelling?)? $TTL seconds?
<YamakasY> which version will be the next lts ?
<genii> YamakasY: All even numbered releases ending in .04
<lordievader> YamakasY: I thought 16.04.
<genii> Every two years in April
<YamakasY> ok
<YamakasY> thanks guys
<YamakasY> yes now I see indeed
<YamakasY> mhh I need sssd v1.12.2+
<YamakasY> we need lts for servers, I don't run shortterms anymore
<YamakasY> :S
<lordievader> You could theoretically pull just that one package from a newer release (you might very well run into dependency problems though).
<YamakasY> lordievader: yeah that is my issue, the package is in sid now
<friendlyguy> hi there!
<friendlyguy> some zfs users here? I've configure some smbshares through "sharesmb=on", which worked fine. but after a reboot they are "gone".
<friendlyguy> zfs get sharesmb still reports its turned on but when i try to connect there is nothing shared
<friendlyguy> can someone help me to get my ipmi interface working with ubuntu? -> i can follow the boot process via ipmi until i select ubuntu, after that the screen turns blank and i get "no signal" msg
<LeMike> damn this ssh installation. it want's me to mount a system partition that is already used by the system under /dev/mapper/system.... . how can I go on installing ubunut via SSH?
<lordievader> LeMike: What do you mean exactly? Something like a debootstrap install?
<pipitone> Hi. I've got NFS clients with occasional failing mounts ("Operation not permitted" on ls). dmesg shows piles of "NFS: Server tigrsrv reports our clientid is in use" and "NFS: state manager: lease expired failed on NFSv4 server tigrsrv with error 1" messages. Restart the NFS server/portmap works. Ubuntu 14.04. Any ideas why?
<pipitone> Also, remount without restarting the NFS server doesn't work ("operation not permitted"). If I wait long enough, the remounting on the client *eventually* is successful.
<cryptodan_laptop> pipitone: you need to setup up persistence and also look here https://help.ubuntu.com/community/SettingUpNFSHowTo I have used that guide with no issues
<diytto> does anyone here have experience with openvpn? I'm trying to figure out how to generate my client.ovpn files
<pipitone> cryptodan_laptop: what do you mean by persistence in this case? I followed the very guide when I setup NFS. It's been running for a long while just fine. I'm starting to suspect recent updates, but not sure what these errors mean. Have you seen them before?
<cryptodan_laptop> yes and usually means that IP addresses are changing and losing the connection states are the nfs servers on static?
<pipitone> cryptodan_laptop: yup, server and clients are static.
<cryptodan_laptop> pipitone: check the connection time outs and see if they are timing out
<cryptodan_laptop> can you show your exports config
<pipitone> cryptodan_laptop: I don't see anything in the nfs server syslog/kern/dmesg to do with NFS or time outs
<pipitone> cryptodan_laptop: exports here: http://pastebin.com/xSZcACp5
<cryptodan_laptop> pipitone: I would comment out line 12 and see if that changes things
<pipitone> cryptodan_laptop: curious, how come? I thought NFS4 needed an fsid root?
<cryptodan_laptop> pipitone: I dont have that and dont have timeouts or operation not permitted
<pipitone> cryptodan_laptop: are your mounts nfsv3?
<cryptodan_laptop> nfs4
<pipitone> cryptodan_laptop: weird. okay, worth a shot. Since the problem is intermittant, and I can't reproduce it, I'll have to report back later.
<pipitone> cryptodan_laptop: thanks for your help. btw, can I see your exports?
<cryptodan_laptop> here /home/cryptodan/public_html 192.168.1.0/24(rw,nohide,insecure,no_subtree_check,sync)
<pipitone> k
<pipitone> cryptodan_laptop: NFS is v. strange.
<pipitone> cryptodan_laptop: can you should me what your fstab looks like? for your public_html mount?
<cryptodan_laptop> im not on my desktop but let me generate it for my lap top
<pipitone> cryptodan_laptop: the ubuntu NFS guide does still say to use fsid, but then I just came across this: http://serverfault.com/questions/389189/understanding-nfs4-linux-server  which suggests that fsid isn't necessary, as you say.
<pipitone> It still doesn't explain why this behaviour just started up in the last week or so for us.
<cryptodan_laptop> I just follow this nfs-server:/   /mnt   nfs    auto  0  0
<pipitone> cryptodan_laptop: so you don't use nfs4 explicitly... interesting
<pipitone> cryptodan_laptop: and under /mnt/ do you get public_html? or /home/cryptodan/public_html?
<cryptodan_laptop> I put /home/cryptodan/public_html
<cryptodan_laptop> pipitone: here is my mount print out 192.168.1.8:/home/cryptodan/public_html on /home/cryptodan/public_html type nfs (rw,vers=4,addr=192.168.1.8,clientaddr=192.168.1.14)
<cryptodan_laptop> pipitone: can you show me your fstab
<pipitone> tigrsrv:/projects /projects  nfs4    rw,bg,hard,intr
<pipitone> so my mount output is: tigrsrv:/projects on /projects type nfs4 (rw,bg,hard,intr,addr=172.25.9.71,clientaddr=172.25.9.70)
<cryptodan_laptop> try just using the auto in fstab and see if you get the time outs
<cryptodan_laptop> or not using a name but the IP address
#ubuntu-server 2015-06-14
<MACscr> any advice for simply switching to the virtual kernel and thus updates will keep using thew newest virtual kernel as well?
<jak2000> hi all
<jak2000> how to change the ip of the server?
<lordievader> Good morning.
<Gregor3000> hello i need help with SSH i keep getitng the passphrase qustion: Authenticating with public key "imported-openssh-key" ; Passphrase for key "imported-openssh-key":
<Gregor3000> once i enter it it authenticates but when i exit and try to login again it asks for password again.
<Gregor3000> i am using putty and i imported the linux key hence the comment -  "imported-openssh-key"
<lordievader> Gregor3000: The passphrase is whatever you set it to.
<Gregor3000> i've entered it but when i logout and again log back in i again get the prompt. i dont' want the server to asks for passphrase every time
<Gregor3000> PasswordAuthentication no
<Gregor3000> ah it means i need to create a key with no passphrase?
<lordievader> Gregor3000: No, that is a bad idea. You need to run an ssh agent.
<StathisA> need some help with apticron...had it all working correctly - sending daily notification from cron.d etc, but had to change the notification time. Now whatever time I enter I do not get any notifications. If I manually do a "sudo apticron" I get the notification alright
<StathisA> so smth is wrong with the cron.d schedule?
<StathisA> syslog : Jun 14 14:10:01 servername CRON[1008]: (root) CMD (if test -x /usr/sbin/apticron; then /usr/sbin/apticron --cron; else true; fi)
<StathisA> but nothing else after it
<StathisA> if i do a manual "sudo apticron" I see the mail going out in the syslog...
<StathisA> via localhost postfix
<StathisA> and I receive it too on my mailbox
<StathisA> so somethings up with the cron job i think
<YamakasY> any help with building a sssd package ?
<DWSR> Hey all, I have installed Ubuntu Server 14.04 into a Hyper-V VM. I installed linux-virtual through apt but it is not being loaded by default and there is no grub menu to select which kernel I want. How do I remove all of the generic kernels from my system and force virtual?
<DWSR> Hey all, I have installed Ubuntu Server 14.04 into a Hyper-V VM. I installed linux-virtual through apt but it is not being loaded by default and there is no grub menu to select which kernel I want. How do I remove all of the generic kernels from my system and force virtual?
<RoyK> DWSR: AFAIK the virtual kernel package is just a metapackage these days
<RoyK> DWSR: the normal kernel packages work well
<DWSR> Oh, really? :(
<DWSR> RoyK: Someone should tell Microsoft then: https://technet.microsoft.com/en-us/library/dn531029.aspx?f=255&MSPPError=-2147217396
<DWSR> Ah yes, you are correct.
<DWSR> http://packages.ubuntu.com/trusty/linux-virtual
<DWSR> When did that change?
<RoyK> DWSR: not sure - some years back
<DWSR> Oh well, that answers that. Might build a custom kernel that strips out some of the hardware support.
<RoyK> no need
<RoyK> drivers are only loaded when needed
<RoyK> DWSR: do you have problems you're seeking to fix, or is it just the thought?
<DWSR> RoyK: I'm a bit constrained on resources, so making the kernel smaller seems like a reasonable way to optimize.
<DWSR> But I completely forgot about DDL.
<DWSR> Eh, probably more trouble than it's worth, then
<jak2000> hi all
<jak2000> how to disable, my server sleep, i dont want the server sleep, tahnks
<xperia> Hi all. My Ubuntu Server is under a spam attack at the moment and i need help with ip tables to block this Spammers. My question is how can i list all the tables with iptables so i can only export a specific table or better target. i have a script that log all attacks and i can create a file list specific for iptables to import it but i need to know how exactly this file need to look a like.
<zermanno> Hi, which are the common ways to analyze log files? As an example, how people query apache logs?
<teward> is there a way for me to force IPv4 resolution preferable to v6 on servers?
<teward> i haven't set up v6 routing yet on some of my VPSes so they fail updates, i'm just doing manual v4 /etc/hosts entries
<teward> (14.04 VPSes)
<maswan> don't configure a global v6 address if you don't have it working?
<teward> maswan: i don't have one configured?
<teward> unless something is doing it without telling me
 * teward shrugs
<teward> i should set up at least one v6 imo *shrugs*
<maswan> ip addr list
<maswan> will tell you
<jelly> maswan: the resolver library tends to give AAAA records in some cases regardless of a globally routable ipv6 being set up or not
<maswan> Ok, I don't run many v4-only systems anymore
<maswan> but that used to be the semantics of it
<teward> it's only a temporary thing, but meh
<teward> v6 is finnicky on this box
<teward> s/this box/these boxes/
<teward> mm, looks like v6 is still getting set as a route
<teward> but then it fails
<teward> god i hate myself
<teward> i accidentally ip6tables'd the rules such that lo was accepted but RELATED,ESTABLISHED going outbound from apt and such was getting bounced
<teward> routing was fine though apparently :/
<RoyK> teward: hehe
<xperia> hi all. what is the best way to increase the amount of possible parallel connection for apache2 on ubuntu. sometimes i have spamer attacks with over 1000 Connection that blocks everything at once. need help with this. thanks for any tips.
<bekks> Drop his connections instead of pointlessly increasing the total number of connections.
<xperia> bekks: thanks a lot for your tip. yes droping the connection sound good but how can i find out which connection to drop and if possible to log this droped connections so i can use iptables.
<bekks> Investigate your webservers log files.
<xperia> i dont see any errors for timeouts in the apache log files. not sure if apache logs tmeouts by default.
<bekks> Why do you search for timeouts?
<bekks> Investigate the log files to see how and from where your spamming is actually spamming.
<bekks> It has nothing to do with timeouts. Timeouts only occur of your webserver cant handle the requests anymore.
<xperia> bekks: for what else should i search else ? the connections by apache are closed after 10 seconds timeouts so it would be good to log this problematic connections. i dont see however this spammer connection anywhere in the logs however i see them on the router allways in a 10 Minute Interval.
<bekks> I just told you what to look for.
<xperia> okey i have found a good monitor tracker for apache2 to get a insight what is going on with the server. think this will help a little to isolate the problem much more.
#ubuntu-server 2016-06-13
<Belldandu> Hey guys
<Belldandu> http://i.imgur.com/pm4ClLI.png
<Belldandu> ^ that has to be a bug
<Belldandu> There is no way thats right. Especially since lets encrypt has been out for a while and im pretty sure that doesnt happen on debian since my domain uses lets encrypt and i've never had that issue before.
<Belldandu> Nope im wrong
<Belldandu> people are incorrectly configuring lets encrypt on their sites
<Belldandu> https://github.com/certbot/certbot/issues/3159
<marlinc> I noticed zul, I wanted to say that the Debian package info still points to https://github.com/lxd/nova-lxd as homepage. I can't find the Debian package files in the new repo
<Xin> lol why is like 90% of the ubuntu server minimal install selecting locale stuff
<Xin> xD
<toshywoshy> I get wsrep errors when starting up mariadb up with mariadb-server + galera packages, is there some other package required to enable galera function
<exxi> anyone using kvm/qemu ?
<jamespage> rbasak, hey - are you around? I'm still struggling to wrap my head around this nested directory rename issue in ceph if you have time to help me think it through
<toshywoshy> does mariadb-server have galera extentions built-in ?
<rbasak> jamespage: o/
<jamespage> rbasak, good morning!
<rbasak> jamespage: I would look through the implementation of dpkg-maintscript-helper.
<rbasak> jamespage: then try to find something that is simple but still works for your case.
<rbasak> It will be a hack but I think that's the best we can do.
<jamespage> rbasak, yah that's the best I could think of as well
<ShekharReddy> hello, http://kopy.io/JyG6e is this an incorrect configuration
<ShekharReddy> ?
<bekks> Test it using apachectl configtest
<jamespage> rbasak, http://anonscm.debian.org/cgit/pkg-ceph/ceph.git/commit/?h=ubuntu-yakkety&id=b65513d8bcc4a63e91f72df1139693b36f849f04 quick second pair of eyes before I upload that to a PPA? I did somet esting with a smaller test-ceph fake package to avoid the 2 hr build lags...
 * rbasak looks
<ShekharReddy> bekks:  how can i test that, I am lill new to apache2 serve
<bekks> Place that config somewhere it gets evaluated by apache, then run the command given.
<ShekharReddy> what i want to ask is do we require to say explicitly using the Listen statement at the top
<bekks> Sure.
<ShekharReddy> is it required ?
<bekks> Yes.
<bekks> You need to tell your webserver which port you want to use.
<ShekharReddy> I said that in <VirtualHost *:3000>  bekks
<bekks> IF you want your Virtualhost to be listening on port 3000, you need that.
<jamespage> rbasak, its bascially the dpkg-maintscripts-helper thing adapted to deal with the directory nesting...
<rbasak> jamespage: what if I had modified /etc/default/ceph/ceph before to source /etc/default/ceph/foo?
<rbasak> jamespage: I don't see any way of fixing that, but I would want to preserve /etc/default/ceph/foo, perhaps in /etc/default/ceph.dpkg-remove/foo.
<jamespage> rbasak, hmm so check for anything other than ceph in the dir and abort the removal if found?
<rbasak> (or dpkg-old or something)
<rbasak> jamespage: I was a little surprised that you were renaming to /etc/default/ceph.dpkg-remove. Let me ponder this.
<jamespage> rbasak, tbh the likely hood of that is minimal - this only exists since xenial release, and all of the users of /etc/default/ceph source that file, not the nested one...
<jamespage> rbasak, so I wonder how far I really need to take dealing with the unknown here
<jamespage> I suspect that most users may have created their own /etc/default/ceph
<jamespage> hmm - now I probably should with that or maybe dpkg might do that anyway
<jamespage> lemme check
<jamespage> hmm but they can't because of the dir...
<jamespage> ok
<rbasak> jamespage: how about in the preinst you rename only /etc/default/ceph/ceph to /etc/default/ceph/ceph.dpkg-remove if the md5 matches. Then in the postinst, rename /etc/default/ceph to /etc/default/ceph.dpkg-old, rename /etc/default/ceph.dpkg-old/ceph to /etc/default/ceph if it exists, remove /etc/default/ceph/ceph.dpkg-remove if it exists, then remove /etc/default/ceph/ceph.dpkg-old if it is empty?
<jamespage> that's slightly neater
<rbasak> jamespage: I agree about dealing with the unknown - I'm just keen on preserving a customised file rather than deleting them even if a user still needs to fix up.
<ShekharReddy> bekks:  http://kopy.io/nLW9Y  i get this error when i restart the server
<ShekharReddy> after adding the line listen 3000
<rbasak> jamespage: with my logic above you'll also need to fix up postrm to reverse the dpkg-remove in the subdirectory only.
<bekks> ShekharReddy: So did you do what the message tells you?
<RoyK> ShekharReddy: se the error log
<RoyK> s/se/see/
<rbasak> jamespage: perhaps also file a bug against dpkg-maintscript-helper asking for support of your subdirectory use case :)
<rbasak> jamespage: it might be worth explaining in a commoent or the changelog or something why you aren't just using dpkg-maintscript-helper. Also, do you need any consideration of version numbers for Debian?
<jamespage> rbasak, no
<jamespage> (debian version numbers)
<jamespage> yes - comments
<ShekharReddy> RoyK:  http://kopy.io/Lirlh  what does this mean ???
<jamespage> rbasak, reworked - http://paste.ubuntu.com/17287347/
 * rbasak looks
<RoyK> ShekharReddy: (98)Address already in use: AH00072: make_sock: could not bind to address [::]:3000
<ShekharReddy> (98) ?? what does this mean
<RoyK> ShekharReddy: something else is listening on that port - check netstat -lnop --tcp
<jamespage> oh wait thats not quite right...
<jamespage> rbasak, no that does not work because of the new incoming /etc/default/ceph file...
<jamespage> rbasak, I think I'll just preserve it in a different way
<rbasak> jamespage: ah.
<rbasak> jamespage: in that case, maybe rename /etc/default/ceph to dpkg-old in the preinst, then rename it back in the postrm rollback if necessary?
<rbasak> I guess that's what you were doing before, sorry.
<ShekharReddy> http://kopy.io/phuie i don see anything listening on port  3000 RoyK
<jamespage> rbasak, ok take three - http://paste.ubuntu.com/17287431/
<ShekharReddy> bekks:  hello, can u also look into that issue i mentioned above
<bekks> ShekharReddy: Did you define another VirtualHost for port 3000?
<ShekharReddy> No
<ShekharReddy> I added the line Listen 3000 to already existing on e
<ShekharReddy> i.e the one which i have mentioned earlier
<bekks> Show us your exact config please.
<jamespage> rbasak, that approach will preserve foo in /etc/default/ceph during an upgrade
<bekks> And show us the output of "apachectl configtest" too.
<jamespage> just tested that
<jamespage> rbasak, so close
<jamespage>  cannot remove old backup config file '/etc/default/ceph.dpkg-old' (of '/etc/default/ceph'): Is a directory
<jamespage> dpkg-old confuses dpkg...
<ShekharReddy> bekks:  http://kopy.io/vjGyw conf file
<jamespage> as it should be a file or link, not a directory
<jamespage> I might have to use dpkg-backup
<ShekharReddy> bekks:  http://kopy.io/tVd1t  apachectl configtest  output
<bekks> ShekharReddy: Either use port 3000 in line 1 or in line 2.
<rbasak> jamespage: ah, I didn't realise dpkg would touch it again after a rename, sorry.
<rbasak> jamespage: yeah, dpkg-backup should be fine
<jamespage> rbasak, yup - works ok
<jamespage> rbasak, just thinking I should actually remove it if there is noting in the directory post move
<rbasak> jamespage: agreed
<rbasak> rmdir appears to have an --ignore-fail-on-non-empty
<Xin> any mysql guru's in here?
<rbasak> Probably not POSIX but shouldn't matter for Debian
<bekks> Xin: Depends on your question.
<Xin> I need to make my mysqld accessible ONLY to local network devices
<bekks> Which is the default configuration.
<Xin> oh yeah?
<Xin> sweet
<bekks> Yeah, look at the config.
<Xin> surprisingly easy answer haha
<sarnold> double-check it with netstat
<Xin> true, good tip!
<Xin> hmm, nah doesn't seem to be
<Xin> whats its port number by default? like 3309 or something?
<bekks> Look at the config :)
<Xin> I looked at everything in /etc/mysql and /etc/mysql/conf.d but there didn't seem to be anything except it pointing to a .sock file
<ShekharReddy> bekks:  should the document root be set to myproject/public
<ShekharReddy> ?
<Xin> but even that file had like 20 lines
<ShekharReddy> is it compulsory  that a public folder be there ?
<bekks> ShekharReddy: Depends on how you want to setup your webserver.
<Xin> like...
<Xin> http://prntscr.com/bfs9by
<Xin> wat is this lol
<ShekharReddy> i mean i don have the public directory in the repo
<bekks> Xin: An empty config section.
<Xin> bekks; the mysqld.cnf in the folder above that just includes this folder
<Xin> oh hang on
<Xin> yeah wtf lol
<Xin> ok found it haha
<Xin> that was utterly needlessly overengineered
<bekks> What exactly are you talking about?
<Xin> yeah default setting is localhost only as I suspected
<bekks> You did not suspect it, I told it to you ;)
<Xin> theres a full 3 folders of cnf files, some that just include other folders that only have empty config sections etc
<Xin> for what is, in the end, like a 100 line config file
<Xin> how did you tell me that? :|
<Xin> Xin> I need to make my mysqld accessible ONLY to local network devices
<Xin> <bekks> Which is the default configuration.
<Xin> local network as opposed to internet..
<Xin> not local host
<Xin> xD
<bekks> Configure your firewall then.
<Xin> nah, found it, set the bind-address, just gotta restart hopefully
<sarnold> also configure your bind or listen addresses appropriately
<sarnold> belts and suspenders and so on
<Xin> root@dev:/home/swim# service mysqld restart
<Xin> Failed to restart mysqld.service: Unit mysqld.service not found.
<Xin> wat is this
<Xin> lool
<Xin> ok its just mysql
<Xin> CRISIS AVERTED
<ShekharReddy> bekks:  i want to configure this locally https://github.com/ShekharReddy4/atlas-mock-id which is a mock auth for an app i am gonna develop
<Xin> hmm no port 3306 as per the config in my netstat
<Xin> hm hm hm
<ShekharReddy> the problem is when i login as said in the readme in the above link i always redirected to the same page again which is login page
<bekks> Xin: Because it is using a socket.
<Xin> it is capable of doing both
<ShekharReddy> i mean i am kind of in a loop (login page --> i enter the credentials --> press the login and---> login page )
<ShekharReddy> guys this is irritating me  from yonks
<bekks> Xin: Yes. Either port or socket.
<ShekharReddy> bekks:  did u get my problem ?
<Xin> No theres no reason it cant support ALL IPC methods simultaneously
<Xin> like any db server
<Xin> but, what setting would you propose I change except the bind-address
<bekks> Xin: Well, if you know better, I am out.
<Xin> there doesnt seem to be a lot here
<sarnold> I think mysql lets you add new lines as needed, right?
<Xin> sure
<ShekharReddy> sarnold:  can u also please  look into my issue ?
<Xin> I just added an iptables rule to allow it
<Xin> but that wouldnt have been the issue anyway
<sarnold> ShekharReddy: sorry, I've never heard of atlas before
<ShekharReddy> hey atlas is my project, i feel it is something related to config
<jamespage> rbasak, I'll do a little conditional check first prior to removal
<jamespage> ok uploaded to ppa for xenial testing -thanks for the reviews...
<Xin> oh dope you can use % for chunks of the ip addr
<ShekharReddy> seems u din get my problem sarnold , i will explain it again, i setup the server locally for the above mentioned project
<ShekharReddy> and when i ran it, is working fine , but i am unable to move out of the login page
<Xin> stilllll no entry in netstat for mysql OR 3306
<Xin> hm hm hm
<Xin> ohh the recommended way is apparently to ssh in
<Xin> I wonder how that works with php etc..
<Xin> oh, if I try to connect to it
<Xin> I get; ERROR 1130 (HY000): Host '10.0.0.3' is not allowed to connect to this MySQL server
<Xin> hrm
<Xin> not sure why it wouldnt show up in netstat though
<bekks> 10.0.0.3 isnt localhost
<Xin> thats the vm I just tested it from
<Xin> :P
<bekks> Can you pastebin your config then?
<Xin> I can, but all I have done as of right now is comment out the bind-address line
<Xin> which supposedly makes it bind to all interfaces
<bekks> And which port?
<Xin> 3306
<Xin> default
<bekks> The default is a socket ;)
<Xin> from that error though
<Xin> it is contacting the server
<Xin> its just not allowed
<Xin> so I need to use some form of GRANT line
<Xin> which I have nfi about
<Xin> apparently I cant do  CREATE USER 'username'@*
<Xin> CREATE USER 'username'@'*' seemed to work
<sveinse> How can I disable mdadm? I get "W: mdadm: /etc/mdadm/mdadm.conf defines no array". mdadm is installed, since the ubuntu-server packages depends on it. 16.04
<Xin> I can only guess thats the correct syntax
<Xin> nah that didnt work either
<Xin> hmm
<Xin> this is starting to annoy me
<ShekharReddy> how can we change a file mode in a project
<ShekharReddy> does that effect the installation of the project in anyway
<bekks> ShekharReddy: ?
<ShekharReddy> bekks:  i am unable to get out of that login page
<bekks> ShekharReddy: So check your logs.
<ShekharReddy> bekks:  http://kopy.io/K106E
<ShekharReddy> bekks, what is undefined index
<ShekharReddy> ?
<bekks> A not defined index.
<ShekharReddy> can u provide a solution or some guidance on how to resolve it
<ShekharReddy> bekks:  ^^
<bekks> No. I have no clue about which project you are using there nor how you configured it upon installation.
<jamespage> coreycb, ddellav: I think the b1 announce is good to go...
<ShekharReddy> bekks:  atleast ideally what is the cause of this error ??
<bekks> ShekharReddy: I have no clue about which project you are using there nor how you configured it upon installation.
<ShekharReddy> ok
<ShekharReddy> http://kopy.io/1iVsR  error ?? any hacks on how to resolve this
<sarnold> are there errors? I see three notices and one warning
<dasjoe> sarnold: I think it's a hopeless case, they are assuming we would be doing their job of configuring Apache, MySQL and PHP
<sarnold> dasjoe: all things I've gone out of my way to avoid using.. :)
<ShekharReddy> http://kopy.io/i6cDs facing this error, any help ?
<bekks> ShekharReddy: What did you do before?
<ShekharReddy> removed the mcrypt from php.ini
<bekks> Why did you remove it?
<ShekharReddy> i get a warning, googling made me remove it http://stackoverflow.com/questions/21923534/php-warning-module-mcrypt-already-loaded
<ShekharReddy> bekks:  ^
<ikonia> mycrypt...ugh
<ikonia> roll on php 7.1
<bekks> So what exactly did you remove?
<ShekharReddy> in php.ini i removed the extension
<ShekharReddy> extension = mcrypt.so something like that
<sarnold> ShekharReddy: please explain why you think that is an error.
<ShekharReddy> it says module mcrypt is already loaded so i thought that might be the issue of redundancy
<bekks> ShekharReddy: Did you remove something else?
<ShekharReddy> sarnold:  ^
<ShekharReddy> bekks:  no
<ShekharReddy> i added a line in the code but that is related to unidentified index
<Xin> hey peeps I asked in #ubuntu hours ago but we didnt really get anywhere
<Xin> I have an ubuntu server box and a xubuntu box
<Xin> the xubuntu box can ssh into the server box
<Xin> BUT only using its IP
<bekks> So fix your DNS.
<Xin> BUT, the server box pings fine
<Xin> nah dns works on every other box, and resolves fine for pings
<bekks> Obviously it doesnt work that fine.
<Xin> ohh unlesssss
<sarnold> iirc ping includes its own resolver code and doesn't use the nss resolver
<Xin> I installed a dns server on my ubuntu boxxx
<Xin> how do I uninstall that
<bekks> How did you install it?
<Xin> marked "DNS Server" in the net installer
<bekks> Check if bind is installed, uninstall it.
<Xin> no bind :(
<bekks> So check the services running, and uninstall the DNS server software.
<sarnold> try dpkg -l bind9
<Xin> sarnold; nice work
<Xin> rebooting and hopefully thats all good
<Xin> cant believe I didnt remember that before
<bekks> No reboot needed.
<Xin> cant hurt :P
<bekks> It kills kittens.
<Xin> ohshiiii
<Xin> I DIDNT SIGN UP FOR THIS
<Xin> If I made an OS
<Xin> id call it Putin
<Xin> Computin the putin bootin
<dr4c4n> does anyone know how to do ip aliasing on the new ubuntu server 16.04?
<maswan> as in more than one address per interface?
<dr4c4n> yes
<dr4c4n> I've tried the old method with the :0 or :1
<dr4c4n> but it's not working
<dr4c4n> in /etc/network/interfaces
<maswan> just add multiple address lines to the interface def
<dr4c4n> so it would look like:
<dr4c4n> iface eth0 inet static
<dr4c4n> address x.x.x.x
<dr4c4n> address x.x.x.x
<dr4c4n> ?
<maswan> yeah
<dr4c4n> tried that it's not happy with me
<maswan> huh
<dr4c4n> so I have: iface enp3s0 inet static
<sdeziel> doesn't work for me either
<maswan> I don't have all my good prompts with me right now to cut and paste from our production machines right now
<sdeziel> I'm used to add additional IPs with a "post-up" line
<dr4c4n> and it doesn't show the additional address aliases when I type in ifconfig a-
<maswan> https://wiki.debian.org/NetworkConfiguration#Multiple_IP_addresses_on_one_Interface
<maswan> multiple iface defs
<dr4c4n> but not  using the :'s right?
<maswan> no, not the :
<dr4c4n> so I have tried : auto enp3s0
<dr4c4n> iface enp3s0 inet static
<dr4c4n> address x.x.x.x
<dr4c4n> iface enp3s0 inet static
<dr4c4n> address x.x.x.x
<dr4c4n> and it says nope
<RoyK> try adding "up ip addr add x.x.x.x/mask" at the end
<RoyK> and btw iproute2 isn't "new" it's 10+ years old
<maswan> yeah, but people are still using :1 and that's ifconfig syntax
<dr4c4n> well the last time I configured aliases, I did it with the :'s and it worked
<dr4c4n> and I was happy
<RoyK> dr4c4n: and now you're dreadfully unhappy because someone wrote a better interface? ;)
<dr4c4n> better is questionable
<dr4c4n> and I don't like change
<RoyK> just piss off, ok? we don't need complaints about what's better or worse
<dr4c4n> thanks for their help
<jelly> doing it in an up line is a hack, I think setting an address and a netmask is supposed to work
<maswan> jelly: yeah, it's supposed to work, but I don't have access to any of my xenial machines right now to test, so, well..
<RoyK> jelly: it's not a hack, it's the new way
<jelly> RoyK: it's a hack that existed before ifupdown 0.7
<RoyK> jelly: sometimes things improve, like going from LILO to Grub to Grub2 etc
<jelly> (0.7 is when ifupdown switched to iproute as backend)
 * RoyK installs minix on jelly's box
<jelly> calling an arbitrary command is not improvement
<dr4c4n> does anyone know where the documentation for iproute2 is?
 * RoyK gives up
<maswan> yeah, but configuring multiple addresses without fake-naming the interfaces :n is an improvement
<maswan> dr4c4n: that debian wiki page is the best one I've found
<jelly> dr4c4n: you don't want iproute docs, you want ifupdown docs, ie. interfaces(5), to see what syntax is actually supported before resorting to calling ip manually
<dr4c4n> thanks a lot jelly
<jelly> RoyK: I've had a for loop with ip a ad... in an up line back in 2003 on... sarge, maybe?  Yeah it's a hack, and not a new one
<RoyK> perhaps we should create a registry like windows with all the configuration stuffed into a database and make jelly and all happy
<dr4c4n> maswan: link?
<maswan> dr4c4n: https://wiki.debian.org/NetworkConfiguration[6~
<maswan> dr4c4n: https://wiki.debian.org/NetworkConfiguration
<jelly> RoyK: I'm not sure you're getting the point, {pre-,post-,}{up,down} are workarounds by definition, being able to run an arbitrary command is left as a fallback option when you can't configure something any other way
<dr4c4n> maswan and jelly: I found this as a really good reference, but my question is: how do I make the ip address add permanent other than modifying the /etc/network/interfaces file?
<jelly> no other way
<jelly> well, I'm lying a bit there.  Technically, there's systemd-networkd, and there's NetworkManager too and its nmcli, but the support you're going to get in ubuntu 16.04 for those may vary.
<jelly> picking any of those basically means abandoning /e/n/interfaces
<dr4c4n> is there a legacy mode for keeping the ifconfig method because the manual approach is retarded
<maswan> well, you *could* write your own custom init script that does an "ip addr add" command once the interface is up, to make it permanent. but that seems an unnecessarily complicated way of diong an up-hook.
<dr4c4n> why change what was working??!?!?!
<maswan> dr4c4n: the :n stuff didn't really work, it never worked for ipv6 addresses for instance
<maswan> dr4c4n: but if multiple instances with the same name doesn't work, like it shoudl from the debian wiki instructions, I think that's a bug.
<jelly> dr4c4n: the ifconfig method was never permanent, either
<dr4c4n> so i followed the debian wiki example exactly.
<dr4c4n> and I get cannot assign requested address
<jelly> dr4c4n: show your work: pastebin the complete file, and pastebin the output of "ip a" after boot or after "ifdown someiface; ifup someiface"
<coreycb> jamespage, ddellav: for my ci shift today I pushed cinder updates for newton, uploaded python-oslo.policy 1.9.0 to yakkety (fixes keystone), and uploaded python-oslo.concurrency 3.7.1 to mitaka (sru fixes nova/keystone failures)
<LJHSLDJHSDLJH> how to shutdown ubuntu server without having to login if I decided to do so at the login terminal
<LJHSLDJHSDLJH> it's seems very stupid to login just shutdown the server
<LJHSLDJHSDLJH> :/
<jelly> LJHSLDJHSDLJH: personally I don't like unauthed personnel to be able to shut down a server
<LJHSLDJHSDLJH> such a person offered a login terminal can unplug the power the cables
<sdeziel> LJHSLDJHSDLJH: if you can send an ACPI signal to the machine it should obey to it
<patdk-wk> that should be simple
<patdk-wk> just make a poweroff user that runs poweroff :)
<patdk-wk> or, why not just have it obay the power button?
<patdk-wk> one press should start the poweroff scripts
<sdeziel> patdk-wk: yeah, the power button should send the proper ACPI signal
<dr4c4n> jelly:
<dr4c4n> http://pastebin.com/xdb6KmsA
<coreycb> ddellav, is bug 1587589 tested?
<ubottu> bug 1587589 in keystone (Ubuntu Wily) "[SRU] liberty point releases" [Undecided,Fix released] https://launchpad.net/bugs/1587589
<coreycb> would be nice to release that
<jelly> dr4c4n: you shouldn't have both auto and allow-hotplug for the same interface
<jelly> dr4c4n: forgot the output of "ip a" after attempting to configure
<jelly> dr4c4n: I'd remove or comment out the allow-hotplug line
<dr4c4n> jelly: ip a shows that I have .201 and .202
<dr4c4n> I will remove that line
<dr4c4n> thanks :)
<dr4c4n> says 201/8 and 201/24 and a 202/8
<jelly> remove the /8 manually before trying again, or reboot
 * jelly runs away
<dr4c4n> thanks
<Strykar> hi, new install and user here. doing "service radvd start" appears to start it and then exits. radvd appears to work in non-daemon mode with /etc/radvd.conf  how do I figure out what's causing this?
<Strykar> sudo systemctl list-units|grep radvd     radvd.service                                                                                               loaded active exited    LSB: Router Advertising Daemon
<ddellav> coreycb sorry, yes, it's tested and passed no problem.
<coreycb> ddellav, ok
<coreycb> ddellav, in that case can you request a promotion to liberty-updates from beisner or jamespage?  then we'll be done on our end with that task.
<ddellav> coreycb beisner jamespage can one of you guys promote ceilometer and keystone point releases to liberty-updates. The updates have been tested successfully.
<nacc> Strykar: does journaltl or systemctl info tell you more?
<nacc> *journalctl
<Xin> thanks sarnold for your help earlier
<Xin> and bekks
<Xin> it was the dns server
<Xin> all working now, with nat and bridging
<Xin> yay
<Ergo^> hello, im trying to provision a VM using packer with a preseed file, and ive tried various ways, but i have no idea how to set a hostname properly
<Ergo^> my host gets a weird ip-192-168-1-X as hostname
<nacc> d-i netcfg/get_hostname string $myhostname
<nacc> in your preseed file
<Ergo^> nacc: but that seems to be ignored if dhcp is used
<nacc> Ergo^: your resulting VM, does it have a /etc/network/interfaces file? what is in it, if so (paste.ubuntu.com)?
<Ergo^> nacc: https://friendpaste.com/45Az0a7zF1WYTCHqCwLE7u
<Ergo^> nacc: is it possible to set this on boot at kernel level?
<Ergo^> I tried setting hostname=foo-bar but it seems to be ignored
<Ergo^> i have in my preseed
<Ergo^> d-i netcfg/get_hostname string unassigned-hostname
<Ergo^> d-i netcfg/get_domain string unassigned-domain
<Ergo^> d-i netcfg/hostname string foo-bar
<Ergo^> everything seems to be completly ignored
<nacc> Ergo^: are there any files in /etc/network/interfaces.d/ ?
<nacc> Ergo^: well, you can pass the above preseed value during the boot to the installer
<Ergo^> nacc: those valies i pasted ARE from my preseed
<nacc> Ergo^: is your VM recognizing the other values in your preseed file? i don't really konw what packer is
<Ergo^> nacc: packer is just a tool to provision VM's (packer.io) - yes it is recognizing them
<Ergo^> im running another build i think that: d-i preseed/late_command string in-target hostnamectl set-hostname...
<nacc> Ergo^: hrm
<Ergo^> might solve it for me
<Ergo^> will now soon
<Ergo^> not sure if that affects /etc/hosts too
<Ergo^> argh... installer reported that this command failed :(
#ubuntu-server 2016-06-14
<jayjo> I'm trying to setup ssl on a mongodb instance I have on an ubuntu server... I have a pem file and crt file from Letsencrypt using this guide: https://gist.github.com/leommoore/1e773a7d230ca4bbe1c2 so now I can run the mongod with ssl enabled. Do I now use this certificate to produce client certs and distribute them over gpg?
<patdk-lap> jayjo, no
<patdk-lap> you should not use letsencrypt for your mongo
<patdk-lap> unless you plan to have 3rd parties access your mongo directly
<jayjo> no I don't, but I thought that self signed certs was not secure
<patdk-lap> heh?
<patdk-lap> who said anything about selfsigned?
<patdk-lap> and why would selfsigned be insecure?
<patdk-lap> every certificate you trust, is selfsigned
<jayjo> so I generate my own certificates for my mongo instance, and then the .crt that I generate is what I use to produce pem files for clients?
<patdk-lap> no
<patdk-lap> but you should always generate your own certificates, no matter who signs them
<patdk-lap> you need to setup your own CA
<patdk-lap> sign your mongo server cert with your ca
<patdk-lap> then make your client certs, and sign them with your ca
<patdk-lap> the ca must be selfsigned, just like every other ca cert you have
<patdk-lap> or cross-signed, but good luck finding someone to do that
<runelind_q> can you run something like Gentoo inside an LXD container on 16.04?
<jayjo> so if I follow the guide on this page: https://help.ubuntu.com/lts/serverguide/certificates-and-security.html and create my own CA I then use that to sign all of the certificates?
<patdk-lap> sure
<patdk-lap> don't know if that page goes into enough detail
<patdk-lap> think what most people do is use tinyca
<runelind_q> I use xca which has a crappy gui interface, but it does the job.
<runelind_q> looks like there is a Gentoo template on linuxcontainers.org
<runelind_q> but I don't know how to import them :)
<patdk-lap> import?
<patdk-lap> lxc is just a folder/ partition/ ...
<patdk-lap> there is nothing to do
<sdeziel> runelind_q: maybe this will help you https://www.stgraber.org/2016/03/30/lxd-2-0-image-management-512/
<JanC> there is also pyca & gnomint
<JanC> (for CAs)
<JanC> and probably more
<jayjo> patdk-lap: can I use tinyca on my desktop and use the certs on the server?
<patdk-lap> you could
<patdk-lap> only one server?
<jayjo> yes its just an EC2 instance
<patdk-lap> isn't that pointless then? unless your running mongo on one, and the clients on others
<patdk-lap> no point to bother with ssl
<patdk-lap> as if they can see the traffic, they are root, and can just read it from disk
<jayjo> mongo is running on the instance and it needs to be connected to from other instances - those instances dont have mongo
<jayjo> when ssl is enabled I need to give my client a certificate, and I know it's that I have a very high-level misunderstanding of what's going on, but that's where I'm stuck. Do I use the crt to generate a pem file for the client, and then distribute it to the client?
<patdk-lap> heh?
<patdk-lap> what is a crt and pem files?
<patdk-lap> pem is a type of encoding for certificates
<runelind_q> sdeziel: I'm looking at images on https://jenkins.linuxcontainers.org/view/LXC/view/LXC%20Templates/
<patdk-lap> you need to generate a server cert for mongo
<patdk-lap> and client certs for the mongo clients
<sdeziel> runelind_q: I just tested launching a gentoo container with: lxc launch images:gentoo/current/amd64 gentoo
<sdeziel> runelind_q: worked well
<runelind_q> oh, jolly good.
<jayjo> And those processes are completely separate? How does the server know to trust the client? Do I place their public certificates somewhere?
<patdk-lap> jayjay, nope
<patdk-lap> that is the whole purpose of signing
<runelind_q> sdeziel: trying that now - seems to be stuck at retrieving image 100%
<sdeziel> runelind_q: once the image is retrieved, the container is started so maybe it's just taking some time?
<runelind_q> oh, there it goes
<sdeziel> runelind_q: also, depending on the storage backend, cloning the retrieved image into your new container can take some time. It's almost instant on ZFS
<sdeziel> but can take much longer on other backend types
<runelind_q> yeah, ZFS backend.
<jayjo> So I have no created the ca authority on my ubuntu server. Do I create a pem file for the mongo server, and then using the same CA authority to create the certificates, create an additional one to clients?
<jayjo> And I distribute the cacert.crt file along with the generated pem files to clients?
<LJHSLDJHSDLJH> guys, I know ubuntu-server is more prefered to install for creating web or mail server box than a normal desktop distro. my question is, what are the reasons?
<ivoks> no UI
<LJHSLDJHSDLJH> so?
<LJHSLDJHSDLJH> how does that makes it better?
<LJHSLDJHSDLJH> I was thinking about security as a reason indeed
<cpaelzer> LJHSLDJHSDLJH: noUI -> less stuff auto installed -> much less exposure surface regarding security
<sarnold> also storage space; no need to pay to store programs you'll never use
<LJHSLDJHSDLJH> cpaelzer: are there any scripts for auto ubuntu server installation? where may I find some if so?
<sarnold> depends what you need; FAI, preseeding, MAAS, juju, cloud-init, debootstrap, uvt-kvm ..
<cpaelzer> LJHSLDJHSDLJH: just wanted to answer, but sarndold already listed most of what came to my mind
<cpaelzer> LJHSLDJHSDLJH: the important point is to know where/how you want to automate installs
<cpaelzer> sarnold: sorry for that extra d in your nick
<sarnold> hah, 'sarndold' :) hehe
<LJHSLDJHSDLJH> sarnold: I don't know what those names are! so what I miss knowing here? in other words what are those?
<LJHSLDJHSDLJH> does anyone know why my working website is throwing connection error even though I've changed mysql password into connection.php file?
<LJHSLDJHSDLJH> I saved into /var/www/html/index.php
<sarnold> LJHSLDJHSDLJH: they're all tools that can do automated / customized installs of some sort. debootstrap populates a directory with a distribution. preseeding is the native way to automate the installer. FAI is a network-driven way to automate installs. MAAS gives you the ability to treat a cluster of machines as if they were cloud machines.
<sarnold> LJHSLDJHSDLJH: juju has you focus on the tasks you want the "thing" to do, whether it's allocating virtual machines from a cloud provider, a local openstack install, or lxd containers..
<sarnold> LJHSLDJHSDLJH: cloud-init automates installing / configuring tasks on 'cloud' providers, local installs.. uvt-kvm is a frontend to virsh/libvirt.
<LJHSLDJHSDLJH> cool stuff, I've to find a time slot to go through all those cool things one by one
<LJHSLDJHSDLJH> are there any useful url(s)?
<sarnold> LJHSLDJHSDLJH: https://help.ubuntu.com/lts/serverguide/cloud-images-and-uvtool.html  http://www.ubuntu.com/cloud/juju  http://www.ubuntu.com/cloud/maas  https://cloudinit.readthedocs.io/en/latest/ http://fai-project.org/
<LJHSLDJHSDLJH> really appreciate it sarnold, I saved all those into my todo folder
<LJHSLDJHSDLJH> now back to my apach2 server problem
<LJHSLDJHSDLJH> I threw all files into /var/www/html/* but facing connection problem , it could be file access problem
<LJHSLDJHSDLJH> what chmod level do you usually give to files into /html/ folder?
<sarnold> it depends upon who will be managing the files, and how; either 444 or 644 or 664
<nymony> Why is ubuntu changing interface naming with almost every version? From eth0 > em1 > p2p1 > p4p1 > and currently some jibberjabber
<bekks> nymony: http://askubuntu.com/questions/628217/use-of-predictable-network-interface-names-with-alternate-kernels
<toshywoshy> I can boot up ubuntu 14.04 lts trusty with the root partition in an lvm
<toshywoshy> I keep getting "Gave up waiting for root device.  Common problems: ALERT!  /dev/mapper/rootvg-rootlv does not exist."
<toshywoshy> however when it drops down to the initramfs cmd I can see and mount /dev/mapper/rootvg-rootlv
<toshywoshy> s/can/cannot/g
<jamespage> coreycb, ddellav: ok finishing up my ci shift now; rebases trove/newton patches, updated dogpile.cache to 0.6.1 including uploades to experimental and yakkety; dealt with transition of dogpile.core->dogpile.cache
<jamespage> some other transitent schroot problems - re-ran failed builds OK
<jamespage> note failues of designate for liberty; nova/trusty in mitaka - not looked at those
<LJHSLDJHSDLJH> how to set these daemons to run automatically after reboot without having to login or run any of them .. apache2, mysql, ufw
<LJHSLDJHSDLJH> webmin
<sarnold> did any not start correctly?
<LJHSLDJHSDLJH> after remote restart from webmin none of them is back online
<LJHSLDJHSDLJH> oh I remember now
<LJHSLDJHSDLJH> vmware problem
<LJHSLDJHSDLJH> it doesn't obtain ip unless I got sudo dhclient
<LJHSLDJHSDLJH> how to automate obtaining ip addresses?
<sarnold> careful with webmin; I think most of those control-panel things are terrible rubbish that allow anyone on the internet to run anything on your computer. Be sure to firewall it to only -your- IP address.
<sarnold> configure /etc/network/interfaces correctly
<LJHSLDJHSDLJH> no worries its for training project at the time being
<LJHSLDJHSDLJH> is there any reference on how /etc/network/interfaces should be configured?
<sarnold> man 5 interfaces   :)
<LJHSLDJHSDLJH> oh real men never read man pages :p
<bekks> !webmin | LJHSLDJHSDLJH
<ubottu> LJHSLDJHSDLJH: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<LJHSLDJHSDLJH> I've already tried auto ens33 into interfaces yesterday but it didn't work
<LJHSLDJHSDLJH> ubottu: what is supported currently so that I can use?
<ubottu> I am only a bot, please don't think I'm intelligent :)
<LJHSLDJHSDLJH> lol
<LJHSLDJHSDLJH> so my question bounces back at you bekks :))
<sarnold> LJHSLDJHSDLJH: pastebin the whole /etc/network/interfaces and perhaps someone will spot something
<bekks> LJHSLDJHSDLJH: zentyal
<LJHSLDJHSDLJH> sarnold: I gave it another try and it worked
<LJHSLDJHSDLJH> thanks guys
<sarnold> aha ;)
<LJHSLDJHSDLJH> I've followed some tutorial to install openssl, created certificate and then redirect all port 80 traffic to 433
<LJHSLDJHSDLJH> now https works but no automatic redirection
<frickler> jamespage: coreycb: IIUC one of the CVEs in http://lists.openstack.org/pipermail/openstack/2016-June/016489.html is still present in Neutron 8.1.0, would be great to have 8.1.2 released for Xenial
<LJHSLDJHSDLJH> please send me pm if you got anything about the ssl redirection, I gotta run
<coreycb> frickler, that is ready to release actually
<coreycb> beisner, jamespage: ceilometer 1:5.0.3-0ubuntu1~cloud0 and keystone 2:8.1.2-0ubuntu1~cloud0 are ready to promote to liberty-updates when you get a moment
<coreycb> frickler, sorry neutron 8.1.2 is not quite ready to release, but it's in the queue.  I'll press on the sru team for a review.
<coreycb> jamespage, re: designate for liberty -- it looks like that issue with dh_python not ignoring != is resurfacing.  ddellav was hitting that on the mitaka stable update too.
<jamespage> coreycb, that's quite likely - I suspect the dh-python in wily and the backport for trusty both have the same bug that the xenial one did
<jamespage> surprised you hit the same problem on a mitaka update tho ddellav
<EmilienM> hey jamespage
<jamespage> EmilienM: hey!
<EmilienM> we're trying to run tempest with the newton repo, and look what we got:
<EmilienM> http://logs.openstack.org/78/327678/25/check/gate-puppet-openstack-integration-3-scenario001-tempest-ubuntu-xenial/d6c6085/console.html#_2016-06-14_12_19_44_790
<EmilienM> ImportError: No module named keystone_tempest_plugin.plugin
<jamespage> hmmm
<jamespage> EmilienM: you don't install tempest from packages do you?
<EmilienM> jamespage: no, from source
<EmilienM> jamespage: should we?
<jamespage> EmilienM: we don't
<EmilienM> jamespage: how do you deploy / run tempest?
<jamespage> EmilienM: git clone, tox -e smoke / full
<EmilienM> same
<jamespage> that looks like some sort of tempest dep problem for the all-plugin target
<EmilienM> yeah
<jamespage> EmilienM: do you run tempest directly on the machine that has the cloud deployed on it?
<EmilienM> jamespage: on the machine
<jamespage> EmilienM: this might be the cause - the python-keystone package does not ship with the keystone_tempest_plugin python module but the module still declares tempest.test_plugins in its setup.cfg
<jamespage> EmilienM: I think that if we restore the keystone_tempest_plugin module it will resolve the problem, but I'd also look at the isolation of tempest from the installed system in the way you are testing...
<EmilienM> jamespage: yeah, we don't have this problem on rdo platform
<EmilienM> jamespage: you run tempest in venv?
<jamespage> EmilienM: we can add the keystone tempest plugin to the packaging, but I really don't like this approach to plugin loading from system packages
<EmilienM> jamespage: can you show me the source please?
<jamespage> EmilienM:  its just straight up use of the tox targets...
<EmilienM> but do you have code handy on github or?
<jamespage> the test machine is not part of the cloud, so will never have openstack packages installed on it - apart from a few clients
<jamespage> EmilienM: erm yeah - one sec
<jamespage> EmilienM: http://bazaar.launchpad.net/~uosci/ubuntu-openstack-ci/trunk/view/head:/job-parts/osci_openstack_common.sh#L369
<jamespage> we actually appear to build out the tempest venv manually first; and then use the run_tempest.sh script
<EmilienM> jamespage: ok I see
<EmilienM> jamespage: could we have the keystone plugin loaded in packaging until we sort things out?
<EmilienM> iberezovskiy: see the script ^
<jamespage> EmilienM: I should think so
<jamespage> EmilienM: let me take a look
<EmilienM> ok
<jamespage> EmilienM: this is a little bit of a problem with tox virtualenvs - by default I think they will use system provided modules
<jamespage> so its quite easy to get pollution of the virtualenv from the host os
<caribou> rbasak: did you finally have time to look at the kexec-tools merge ?
<EmilienM> jamespage: mhh the problem for us it rdo provides packaging with loaded plugins too
<jamespage> EmilienM: we'll add them to the packages so as to be feature comparable from your perspective
<EmilienM> thanks a lot
<jamespage> EmilienM: just checking the packaging change and I'll get it uploaded :-)
<iberezovskiy> thanks
<EmilienM> iberezovskiy: did you noticed other issues in other jobs ? or tempest was only blocker?
<iberezovskiy> only tempest for now
<EmilienM> cool
<EmilienM> jamespage: so we're close!
<gyan> Hi
<coreycb> jamespage, beisner: python-os-brick 0.5.0-0ubuntu4~cloud0 is ready to promote to liberty-proposed when you have a moment
<jamespage> EmilienM: are you using the UCA or the branch package build PPA atm?
<EmilienM> jamespage: the UCA
<EmilienM> jamespage: I saw the mail on openstack-dev
<EmilienM> but we can come back on the ppa
<jamespage> EmilienM: that's fine - I'll do this into the UCA as well; just uploaded to yakkety to kick that process off
<EmilienM> ok
<jamespage> coreycb, 997
<coreycb> jamespage, uploads?
<jamespage> yah
<jamespage> hehe
<jamespage> nearly 6 years worth....
<ddellav> jamespage nice
 * jamespage ponders what to pick as 1000
<ddellav> coreycb is keystone sru the one with the dh_python != issue?
<coreycb> jamespage, awesome :)
<cpaelzer> jamespage: 1000 = random revert
<jamespage> well if you counted my SRU's in pending approval...
<coreycb> ddellav, I think so, you are working on it :)
<ddellav> coreycb ok, i thought there was a fix for that and we were waiting for it to be accepted upstream
<jamespage> ddellav, coreycb: just for future reference watch out for aodh point releases
<jamespage> they are not on a cadence with the rest of openstack, so we should have done 2.0.1-0ubuntu1 -> yakkety
<jamespage> and done a 2.0.1-0ubuntu0.16.04.1 to xenial
<coreycb> jamespage, ah.. they didn't release a b1 for newton
<ddellav> jamespage ok i'll make a note of that
<jamespage> coreycb, no they won't - they are on independent releases...
<jamespage> like ironic for example
<coreycb> jamespage, ok.  so we'll need to upload 2.0.1-0ubuntu1 to yakkety and 2.0.1-0ubuntu0.16.04.1 to xenial.
<jamespage> to late
<jamespage> 2.0.1-0ubuntu1 is already in Xenial proposed
<coreycb> jamespage, oh it was accepted
<jamespage> so you'll have todo a 2.0.1-0ubuntu2 for yakkety
<coreycb> jamespage, ok
<jamespage> coreycb, os-brick promoted to liberty-proposed
<jamespage> coreycb, doing ceilometer and keystone now
<jamespage> coreycb, ok done
<coreycb> jamespage, thanks
<jamespage> did libvirt-python as well
<jamespage> as that's had long enough to bake
<jamespage> and qemu - stack of sec updates...
<coreycb> ddellav, this is the original dh-python bug 1581065
<ubottu> bug 1581065 in dh-python (Ubuntu Yakkety) "incorrect parsing of != dependency versions" [High,Fix released] https://launchpad.net/bugs/1581065
<coreycb> ddellav: so I think we need to investigate why dh-python is not ignoring != in xenial for the case you're hitting
<coreycb> ddellav, also we need to look at SRUing the original fix to wily  since designate is now hitting it, assuming it fixes it
<caribou> rharper: I'm quite puzzled about the multipath-tools bug I told you about a few hours ago
<caribou> rharper: the patch you submitted to debian has the 'clean-tree' statement on build-stamp:
<caribou> rharper: +build-stamp: clean-tree
<caribou> rharper: if I look at the source package in Xenial I have : clean: clean-tree !!!
<caribou> rharper: so my debdiff of the upstream debian against our xenial version has :
<caribou> rharper: -build-stamp: clean-tree
<caribou> +build-stamp:
<coreycb> frickler: neutron 8.1.2 has been accepted into xenial-proposed for testing
<rharper> caribou: hrm, so it does seem like we're missing that in X
<caribou> rharper: no problem, I'm about to SRU the issue so I'll fix that up
<rharper> I may have not included it since we don't use the systemd unit file, now that it's fixed in debian we can sync the change
<caribou> rharper: I'll ping you to review the SRU before I upload
<rharper> sure
<frickler> coreycb: great, thx
<jayjo_> I've been asking this question yesterday & today... but i just wanted to clarify again at a high level. I want to secure my mongodb with SSL. I created a CA Authority to sign certificates. I then create a pem file signed by the CA to run the mongod daemon with SSL. That's all fine and good, but then clients need these certs, as well. So I generate them and send them to the client software. Because th
<jayjo_> ey all use the CA to sign it, they all know the communication can be trusted. The server has a pem and a CA file, and so does the client. the CA is the same for all clients/servers. Is that broadly correct?
<LJHSLDJHSDLJH> will ubuntuServer.iso be bootable if I just dd it on a pin drive?
<LJHSLDJHSDLJH> feeling lazy to figurer it myself :D
<rbasak> jayjo_: it would be easier/safer to not give the clients certs at all, only the CA to verify the server cert. Then you don't have to worry about a client pretending to be a server (which you can prevent with extensions or a secondary CA layer, but it's more work).
<rbasak> jayjo_: specifically: one CA, keep its private key safe. One cert for each server, give to servers with respective private keys only. Only give the CA public cert (no private key at all) to clients.
<rbasak> Unless clients check the hostname against the cert DN, that is. But like I said, more work :)
<jayjo_> OK - I think that is reasonable. I can implement that. Is there a way to check the details of the server certificate? Like the subject and host it was generated for?
<rbasak> Clients can do that. It's most common in HTTPS. It's up to the client to do it though. I'm not sure about the MongoDB client.
<rbasak> magicalChicken: may I have an update on your progress on bug 869017, bug 1394403 and bug 1511222 please?
<ubottu> bug 869017 in kbd (Ubuntu) "Ubuntu server enables screenblanking, concealing crashdumps (DPMS is not used)" [Medium,Triaged] https://launchpad.net/bugs/869017
<ubottu> bug 1394403 in apache2 (Ubuntu Trusty) "RewriteRule of "^$" is broken" [Medium,Incomplete] https://launchpad.net/bugs/1394403
<ubottu> bug 1511222 in apache2 (Ubuntu Trusty) "Incorrect trusted proxy match test in mod_remoteip" [Medium,Triaged] https://launchpad.net/bugs/1511222
<magicalChicken> rbasak: yeah, so I have a patch for 1511222, and I did a quick check and I think it does work, but I need to reproduce the old bug and make sure today
<jgrimm> jamespage, fwiw.. this report now fixed up to have an 'ubuntu-openstack' section.
<jgrimm> jamespage, this -> http://reqorts.qa.ubuntu.com/reports/rls-mgr/rls-y-tracking-bug-tasks.html#ubuntu-openstack
<nacc> sdeziel: are you ok if I assign LP: #1570472 to you while you're working on the yakkety fix?
<ubottu> Launchpad bug 1570472 in puppet (Ubuntu) "Set systemd as default service provider" [Undecided,In progress] https://launchpad.net/bugs/1570472
<magicalChicken> I still have not been able to reproduce 1394403, I'm not sure what I'm doing differently from the reporter, but I keep seeing the change in b
<sdeziel> nacc: sure, I'll try to make time to get to this
<nacc> sdeziel: thanks! i'll keep an eye on it too -- if you dont' have the cycles, just let me konw, i can get it fixed today probably
<magicalChicken> rbasak: and I'm not sure how or if 869017 should be fixed
<magicalChicken> rbasak: I can definitely handle another bug this week though, I just don't know what to do about the two old ones
<sdeziel> nacc: if you can get to it today please do as I won't have time today, maybe tomorrow
<nacc> sdeziel: will do, and will note it int he bug
<sdeziel> thx
<nacc> sdeziel: thank you!
<sdeziel> nacc: I'll be able to test stuff for you today if that can help, just ping me
<nacc> sdeziel: ah great, yeah, that'd be perfect
<nacc> sdeziel: fyi, there's a much newer version of puppet stuck in yakkety-proposed. I'll try and unstick that first, as it'll be an easier yakkety fix
<sdeziel> OK
<EmilienM> jamespage: can you ping me when the keystone pkg is updated in UCA ? so I can re-run tests
<rbasak> magicalChicken: thanks! Please can you take bug 1519120?
<ubottu> bug 1519120 in network-manager (Ubuntu) "Xenial: VLAN interfaces don't work until after a reboot" [Undecided,Confirmed] https://launchpad.net/bugs/1519120
<magicalChicken> rbasak: sure, I'll test out the patch there and see make a debdiff in the next few days
<rbasak> Thanks!
<jayjo_> I'm not clear on this... I'm sorry to be persistent but I think it's a high-level misunderstanding so it's hard to dig into documentation. I and just reading as much as I can and I found this blog post about SSL in ubuntu with mongo: http://demarcsek92.blogspot.com/2014/05/mongodb-ssl-setup.html. I was able to connect using this 'client' pem file and this 'server' pem file. They're both referenced in
<jayjo_>  the mongo.cnf. The connection works with these two. Am I supposed to then pass out this client pem file to a client I want to be able to connect?
<jayjo_> so any client that wants to connect needs to pem from the server AND the pem for the client? It works in this example, but this seems to not be secure
<rbasak> I'm not sure about the details of MongoDB in general. But it may help to understand that any SSL connection is automatically secure, but each party cannot verify the identity of the other party without a certificate. So to prevent man in the middle attacks, you need at least for the client to be able to verify the identity of the server by having the server use a certificate.
<rbasak> In the other direction (for example server authenticating the client), a password can suffice from a basic perspective, because the client checks that it really is talking to the server securely before revealing the password to it.
<rbasak> OTOH, it's also fine for the client to use a certificate, and that's better in some ways because then the server doesn't need to be trusted with the shared secret (the password) either, though it is little more difficult to set up.
<rbasak> To verify a certificate, an endpoint can: 1) do nothing, in which case it's useless, but this is a common misconfiguration; 2) verify that the certificiate is signed by an authority on the list of allowed authorities (including your own if you like), but then a client could pretend to be a server to another client; 3) verify that the server is using a certificate marked by the authority as only for
<rbasak> servers, but then a server could pretend to be a different server; or 4) verify that the server hostname to which it connected matches the hostname in the certificate, which is what web browsers do with HTTPS.
<sdeziel> jayjo_: this blog post give completely insecure instructions. Distributing the server's private key to all clients is really not required nor desired
<jamespage> EmilienM: promoted to newton proposed; should build and publish in the next hour
 * jamespage eods'
<jayjo_> I thought it was insecure because the pem files have both the secret key and certificate... what am I supposed to distribute to clients then? Just the certificate component... don't concat the key?
<sdeziel> jayjo_: if you pass the mongodb-cert.crt to the client that would be an improvement
<coreycb> jamespage, ddellav: aodh uploaded for newton
<ddellav> coreycb ack
<coreycb> well, xenial on yakkety that is
<coreycb> sigh...
<coreycb> mitaka on yakkety
<coreycb> ddellav, ^
<ddellav> coreycb so you did it for mitaka/yakkety not newton?
<coreycb> ddellav, right.  it's 2.0.1 so it is the mitaka point release, uploaded to yakkety.
<ddellav> coreycb ok
<coreycb> ddellav, the problem is that aodh doesn't have any newton releases right now, so we need to make sure the version in yakkety is > xenial
<ddellav> coreycb right, thats what jamespage said this morning
<coreycb> ddellav, yeah
<jamespage> coreycb, ddellav: as its release-independent its not really mitaka either
<jamespage> at least I think so
<coreycb> jamespage, as if I needed the confusion :)
<EmilienM> jamespage: ack, thanks
<EthicalJesusi> watup y'all
<EthicalJesusi> anyone recommend a home grade http cache?
<bekks> squid
<EthicalJesusi> and is it worth it?
<bekks> Worth what?
<EthicalJesusi> like im on 100mbit fibre with a business grade modem/router
<EthicalJesusi> at home
<bekks> Define "worth" in that context.
<EthicalJesusi> I load google already in like 3ms
<EthicalJesusi> 3-6
<bekks> I doubt that.
<bekks> You have a ping latency to its IP.
<EthicalJesusi> It might take longer to check a cache
<EthicalJesusi> Ping latency is like 2ms
<bekks> And the ping latency says entirely nothing on about how fast the page content is actually loaded.
<EthicalJesusi> they have a server across the river from me I believe
<bekks> Which doesnt mean you are using it.
<EthicalJesusi> traceroute confirms <3
<bekks> Really? Do you know the switch names/ip in your area?
<EthicalJesusi> I have the local google servers ip, sure
<EthicalJesusi> :|
<bekks> Which doesnt mean anything.
<EthicalJesusi> It does when I traceroute it.....
<EthicalJesusi> ?!
<bekks> Nope.
<EthicalJesusi> this isnt complicated
<EthicalJesusi> im not sure why you seem to think it is
<bekks> It is far more complicated than you think.
<EthicalJesusi> perhaps you could explain
<EthicalJesusi> :)
<bekks> Based on the outout of traceroute you can determine the number of hops only, you cannot tell for sure where a hop is located.
<EthicalJesusi> I mean my certification has lapsed but I was fully cisco accredited at one time lol
<bekks> Technically, you can get around half the earth in just one hop.
<EthicalJesusi> sure you can they name their servers and they are geolocatable by ip with like 80% accuracy
<bekks> EthicalJesusi: Then you should know that...
<EthicalJesusi> when its called perth.*sadas*sad8aF*.asf*saf
<EthicalJesusi> then its in perth
<EthicalJesusi> lol
<EthicalJesusi> simples
<bekks> You THINK it is.
<bekks> NAmes are futile.
<EthicalJesusi> well im not getting 6ms loads from south australia
<EthicalJesusi> :P
<bekks> And you have no guarantees that you get your answers from across the river.
<EthicalJesusi> thats like 1000km for you
<EthicalJesusi> I dont need guarantees lol, its just my home, but generally even if its 10x that TO go over east, 3500+km, its still only 60-80md
<EthicalJesusi> ms
<bekks> Which is not in the scope of this discussion. This discussion is about the fact that you cannot tell wether you are using the google server across the river based on traceroute.
<EthicalJesusi> lol no, this discussion is about whether or not I should run a local http cache
<EthicalJesusi> it is still like 320-380ms to the USA ;<
<bekks> That decision is up to you. Your initial question was which http cache you should use.
<EthicalJesusi> but most cool kids have cdn's these days
<EthicalJesusi> and should get an australian node ffs
<EthicalJesusi> yeah then I was talking about the inherent cache latency vs a real life example of internet latency
<EthicalJesusi> facebook and stuff take care of themselves really, they only need to update when theres an update except for the small initial load
<EthicalJesusi> and they use a cdn
<EthicalJesusi> or are a cdn lol
<EthicalJesusi> I guess
<bekks> USing your real life example, and remembering your former Cisco knowledge, you do know that a 3ms ping means a maximum distance of roughly 150km between source and target.
<bekks> Thats a wide river.
<EthicalJesusi> 2ms, and everything in Perth is far between ;P
<EthicalJesusi> I think it is one of the biggest river systems in Australia though
<bekks> I can see two rivers in Perth, on maps.google.com :)
<EthicalJesusi> its the same river system
<EthicalJesusi> the swan river system
<EthicalJesusi> anyway, its a huge governmental thing - and its the only reason I have fibre, they all run straight across the river to the central Perth exchange
<EthicalJesusi> for this reason, most people tend to host their servers in subiaco or the likes
<bekks> 300km in legth, only.
<bekks> not that big :)
<EthicalJesusi> haha... YOU SAID IT WAS A GOOD SIZE!
<EthicalJesusi> ....
<bekks> When did I say that?
<EthicalJesusi> shhh
<bekks> I guess I'll let you listen to the voices in your head, for a while.
<EthicalJesusi> ty
<EthicalJesusi> if I had a dns server I bet I could do better optimizations
<bekks> Setup one.
<EthicalJesusi> 10/10 does not sound like fun
<van777> hey all. i've just installed ubuntu-server in VMware. and VMWare tools. How to change the display resolution? "Display" is not active in Virtual Machine settings
<patdk-lap> heh? it's just text
<compdoc> 640x480?
<compdoc> you should be able tweak that. columns, text size, etc
<van777> compdoc: ok, i've ssh-es with putty, good res now ))
<van777> ssh-ed*
<van777> You can setup delay: /set irc.look.smart_filter_delay 15
<van777> sorry )
#ubuntu-server 2016-06-15
<jayjo_> if I have my Certificate Authority, and I sign my database certificate, and I need to sign the client certificates with the same CA, do I sign them myself and distribute them to the client, or does the client do it somehow by exposing the CA?
<tarpman> jayjo_: if you are running a CA (even a local/internal one), it's probably a good idea to research how TLS works, to the point that you can answer a question like that yourself
<jayjo_> Is there a recommended resource for reading up on that? I've been using TLDP.org and the ubuntuserver guide, but they are difficult to onboard
<tarpman> jayjo_: nothing off the top of my head, but the first couple of google results for "intro to TLS" look reasonable - the apache.org and gnutls.org ones
<tarpman> maybe avoid the sans.org one - says it's from 2003, might contain some outdated info
<NoHoFoo> $php            command gives same response
<NoHoFoo> $php            command gives NO response
<NoHoFoo> but php --version
<NoHoFoo> works
<NoHoFoo> need to run    $php drush status
<NoHoFoo> gives a frozen cursor
<NoHoFoo> $php            command gives NO response
<NoHoFoo> so I'm confused
<NoHoFoo> wordpress runs on this server
<NoHoFoo> drupal does ALSO
<NoHoFoo> trying to install drush
<mowthegrass> Hello All - Can someone help me to point key areas that needs to be monitored for local mirror repo
<mowthegrass> Someoff them i have noted are 1)Disk usage 2)Repo URL  3)Server Health
<adun153> Hi, using apache, how can I make it so that whenever somebody puts is http://myserver.com or https://myserver.com, that it redirects always to https://myserver.com/subdir/      ? Thanks.
<van777> adun153: google "html redirect"
<iberezovskiy|off> jamespage, hi. could you please tell me what the status of keystone package with keystone tempest plugin?
<jamespage> iberezovskiy, its in newton-proposed - you can always look at http://reqorts.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/newton_versions.html
<jamespage> iberezovskiy, notifications of changes are also sent to https://lists.ubuntu.com/mailman/listinfo/Cloud-archive-changes
<jamespage> for example - https://lists.ubuntu.com/archives/cloud-archive-changes/2016-June/004186.html
<jamespage> is the one you are interested in
<iberezovskiy> thanks you!
<adun153> van777 that did it, thanks!
<iberezovskiy> jamespage, what's the policy of adding dependencies for openstack packages if these dependencies aren't mention in requirements.txt?
<iberezovskiy> I've faced the issues then python-ddt is required for neutron, but it's not in neutron requirements.txt
<iberezovskiy> https://github.com/openstack/neutron/blob/master/neutron/tests/tempest/api/test_extension_driver_port_security.py#L16
<iberezovskiy> omg, it's in test-requirements.txt
<jamespage> iberezovskiy, well it is a test library :-)
<iberezovskiy> yeah, probably it should be installed along with tempest
<iberezovskiy> so, the problem isn't in packages, sorry for wrong alarm
<jamespage> np
<rbasak> caribou: kexec-tools reviewed, thanks. Looks good to upload. Do you want to upload, or do you want me to sponsor?
<rbasak> caribou: actually, let me sponsor if you don't mind.
<caribou> rbasak: thanks! no worry I'll upload it
<rbasak> I'd like to try the tag/upload/push flow.
<caribou> rbasak: fine by me as well, got another upload on my way
<caribou> rbasak: don't be surprized,it'll sit in proposed until I sync makedumpfile from Debian (which I will do right after I answer to your email)
<rbasak> caribou: understood, thanks
<caribou> rharper: started to work on multipath-tools merge yet ?
<caribou> rharper: I'm working on the lvm / multipath-tools bug I told you about yesterday
<rharper> caribou: no, i've not started a merge on multipath-tools yet; did you need something now?
<caribou> rharper: I'm preparing an SRU so I need to get  yakkety in sync
<caribou> rharper: here is the debdiff : http://paste.ubuntu.com/17361015/
<caribou> rharper: moved up the clean-tree & added systemd calls in d/rules
<rharper> caribou: sync we're syncing, won;'t we get the systemd link fix automatically ?
<rharper> for yakkety, won't we see a new-release from debian, and then a replay of our changes on top ?
<caribou> rharper: in order to SRU to Xenial, I need it in Yakkety now but you're right, this will be dropped in the merge
<runelind_q> is there a list of containers available for download?
<caribou> rharper: and if I SRU to Xenial as is, it'll get rejected since it's not in Yakkety
<caribou> runelind_q: on LXC ? lxc image list images, lxc image list ubuntu-daily
<rharper> so, we're doing a bug fix for the SRU, to be dropped later in yakkety once we sync
<caribou> rharper: sound silly but yes
<caribou> rharper: lemme check
<rharper> caribou: my concern is that the systemd service (versus the upstart script wrapper) isn't fully baked anyhow ... so I'm not sure what bug we're fixing here...
<runelind_q> caribou: sudo lxc image list images just returns a blank list :-/
<runelind_q> same with ubuntu-daily
<caribou> runelind_q: images:
<rharper> lxc image list images:
<runelind_q> aha
<rharper> the images: hits the remote images.linuxcontainers.org
<caribou> rharper: I will recheck but according to our tests, that change was also required in order to fix the issue the clean-tree only was not sufficient
<runelind_q> caribou: cheers
<caribou> rharper: let me double-check before I decide
<rharper> caribou: I mean the bigger picture
<rharper> I agree that the changes are needed to enable the systemd multkpath service to "start" property via SD_NOTIFY
<rharper> but what *bug* is that solving ?
<rharper> xnox had looked the systemd service for multipath and it was lacking vs. the upstart wrapper script (/etc/init.d/multipath)
<rharper> so, even if we fix the systemctl start multipath command ... it doesn't always work, especially if it's not fully configured .
<caribou> rharper: cyphermox is sitting besides me and he also agrees that it is kindof silly but still required in the meantime
<rharper> so I'm backing up and saying, what are we fixing ?  That is, if we fix the systemd service, we also need to address the other issues that xnox raised
<caribou> rharper: ok, he's also here so I'll check with him
<rharper> ok, lemme find the bug with xnox's investigation
<cyphermox> it's a good stop-gap since you might not get to the merge until next week or later?
<rharper> sure
<rharper> but what bug are we fixing that needs to go itno X right now ?
<rharper> https://bugs.launchpad.net/ubuntu/+source/multipath-tools/+bug/1583563
<ubottu> Launchpad bug 1583563 in multipath-tools (Ubuntu Xenial) "System will not start with multipathd enabled" [High,Confirmed]
<rharper> that's the one with the rest of the issues for systemd multipath service
<coreycb> ddstreet, hey looking at designate and heat newton ci failures
<coreycb> ddstreet, sorry, not meant for you
<teward> when trying to rsync data between systems, that are both VMs, i'm getting CPU soft lockups on the target system on the rsync - can I assume this is the hypervisor's fault?
<EmilienM> jamespage: hey!
<EmilienM> jamespage: iberezovskiy was able to deploy openstack newton & run tempest, with this workaround: https://review.openstack.org/#/c/327678/33/run_tests.sh
<EmilienM> do you think we can solve it in packaging?
<jamespage> EmilienM: hmm probably not - I'm reticent to include a test requirement for runtime usage...
<EmilienM> k
<EmilienM> we'll handle it in puppet
<runelind_q> hrm, not necessarily an ubuntu issue, but I'm running a CentOS 6 container on 16.04, and an http_proxy variable keeps getting set on login, and I can't figure out where it is being set :-/
<sarnold> runelind_q: iirc lxd by default sets up a link-local ipv6 bridge without network connectivity, and then uses an http proxy to get to the world (e.g. for apt..)
<runelind_q> sarnold: I have modified my lxc profiles to just bridge with a regular bridge.
<runelind_q> and my ubuntu containers do not appear to be setting this http_proxy variable
<sarnold> runelind_q: ah interesting
<sarnold> runelind_q: grep -r http_proxy /etc and see what you can find?
<runelind_q> no hits
<runelind_q> nor in yum.conf or /etc/environment
<sarnold> alright, check your ~/.bash* files
<runelind_q> yup, did that as well.
<sarnold> maybe check /lib and /usr as well, systemd unit files can set environment variables
<runelind_q> it only appears to be set for root, not my regular user that I just created, so I guess I'm not super worried about it.
<runelind_q> just figured someone else may have created a CentOS container on Ubuntu and came across the same issue.
<NoHoFoo> trying to install drush for drupal 8  on ubuntu server....nothing works....apt get...composer......all fail....what works
<teward> NoHoFoo: what do you mean by 'nothing works' and 'all fail'
<teward> and what version of Ubuntu Server are you using
<NoHoFoo> 16.04
<NoHoFoo> error messgaes and no drush
<sarnold> pastebin your errors
<teward> is there a way to force rsync to not eat up all the processor power on the target machine
<teward> it's literally preventing data migration
<NoHoFoo>    Failed to download drush/drush from dist: The zip extension and unzip command are both missing, skipping.
<NoHoFoo> The php.ini used by your command-line PHP is: /etc/php/7.0/cli/php.ini
<NoHoFoo>     Now trying to download from source
<NoHoFoo>   - Installing drush/drush (8.1.2)
<NoHoFoo>     Cloning 85b58140d576cfdb9546a23c3ff44b72d0dae5bc
<NoHoFoo> noah@ubuntuServer:~ $ drush status
<NoHoFoo> The program 'drush' is currently not installed.
<runelind_q> teward: use zfs send/recv instead! </smartass answer>
<teward> runelind_q: haha, smartass answers don't help me right now
<teward> E:OldServer9.10 -> 14.04 server
<NoHoFoo> all from      sudo composer require drush/drush:~8
<runelind_q> can you nice the process?
<teward> runelind_q: it's not the source machine causing the problem - it's the rsync 'server' spawned on the target machine
<nacc> NoHoFoo: install 'php-zip'?
<NoHoFoo> i thought composer was a package manager.. why doesn't it do it for me?
<nacc> NoHoFoo: and use a pastebin in the future, please
<nacc> NoHoFoo: are you using Ubuntu's composer package?
<sarnold> teward: you could login to the machine with another shell and use renice on the process
<teward> sarnold: would, if the ting weren't already locked up
<NoHoFoo> <nacc> don't know whose's composer package I'm using
<sarnold> teward: reboot it and start over?
<teward> sarnold: fifth force-reboot
<sarnold> teward: ugh.
<teward> seizes up the moment it starts so I can't renice it
<teward> so
<NoHoFoo> sudo apt install composer
<teward> same problem
<runelind_q> are you backing up to a raspberry pi?
<runelind_q> or a graphing calculator
<teward> [2016-06-15 10:20:32] <teward> when trying to rsync data between systems, that are both VMs, i'm getting CPU soft lockups on the target system on the rsync - can I assume this is the hypervisor's fault?
<runelind_q> what if you rsync just a few files as a test
<teward> y'all reading would help.
 * teward is a little frustrated over this issue right now
<teward> because i've given the VM a lot of vCPUs
<sarnold> teward: maybe skip the vm-to-vm step? mount both images in one qemu process?
<teward> so if it's still locking up
<teward> sarnold: ESXi hypervisors
<teward> option not allowed
<runelind_q> it's before 9AM, I have the memory retention of a three year old.
<teward> and VMs on different hypervisors
<runelind_q> all I know is that I can rsync all day long without having issues.
<runelind_q> through ESX
<teward> that's accurate
<teward> and this is a *new* issue
<runelind_q> tens of thousands of files.
<teward> indeed
<teward> runelind_q: just had the sysadmin move the thing to a different hypervisor in the cluster
<teward> maybe that's the problem
<runelind_q> could be.
<teward> okay, so lets see if it chokes again
<teward> and if it does kill -9 on the target side is ready
<runelind_q> does the receiving side think it runs out of CPU or does it just lock up?
<teward> runelind_q: literal lockup and watchdog complains
<teward> all 4 CPUs observably peaked before it just dies off
<runelind_q> just wondering if it is a hypervisor cpu issue or a VM cpu issue
<sarnold> that sonds broken :/
<runelind_q> how big of a job?
<teward> it looks like it's running better on the other hypervisor
<teward> runelind_q: huge
<teward> at least huge for this infra
<teward> about 450GB in a go
<runelind_q> millions of files?
<teward> runelind_q: no, but multiple large files
<teward> my *guess* is the hypervisor was misbehaving
<teward> because it's working fine now
<teward> ooop maybe I spoke too soon
<runelind_q> rsync don't care about file sizes (I don't think), but if it is having to calculate on millions of files.
<teward> aaaand there it goes peaking
<teward> damn it!
<teward> i don't have an alternative to rsync because I need to have the ownership preserved and everything
<teward> source system chokes on tarballing it
<teward> or i'd do that
<runelind_q> maybe your hypervisor shouldn't be running on a potato :-P
<sarnold> teward: maybe --whole-file  ? feels like a wild guess...
<teward> runelind_q: my two cents: that doesn't help
<teward> sarnold: running with --whole-file it seized too
<teward> if this one fails i'll try that
<teward> failing that
<teward> scp everything
<teward> and then chown by hand
<runelind_q> does rsyncing a small test file go ok?
<sarnold> teward: how bout tar cf - . | ssh root@remote tar xf -    ---- but with the proper flags added for permisssions and owner preservation?
<teward> wouldn't compression be needed here?
<teward> also doesn't help the target is /var/mail/ on the target server
<teward> gotta move all these mailboxes >.>
<teward> well
<teward> we'll see if it fails, it looks like it's not choking as quickly
<sarnold> depends on the CPUs and network involved.. ssh does some compression, so if you use some other compression after tar, turn it off in ssh
<NoHoFoo> here's the mess: http://pastebin.com/b42uDgN3
<sarnold> NoHoFoo: looks like you're trying to modify system files but not running as root
<teward> sarnold: i think the hypervisor was part one to blame, and rsync the second
<teward> ehhh there's more lockups >.<
<NoHoFoo> i thought 'sudo' fixed that
<teward> i think i'll do the evil method
<teward> by-hand it
<NoHoFoo> I'm try to insatll drush for drupal 8 on ubuntu server,,,,any way to do it?
<sarnold> NoHoFoo: it could but (a) you didn't use sudo on e.g. lines 3, 22, etc..
<NoHoFoo> how to become root for a while?
<sarnold> NoHoFoo: (b) it may not be a good idea to overwrite those files anyway...
<NoHoFoo> ok then
<NoHoFoo> I'm try to insatll drush for drupal 8 on ubuntu server,,,,any way to do it?
<sarnold> NoHoFoo: you can get a root shell with sudo -s
<NoHoFoo> I'm try to install drush for drupal 8 on ubuntu server,,,,any way to do it?
<NoHoFoo> what r the commands to do it?
<nacc> NoHoFoo: just ask once
<nacc> sorry was afk walking dogs, am back now
<NoHoFoo> just answer once
<nacc> NoHoFoo: no need for a bad attitude.
<nacc> NoHoFoo: drupal8 is not supported on ubuntu server, in any case, so anyone helping you is being nice.
<NoHoFoo> <nacc> but there is
<nacc> at least, not supported here
<NoHoFoo> what does 'supported' mean?
<nacc> it's not in the ubuntu archives
<nacc> (drupal8)
<NoHoFoo> what is an ubuntu archive?
<nacc> *the* ubuntu archives ... as in http://archive.ubuntu.com/ or mirrors thereof
<NoHoFoo> my drupal 8 is running just fine on ubuntu server
<NoHoFoo> nice and fast too
<nacc> NoHoFoo: that doesn't make it supported or available as part of the ubuntu archives...
<nacc> NoHoFoo: and the version of drush supported is the one in the archives, as in the one for drupal7
<teward> sarnold: not even scp works...
<teward> i'm out of options
<sarnold> teward: damn :/ good luck, dinner time
<NoHoFoo> sudo apt-get drush gives wrong drush,,,I know this
<nacc> NoHoFoo: it gives the drush supported on ubuntu and the one that works with the drupal shipped by ubuntu
<nacc> NoHoFoo: in any case, did you try my suggestion from a long time ago? `apt-get install php-zip`?
<nacc> possible you also need to `apt-get install unzip`
<nacc> i'm assuming that composer can't alter your system-wide settings/plugins for PHP or applications
<nacc> it's just a PHP manager
<runelind_q> oh great, one of my containers stopped talking on the network, and when I try to restart it, it craps out
<nacc> NoHoFoo: note, that's *exactly* what composer told you to do... And you shouldn't run composer as root.
<hallyn> arges: rharper: hey, so there's a new qemu in debian worth merging.  I'll get to when I can, but it won't be today or probably tomorrow, so if you have a chance pls feel free.
<hallyn> (if i find time i should really spend it on this (&$%)$(* systemd+lxcfs bug)
<rharper> hallyn: hi, cool; thanks for the heads up
<jgrimm> hallyn, thanks!!
<hallyn> np.
<teward> sarnold: i think it's because of incomplete updates
<teward> looks like libraries but not kernel got updated, for Linux, going to finish updates and hope that's the issue
<teward> because this is a new problem :/
<coreycb> ddellav, jamespage: for ci today I fixed up ironic (newton - patched and submitted upstream to fix test failure), keystone (newton - patches refreshed), designate (newton - rebuilt),  cinder (mitaka - patches refreshed).
<jamespage> coreycb, \o/
<ddellav> coreycb nice, good job
<coreycb> jamespage, ddellav, lots of failures today though, so there's more to fix
<jamespage> coreycb, ddellav: did a sneaky fix to nova-lxd - won't be around tomorrow am todo my normal shift :-)
<coreycb> jamespage, ah thanks. I've been ignoring that one. :)
<jamespage> coreycb, just wait until I get ceph and ovs branch builds going as well ;-)
<coreycb> jamespage, oh sigh..
<ddellav> heh
<hallyn> rharper: oh, for qemu merge, the easiest way by far is to use the debian git tree;  check out branch ubuntu-dev;  git merge debian-unstable;  merge te changelog, go through patches, and should be all set.
<hallyn> but i'll try to get to it friday if you don't have a chance before
<nwilson5> anyone know why after router reboot, I cannot ping/ssh into a computer on the network anymore. If I reboot, I can once again.
<nacc> nwilson5: are you using dhcp? did your lease expire due to the router reboot?
<nwilson5> yes dhcp, but using dhcp reservation for my mac address.
<nacc> nwilson5: if you simply restart network on your machine, does it work?
<nwilson5> just tried using a different IP and it worked
<nwilson5> not certain what that implies
<nwilson5> I can ping some computers on the network, just not a few unless I change my IP
<Apocope> I'm trying to get either icinga or icinga2-classicui working in Xenial. Under both, the menu on the left displays for a moment and then slides up and is invisible. Anyone seen this?
<digs> I setup this server over a year and a half ago. At ome point I somehow restricted IP's on ssh logins. I can't figure out how I did though. I need to add a new IP. I looked at sshd_config and hosts_allow/deny. I don't see anything that would restrict users. I have a new development team that needs access. I can login to the new user I created using my public key but they cannot. They can
<digs> login to the new dev server without issue. Both the dev server and the production server are hosted on AWS and in the same security group.
<digs> Any ideas?
<teward> digs: iptables on the machine?
<teward> you can run the same port security group on AWS and on the server itself by implementing iptables.
<teward> definitely an issue i've run into
<digs> I am running the same security group on both servers.
<teward> that's the AWS side of things
<teward> I didn't say the AWS level firewall
<teward> I said on the server itself
<teward> NOT in the AWS control panel
<digs> iptables isn'
<digs> iptables isn't installed on either server.
<digs> IP blocking is the only thing I can think of that would keep them from logging in. I have tried adding their public key, the same one that is working on the dev server, to a known working user on the prod server to no avail.
<digs> They get Permission denied (publickey) -- when I try with my key, I get in no problem.
<hggdh> digs: so they *are* getting to the server. Are their public keys correctly set up?
<digs> Yes. their public keys are setup correctly. I copied them from the working dev server and checked the setup 5 times. I added my key to the list and was able to get in no problem.
<teward> are we sure that they are configuring their SSH clients to SSH in using the privkey
<teward> (observed this already in the past with some teams)
<digs> Yeah, I thought of that... but they can connect to the dev server no problem and they didn't have issues when I set that up, so I would have to guess yes. I will just double check though because I am at a loss.
<hggdh> digs: ask one of them to run 'ssh -vvv <server>', and give you the output
<digs> okay.
<hggdh> perhaps they have different keys for each server
<sdeziel> digs: can you pastebin your sshd_config?
<digs> I thought of that too... I had them double verify their keys. sdeziel - I could but I don't think it would help... it is identical to the working dev server.
<digs> http://codepad.org/hNzH0M4o
<sdeziel> digs: looks good to me. Can you provide the auth.log?
<digs> here is the -vvv output. http://codepad.org/EVurcEBx
<sdeziel> digs: sorry, I meant the server side logs (auth.log)
<digs> Yeah, I know... I am working on that.
<digs> here is the tail. http://codepad.org/qlOLock9
<digs> hggdh - there is the -vvv output http://codepad.org/EVurcEBx
<sdeziel> digs: looks like the sshd couldn't decode one key. What does the ~user/.ssh/authorized_keys look like?
<digs> a file with keys that are one line per key.
<sdeziel> digs: it seems to point to a partial public key
<digs> the guy just tried a different key which was a different type... he reported it worked.
<digs> I have 6 or 7 keys loaded and two different devs tried... they both failed... one of them has two keys loaded for some reason, and his other key works.
<digs> baffled.
<sdeziel> fix the formatting of the authorized_keys...
<digs> prod - #66-Ubuntu SMP Thu Apr 25 03:47:17 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux ---- dev #118-Ubuntu SMP Thu Dec 17 22:52:10 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
<digs> I copied the file from dev. the format should be perfect. regardless, I will go over and over it again.
<teward> also check ownership of authorized_keys
<teward> and make sure it matches the user they're logging into
<teward> not just file *content* but *permissions*
<digs> They can login with one user and not another now.
<sdeziel> sshd[28349]: error: key_read: uudecode AAAAB3NzaC1yc2E... => pretty clearly points to a badly formatted file
<digs> They keys that dont end with == <name> work. Keys that end with == <name> dont work.
<digs> they work fine on dev though. The dev server is a couple years ahead of the dev server. My guess is that is a version issue.
 * sdeziel gives up
<digs> I will erase the keys that don't work and re-add them sdeziel thank you for your help.
<coreycb> ddellav, jamespage: python-mock 2.0 synced (assert_called_once is actually valid now), and python-keystoneauth1 2.7.0 merged (that *might* fix the heat newton failure)
<ddellav> coreycb ok great
<digs> thanks for the help all.
<genii> !manual
<ubottu> The Ubuntu Manual will help you become familiar with everyday tasks such as surfing the web, listening to music and scanning documents. With an emphasis on easy to follow instructions, it is suitable for all levels of experience. http://ubuntu-manual.org/
<genii> Hm
<genii> !guide
<ubottu> The Ubuntu server guide may be found at http://help.ubuntu.com/lts/serverguide/
<genii> Thats the one
<hallyn> rharper: arges: meh, it was a trivial merge, pushing a test pkg to ppa:serge-hallyn/virt
<hallyn> (qemu)
<rharper> hallyn: cool!
<rharper> btw, on the gpu thingy ... I think you can copy the previous build in a ppa and select a new arch target ... I think that triggers a new build of the ppa to add the ppc64 build
<rharper> yeah, edit your ppa, and then select the arch targets
<rharper> then if you copy the package to the same ppa; I think it triggers the rebuild
<rharper> did that on the docker one a few times when we were filling out the extra arches
<hallyn> rharper: yeah, i just forgot about it.  but anyway, isn't that inthe ubuntu-virt ppa?  so you can do it :)
<rharper> hallyn: I didn't know where it was, but I'll look now
<rharper> hallyn: I'm not member of ~ubuntu-virt
<rharper> hallyn: but it looks like you're admin and can add me
<rharper> and I'll poke it
<hallyn> one sec
<hallyn> raharper?
<rharper> yeah, ~raharper
<rharper> not that shady rharper fellow
<hallyn> done :)
<rharper> thx!
<hallyn> thank you :)
<runelind_q> I'm using ZFS backing
#ubuntu-server 2016-06-16
<hallyn> rharper`: all tests pass with that qemu merge, so pushing.
<Yuri4_> What port should be opened to do sudo git clone?
<RoyK^> Yuri4_: from the client?
<Yuri4_> RoyK^, from terminal
<RoyK^> and why sudo git? git works well as a normal user
<cpaelzer> Yuri4_: also depends on the url format you clone, could be http, https, ssh - all different ports
<Yuri4_> sudo git clone git@github.com:TelescopeJS/Telescope.git
<Yuri4_> Permission denied (publickey).
<RoyK^> don't use sudo with that
<cpaelzer> and it is not a port issue
<RoyK^> and you probably need just the right key
<Yuri4_> What key?
<RoyK^> Yuri4_: is this your repo?
<Yuri4_> RoyK^, no it is a public repo that guide says to copy
<RoyK^> Yuri4_: git clone https://github.com/TelescopeJS/Telescope.git
<Yuri4_> Like "step 2 Clone this repository locally:"
<Yuri4_> RoyK^, thank you!
<Yuri4_> You are supposed to add your nick at nick@github.com:blabla ?
<RoyK^> you only need to login to git if you're member of the project and submitting code
<cpaelzer> Yuri4_: as RoyK^ said you don't need user for just clone and can use https, other wise if you need authentication e.g. to submit, this is about your issue https://help.github.com/articles/error-permission-denied-publickey/
<Yuri4_> cpaelzer, RoyK^ thank you
<Norbin> I edited crontab to run a python script every minute: "* * * * * python /home/shay/scripts/my_script.py"
<Norbin> If I run the very same command ("python ...") directly, it works. I can see under /var/log/syslog the CMD executed every minute,
<Norbin> I even tried to output (>>) to a file, and the file gets created, and remains empty. Eventually the script doesn't get executed which is my problem. any idea what else I can check?
<Norbin> var sys log shows this every minute: Jun 16 13:21:01 elk CRON[2903]: (shay) CMD (python /home/shay/scripts/my_script.py)
<bekks> You are not using a full path to the python binary.
<Norbin> i tried that
<Norbin> i had /usr/bin/python
<Norbin> same problem
<bekks> You need that, in every case. Cron does not use the users environment.
<bekks> And all paths inside your script need to be absolute as well.
<Norbin> oh, so doing something like open('filehere.txt') is not good?
<Norbin> because i do that often in my script
<RoyK> Norbin: just chmod +x my_script.py and add #!/usr/bin/python in the first line of the script
<bekks> Norbin: open('/full/path/to/file.txt')
<sarnold> Norbin: does your script ensure its current working directory is as expected before using relative paths?
<Norbin> nope it does not, fixing that right now
<Norbin> works, did both the absolute path and the chmod
<Norbin> cheers
<teward> with regards to dovecot I have one question.  If it's using mbox format, and the mbox doesn't exist yet in /var/mail/${USERNAME} but INBOX is configured to be in that directory, will Dovecot attempt to create the mailbox for INBOX before having mail delivered to it?
<RoyK> teward: it will, and don't use mbox
<RoyK> teward: use maildir - it scales
<RoyK> mbox sucks
<teward> RoyK: yes it does.
<RoyK> it's like 30 years old
<teward> RoyK: existing setup uses Postfix to receive and deliver mail to mailboxes, will that work with dovecot in maildir format?
<teward> RoyK: remember, I inherited this migration project from someone else :P
<teward> the less I have to 'switch over' in the short term the better
<RoyK> old distro too?
<teward> mhm
<teward> new issue: can't get mail box data from old -> new without new locking when rsync maxes the CPUs
<teward> s/locking/locking up/
<teward> so......
<teward> configs are already moved.
<RoyK> locking up?
<teward> RoyK: CPU softlock
<RoyK> I/O wait?
<RoyK> oh
<teward> CPUs peg at 100% on all 4, and seizes up
<RoyK> bad kernel, perhaps
<teward> RoyK: well, i reapplied the latest kernel now
<teward> so we'll see this evening when I rsync data over
<RoyK> don't we all love that sort of jobs
<teward> but if, with the mbox config, we can just "fire it up" with empty INBOXes that may solve things
<teward> it's for a home-grown listserv solution so it was never 'built' to scale it seems
<teward> and it involves Linux / MSSQL stuff
<teward> so... *shivers*
<teward> RoyK: but if mbox will recreate the INBOX if it doesn't exist, I can just say "SCREWIT!" and switch to the new server, keeping a backup of the old mbox files
<teward> :P
<RoyK> teward: if the customer/boss/something allows for that, fine
<teward> there's a meeting today :P
<teward> but yes.
<teward> short of a drive-to-drive sync via disk IO instead of network/rsync/scp i have no other options
<teward> with USB passthrough'd drives and what not *shivers*
<teward> (VMware house, otherwise we'd be using qemu or something)
<adac> I have some ssl keys I need for an app. is there a special place where they are usually saved?
<sarnold> web servers often store theirs in /etc/ssl/private -- I don't know if that overlap would be beneficial or harmful for your application, but it's a starting point
<adac> sarnold, kk thanks!
<fernando_> Hey guys, I would like to lear how you create Ubuntu 16.04 AMI at cannonical, since is not possible to the import-image api call. The latest supported version is 15.10
<fernando_> thanks
<sarnold> fernando_: have you found this yet? https://cloud-images.ubuntu.com/locator/
<fernando_> Yes sarnold, thanks btw. But I want to have custom partitions with LVM
<fernando_> So I'd like to know how cannonical guys build their own AMIs for Ubuntu 16
<rbasak> Odd_Bloke: ^
<rbasak> Odd_Bloke: worth an FAQ entry somewhere?
<teward> RoyK: barring the evil method of indexing that we have which requires reaching into one of the inboxes temporarily, is there a way to completely trim old messages from mbox-format storage?  Assuming a conversion to maildir is in "phase two" of the migration.
<teward> RoyK: (the evil indexing requires us to keep the messages around, so 'clean' mboxes for all the accounts is a no-go but we need to have only one of the inboxes remain intact)
<Odd_Bloke> fernando_: The way we build images is, unfortunately, pretty obscure (and depends on some services that aren't publicly available); I can point you at the scripts, but you may be better served by another way of producing an image.
<Odd_Bloke> fernando_: (We do things the way we do because we want to produce a very generic image that makes few assumptions about what users will do with it; you are probably not constrained in the same way)
<Odd_Bloke> fernando_: Why is the import-image API call unusable?
<fernando_> Odd_Bloke: import-image is the API call
<fernando_> AWS documentation says Ubuntu 16 is still unsupported
<coreycb> beisner, qemu 1:2.2+dfsg-5expubuntu9.7~cloud5 is ready to promote to kilo-updates when you get a chance
<Odd_Bloke> fernando_: Oh?  Can you give me a link to that?
<fernando_> What I'm thinking is to mounting ebs volume, use qemu-nbd to mount vhd and then dd to the clear EBS
<fernando_> does that make sense?
<fernando_> http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/VMImportPrerequisites.html#vmimport-operating-systems
<Odd_Bloke> fernando_: A VHD which you've created locally with your LVM configuration?
<fernando_> yes
<fernando_> with VirtualBox
<RoyK> teward: just convert it to maildir
<coreycb> beisner, also everything in mitaka-staging is ready to promote to mitaka-proposed
<Odd_Bloke> fernando_: I expect that is just out-of-date documentation; for example, Ubuntu 15.04 is out of its support lifetime.
<Odd_Bloke> fernando_: (As are 12.10, 13.04, and 13.10, by several years)
<sarnold> hah, out of that list only two are still supported
<fernando_> ups sorry guys
<fernando_> bad link
<fernando_> let me update it
<fernando_> http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/VMImportPrerequisites.html
<fernando_> and in fact
<fernando_> the api call returns
<Odd_Bloke> fernando_: That's the same link. :)
<fernando_> "Unsupported kernel 4.4"
<Odd_Bloke> Ahh, interesting.
<Odd_Bloke> fernando_: What type of image are you trying to import it as?
<Odd_Bloke> fernando_: (I've never used this command, apologies if my questions don't make sense :)
<fernando_> Is the right link, isn't it? "Ubuntu 12.04, 12.10, 13.04, 13.10, 14.04, 14.10, 15.04"
<sarnold> of that list only 12.04 and 14.04 are still supported
<fernando_> I converted vmdk to ova and then did the call
<Odd_Bloke> fernando_: Would you be able to pastebin the command that you ran?
<guampa> esta bueno
<guampa> oops sry
<fernando_> Odd_Bloke
<fernando_> yes sure
<fernando_> Odd_Bloke: http://pastebin.com/RdjfkjM2
<sarnold> no error?
<teward> RoyK: okay... how do I do that when I cant get it to the new system
<teward> again, stuck with the E:NoRSYNC issue
<teward> (CPU softlockup)
<sarnold> call vmware and ask em why it falls over?
<RoyK> teward: just google it
<RoyK> teward: that sucks - something wrong with the hardware?
<teward> i'm assuming kernel, I was able to replicate the issue on a Wily box on completely different hardware
<RoyK> teward: pull out the disk and put it into something else (like a shredder)
 * teward shrugs
<sarnold> heh
<teward> I'll fix it heh
<teward> just gotta salvage that one mailbox :P
<RoyK> teward: got a backup of the data?
<RoyK> teward: last time I moved a mail server I just backed it up and restored from backup (using bareos, a bacula fork)
<teward> RoyK: if we do it's inside the copy of the VM
<teward> and not 'standalone backup'
<teward> i didn't set up the environment heh
<RoyK> well, it's a VM, setup a new one and attach the disk to that and rsync it
<Odd_Bloke> fernando_: Thanks, and what error do you see?
<teward> RoyK: again, not my call.  If i had eternal god power here, I'd create a separate VMdisk, format it the filesystem I need, put the data there, detach it, put it on the new VM that already exists, copy data that way
<RoyK> then tell the gods to do that
<RoyK> it's not like it takes a lot of time
<teward> yep
<teward> probably a Monday task
<teward> :P
 * teward has a long weekend coming up, if he can push that to Monday he will :P
<maddawg2> you taking tomorrow off
<RoyK> teward: it'd take me about five minutes :P
<fernando_> Odd_Bloke: Unsupported kernel version 4.4...
<fernando_> which does not happen with trusty
<teward> RoyK: yes.  It would.  :P
<teward> if I had that power :)
<teward> oops i need to update these VMs... eheheheheheh
<RoyK> teward: heh - I work with vmware - it's not hard ;)
<teward> RoyK: so do I - my two hypervisors at my apartment (HAIL GODMODE!) are VMware
<teward> it's a VMware house here
<teward> but i don't have the VMware access
<teward> the one who does?
<teward> out until tomorrow
<teward> and I'm not here tomorrow :)
<Odd_Bloke> fernando_: If you could paste the entire command and output together, it would make it much easier to point our EC2 contact at the issue. :)
<teward> (here at work, not necessarily 'not here on the internet')
<RoyK> teward: you could ask the admin to give you access to your vm, though
<fernando_> Ok, I will run it again :)
<Odd_Bloke> fernando_: Thanks. :)
<RoyK> teward: if things are setup with SSO correctly, it *really* shouldn't be a problem
<teward> RoyK: we can discuss system setup another dat
<teward> day*
<teward> outside my purview to comment on how things're set up :p
<teward> that said... I love my own to Vmware hypervisors :)
<RoyK> we have 15ish nodes in our clusters
<RoyK> works rather well
<RoyK> even when one guy (that was me, btw) managed to pull out the wrong blade once (just started working there) - the VMs just popped up on other nodes in the cluster
<sarnold> wow, nice
<fernando_> Odd_Bloke, takes some time, hang on a second. Thanks, btw :)
<Odd_Bloke> fernando_: Sure, no rush. :)
 * RoyK was sweating a bit right then - wanted to hard reboot a blade that was troublesome and just yanked it and had a ping running at it which just continued and found that - oops - wrong blade centre - called my boss .... that was just two months after I started working there
<beisner> coreycb, qemu pushed to uca kilo-updates re: bug 1587039
<ubottu> bug 1587039 in Ubuntu Cloud Archive kilo "aio: strengthen memory barriers for bottom half scheduling" [Undecided,Fix released] https://launchpad.net/bugs/1587039
<fernando_> Odd_Bloke: http://pastebin.com/mTFpeXw1
<Odd_Bloke> fernando_: Brilliant, thanks!
<fernando_> thanks to you :)
<coreycb> beisner, thanks and I see the packages moving to mitaka-proposed \o/
<beisner> coreycb, * @ mitaka-staging (http://pastebin.ubuntu.com/17397848/) pushed to mitaka-proposed in uca
<coreycb> beisner, awesome
<EmilienM> jamespage: I think I already reported this issue but in case I missed it, when running tempest/master and your newton repo: http://logs.openstack.org/88/330188/3/check/gate-puppet-openstack-integration-3-scenario002-tempest-ubuntu-xenial/d5cefca/console.html#_2016-06-16_13_33_34_856
<Apocope> I'm trying to get either icinga or icinga2-classicui working in Xenial. Under both, the menu on the left displays for a moment and then slides up and is invisible. Anyone seen this?
<RoyK> Apocope: no - perhaps try #icinga - haven't used it much for years... moving to zabbix now
<Apocope> RoyK: Yeah, maybe. I'm suspicious that it's something to do with the packaging, it's not really anything to do with the functioning itself. I have it running fine on 12.04.
<RoyK> really, no iea
<RoyK> idea
<nacc> Apocope: i can try and help you out, otp right now
<nacc> Apocope: i don't know much about either, but i am probably responsible (php7 migration) for any breakage :)
<RoyK> oh - php changes
<RoyK> those usually break things
<nacc> RoyK: :)
<Apocope> nacc: Ok, I'll poke around a bit..
<nacc> Apocope: spinning up a container
<Apocope> nacc: Ok, in icinga, it's the menu.html that's displaying the unwanted behaviour. I copied the menu from the 12.04 install, it does the same thing. In fact, it's exactally the same between the distributions.
<nacc> Apocope: right, it's probably some underlying thing -- what's the URL normally?  I know nothing about icinga :)
<Apocope> nacc: It's $SERVER/icinga/menu.html
<nacc> Apocope: thanks
<nacc> Apocope: give me about 5 minutes to get setup
<nacc> Apocope: if i can reproduce it, i'll probably ask you to file a bug :)
<nacc> Apocope: what's the admin username?
<nacc> Apocope: ah, icingaadmin, of course :-P
<nacc> Apocope: reproduced
<nacc> (with icinga)
<Apocope> nacc: Glad it's not just me.
<nacc> Apocope: can you file a bug please?
<nacc> Apocope: i'll try and figure out how to debug :)
<Apocope> nacc: Ok.
<nacc> Apocope: feel free to subscribe me, as well (same lp username as my nick)
<nacc> Apocope: have you tried 14.04, btw?
<Apocope> nacc: Yes. I believe it works properly there. Let me verify.
<nacc> Apocope: ack, i'm checkign too
<nacc> Apocope: also, thanks for bringing this to our (my) attention ...
<cduston> Hey all, I'm looking for some help with a new Landscape (on premises) install
<cduston> (also new to IRC, so sorry in advance for anything annoying I do!)
<cduston> So, Landscape appears to be working fine, (for example I can update packages), but when I click on one of the alerts, I get a System Error, an apology, and very long OOPS ID. Any thoughts?
<Apocope> nacc: I've filed a bug and subscribed you. Thanks.
<nacc> Apocope: thanks, trusty does seem to be fine
<nacc> Apocope: hrm, the contents of icinga-cgi are quite different
<nacc> i wonder if it's a js issue
<Apocope> nacc: I wouldn't be suprized.
<nacc> Apocope: digging into it, like i said; probably not my highest priority, but will do my best
<nacc> Apocope: unfortunately nothing is throwing any errors, so it's tricky to debug :)
<Apocope> nacc: I understand exactally how it goes.
<nacc> Apocope: in chrome, the developer console indicates the size of the menu is 1073 x 0 :)
<Apocope> That doesn't seem right.
<nacc> nope, and it's a computed value, i think ... i wonder how that's happening
<EmilienM> coreycb: good afternoon!
<EmilienM> coreycb: we're facing issues with OpenStack packages that try to start services when running apt-get. It's a problem if you deploy your API in WSGI with Apache for example (Nova, Ironic, etc).
<EmilienM> you need to stop nova-api service before starting apache otherwise you have binding issues
<EmilienM> of course we can do that with automation tools but I thought this feedback would help you to understand why it's not helping to start services automatically
<coreycb> EmilienM, didn't this discussion already occur?
<EmilienM> coreycb: indeed
<TodPunk> I have a Dell Poweredge 850 (kinda old, 4 years-ish I think) that I ran the 16.04 installer on, and after the reboot it goes past POST and then to  a solid black screen (At 1280x1024) and does some hard drive access but never goes anywhere else.
<TodPunk> I'm trying to figure out what is happening to it, but it doesn't do any network traffic, let alone start SSH, and I get not keyboard response
<TodPunk> I have also tried to login without a monitor to confirm I'm doing it right, and just reboot.  This doesn't seem to do anything either
<TodPunk> No errors from the grub install, and it is going to the right hard drive when it does so
<TodPunk> Any ideas to point me at?
<nacc> it seems like LP: #1544296 is marked as affecting the wrong package
<ubottu> Launchpad bug 1544296 in symfony (Ubuntu) "IPv6 autoconfiguration adds default route to Neutron tenant networks on qbr- interfaces" [Undecided,Confirmed] https://launchpad.net/bugs/1544296
<bekks> !nomodeset | TodPunk
<ubottu> TodPunk: A common kernel (boot)parameter is nomodeset, which is needed for some graphic cards that otherwise boot into a black screen or show corrupted splash screen. See http://ubuntuforums.org/showthread.php?t=1613132 on how to use this parameter
<TodPunk> I shall try that.  I saw that before and it seemed unrelated, but I presume we'll find out
#ubuntu-server 2016-06-17
<tempspace> Does anybody know if Ondrej Sury is ever around this room?
<nacc> tempspace: off and on, but he's more likely to be found in debian channels, i think
<nelson777_> hello, I recently bought a vps from interserver.net and I found it strange that iftop command shows as source host mirror.xpinator.com instead of the name I put in hostname. Anyone knows why ?
<sypher> nelson777_: What ubuntu release, and how exactly did you set the hostname?
<nelson777_> ubuntu server 14.04
<nelson777_> I set the hostname to yggdrasil
<sypher> nelson777_: How *exactly*?
<nelson777_> http://pastebin.com/VMzAhpGc
<sypher> nelson777_: You might find it easier to simply use hostnamectl.
<sypher> nelson777_: http://manpages.ubuntu.com/manpages/trusty/man1/hostnamectl.1.html
<nelson777_> I used it. But I already found what it was: the reverse dns was set to that name
<nelson777_> thanks anyway
<masuberu> hi
<masuberu> I would like to nfs mount a folder on my ubuntu server to my mac
<masuberu> at the moment it is giving me a permission denied
<masuberu> I believe because the UID doesn't match
<masuberu> now the question is, the UID on my mac is 501 which is lower than 1000
<masuberu> would it be ok to create my user on my ubuntu server and manually change the UID to 501?
<tarpman> masuberu: if you haven't already created the user, you can tell adduser which uid to use, see the man page for details
<tarpman> masuberu: some things in ubuntu might ignore users with a uid less than 1000 due to considering them 'system users'. not sure if that's true of anything on server; anything I can think of offhand that would do that are all desktop-ish things
<masuberu> yes, but i know that ubuntu gives an UID higher than 1000, I am not sure if I am breaking something assigning an UID lower?
<masuberu> ok
<tarpman> assuming the uid already exists, I don't think you'd be breaking anything
<tarpman> er
<tarpman> *doesn't already exist :
<tarpman> :)
<masuberu> yep
<masuberu> ok I will give it a go
<masuberu> thank you!
<masuberu> for NFS access... does it have to match the username, UID and GUID?
<tarpman> uid and gid for sure, for the type of nfs you're talking about I don't *think* username matters (but I could be wrong)
<tarpman> and gid only if it matters for your access control needs, really
<tarpman> I think by default a new user in ubuntu will get a 'personal' group (a group with the same name as the user) - I don't remember whether mac does that?
<tarpman> you don't need to make your ubuntu user's personal group gid match the 'users' group gid on your mac, is the point I'm meaning to make
<mowthegrass> Has anyone tried setting up password for grub
<mowthegrass> i did set up one , but autoboot doesnt work it always wait for user intervention
<mowthegrass> TIMEOUT in /etc/default/grub does work however its gets highlighted and selected on selection it prompts for username and password
<lordievader> Good morning.
<adun153> hi!
<lordievader> Hey adun153
<adun153> hey lordievader
<adac> how to solve such a locale error? https://gist.github.com/anonymous/779ebf4e59c465083e8035535fe95dbb
<adac> actually it is more of a warning
<lordievader> adac: http://askubuntu.com/a/227513
<adac> lordievader, thanks I'll try that out
<lordievader> Let me know if it works ;)
<pirx> i just installed 2 new ubuntu 14.04 servers, and i can't TAB-complete on arguments to the "service" command. Any ideas why? :)  (i can on almost all other of my ubuntu-servers)
<adun153> pirx, does your user have a .bashrc in its home directory?
<pirx> adac: yes
<pirx> and it seems to source /usr/share/bash-completion/bash_completion at the end there
<pirx> and that file there is identical to one that i have in a server where this tab-completion works fine
<pirx> also, tab-completion in general *does* work, but not for arguments to the "service" command
<pirx> annoying:)
<lordievader> pirx: Is the bash-completion package installed?
<pirx> isnt it always? :)
<pirx> yes its installed
<pirx> all other completion works so...
<pirx> all other that i know of anyway
<lordievader> What happens when you source it manually?
<pirx> lordievader: i source it, no errors, but tab-completio still fails
<lordievader> Hmm, not really sure where the problem might lie.
<jamespage> coreycb, erm
<jamespage>   * Note: Skipping 0ubuntu3/4 because they were yakkety-only releases.
<jamespage> ?
<coreycb> jamespage, doesn't seem ideal
<jamespage> coreycb, 2:13.0.0-0ubuntu2.1 would have been better
<coreycb> jamespage, yakkety has moved on to 2:14.0.0~b1-0ubuntu3 so I figured 2:13.0.0-0ubuntu5 would be ok
<jamespage> coreycb, well it is ok from a versioning perspective but the .1 is more consistent with sru point releases...
<jamespage> just looks odd like you say
<coreycb> jamespage, ok. I never really understood when to do a .1 or not tbh.
<teward> coreycb: https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Update_the_packaging is the guide I use
<teward> logic stands for both Security and SRU updateds
<coreycb> teward, thanks, me looks
<teward> version examples is the string i rely on pretty heavily
<teward> jamespage: sorry for hijacking :0o
<teward> :)  *
<jamespage> teward, you saved me find it - ta
<teward> jamespage: bookmarks are nice :)
<teward> that, and I had it open anyways :0
<teward> that, and I had it open anyways :)
 * teward is working on debdiffs for an SRU
<teward> 'cept that the same version of the package exists EVERYWHERE so it's even more painful :)
<teward> rbasak knows which package/bug I"m referring to :p
<coreycb> teward, that's very useful thanks
<teward> coreycb: you're welcome
<teward> you can thank the MOTUs and Security team for giving me that an age ago when I started out working in the packaging world :P
<teward> coreycb: but to echo jamespage, the data in that guide is pretty good for identifying what should be done for a package version bump.  There are edge cases, I think, but in most cases the guide is far more useful
<teward> that, and yakketyVersion > xenialversion > wilyversion > trustyversion > preciseversion  is a valid analysis
<teward> SRU version string shouldn't ever be higher than any of the releases after the affected one, AIUI
<teward> https://launchpad.net/~teward/+archive/ubuntu/pymssql/+packages is an example of how I did this for one mass SRU, but I should point out that that's gonna get poked and nuked shortly because I messed up *those* debdiffs :P
<teward> 1.0.2+dfsg-2  --> 1.0.2+dfsg-2ubuntu1 (yakkety), 1.0.2+dfsg-2ubuntu0.16.04.1 (xenial), etc.
<teward> :P
<teward> but in the case of what it looks to be here, a .1 would be sufficient
<teward> per the guide
 * teward goes back to poking the servers at work to migrate dovecot and inbox data from an ancient server to a new one
<coreycb> teward, sorry, been reading.  bookmarked, thanks again :)
<teward> jamespage: so, Yakkety is 2:14.0.0~b1-0ubuntu3 and their verisonstring/changelog had 2:13.0.0-0ubuntu5  ?
<teward> just so I'm fully understanding :)
<teward> coreycb: ^
<coreycb> teward, yes the 13.0.0-0ubuntu5 is xenial
<coreycb> teward,  13.0.0-0ubuntu2 was xenial, and  13.0.0-0ubuntu3 and  13.0.0-0ubuntu4 were yakkety.
<coreycb> 13.0.0-0ubuntu2.1 would've made more sense for the xenial update
<teward> indeed
<teward> just wanted to clarify what the problem was when I randomly interjected :)
<jamespage> coreycb, don't stress about it to much - 3 and 4 are superceeded versions and as you point out its still earlier than the version in yakkety
<teward> ^
<jamespage> coreycb, the SRU team accepted it after all!
<coreycb> jamespage, I'm not :)
<teward> speaking of SRU I need to get these debdiffs rolling
 * teward is just a little lazy :/
<coreycb> teward, get back to work!
<coreycb> :)
<teward> coreycb: coffee
 * teward has none
 * teward needs some
<jamespage> ddellav, coreycb: as I did not do my ci shift yesterday fixed up newton failures am today
<jamespage> mainly rebase/drops of patches
<coreycb> jamespage, thanks
<ddellav> jamespage thanks. I'll mop up anything left
<jamespage> a few stable failures (4) but that's it
<jamespage> coreycb, ddellav: fwiw I think we should have branch builds going for anything that we have charmed; so once we get there, we need to include mistral and murano as well
<jamespage> we can discuss...
<coreycb> jamespage, makes sense
<ddellav> coreycb before i head out to lunch, here's the keystone sru repo: lp:~ddellav/ubuntu/+source/keystone it builds successfully, plz review and push and i will subscribe the sru team to lp:1592865
<coreycb> ddellav, ok
<jamespage> smoser, have you actually seen https://bugs.launchpad.net/python-novaclient/+bug/1559072 on xenial?
<ubottu> Launchpad bug 1559072 in python-novaclient (Ubuntu Xenial) "exceptions.from_response with webob 1.6.0 results in "AttributeError: 'unicode' object has no attribute 'get'"" [High,Confirmed]
<coreycb> ddellav, keystone still fails with the dh-python failure: http://paste.ubuntu.com/17440199/
<ddellav> coreycb are you building locally? https://launchpad.net/~ddellav/+archive/ubuntu/xenial-mitaka/+build/10035503
<coreycb> ddellav, you mentioned you had a fix for dh-python yesterday?
<ddellav> coreycb my fix was to remove that line from requirements.txt but it builds successfully as-is in the ppa so i didn't make that change
<ddellav> i assume its because the sbuild chroot does not pull in proposed updates or something like that
<coreycb> ddellav, hmm not sure because the dh-python fix is in xenial-updates already: https://launchpad.net/ubuntu/+source/dh-python
<ddellav> coreycb im not sure then, for some reason the ppa is getting the fixed version of dh-python and sbuild locally is not.
<nacc> ddellav: are you making sure to run an `apt-get update` locally? and possibly pass -U ?
<ddellav> nacc the first thing sbuild does before it runs the build is update apt-get and upgrade
<ddellav> but i explicitly ran an update and upgrade anyway just to make sure
<nacc> ddellav: ah you're right, i was confusing with adt, sorry!
<nacc> ddellav: do your sbuild logs indicate it's hitting updates at all?
<ddellav> nacc all good, any suggestions welcome
<ddellav> nacc yes, it hits it and updates but there are no upgrades to be done currently. I also watch the build as it's running and it shows the update
<coreycb> ddellav, I wonder if by default sbuild doesn't have -updates enabled
<ddellav> coreycb that would certainly explain it
<coreycb> ddellav, from your ppa build -- Get:13 http://ftpmaster.internal/ubuntu xenial-updates/main amd64 dh-python all 2.20151103ubuntu1.1 [74.1 kB]
<nacc> ddellav: it would depend on your local sbuild env's configuration
<coreycb> ddellav, from sbuild logs -- Get:9 http://archive.ubuntu.com/ubuntu xenial/main amd64 dh-python all 2.20151103ubuntu1 [74.4 kB]
<nacc> ddellav: you can always try passing an --extra-repository
<ddellav> coreycb i see that as well: Get:17 http://archive.ubuntu.com/ubuntu xenial/main amd64 dh-python all 2.20151103ubuntu1 [74.4 kB]
<ddellav> let me look at the config
<ddellav> yea, its not enabled in the chroot. This needs to be fixed on all our sbuild envs
<coreycb> ddellav, we may just need to fiddle with SKIP_UPDATES:  https://wiki.ubuntu.com/SimpleSbuild
<ddellav> coreycb https://wiki.ubuntu.com/SimpleSbuild these are the instructions i followed when setting up sbuild ages ago, in the .mk-sbuild.rc they have SKIP_UPDATES and SKIP_PROPOSED
<ddellav> lol
<coreycb> ddellav, heh
<coreycb> ddellav, anyway can you rebase your keystone updates and I'll fix up my sbuild and land that
<ddellav> coreycb thats for making new environments though, so does that mean i'll have to nuke them all and start over?
<ddellav> ok
<ddellav> coreycb will do
<coreycb> ddellav, yeah but that's not a huge deal
<ddellav> coreycb thats true, there's nothing stored there
<ddellav> coreycb ok, keystone rebased and pushed
<coreycb> ddellav, ok
<coreycb> ddellav, nacc: btw, I just created a yakkety sbuild chroot with SKIP_UPDATES and SKIP_PROPOSED commented out and updates is now enabled.  same config as last time but I have a feeling maybe the updates pocket didn't exist last time.
<ddellav> coreycb i went to re-create my sbuild chroots and when I did a reverse history search for the command i found i passed the --skip-updates flag as well, not sure why past-me was a dumbass
<coreycb> ddellav, oh that'll do it
<ddellav> jamespage it looks like you updated python-glance-store to 0.9.2, possibly to fix a ci issue. Are you going to upload that to wily?
<hggdh> kirkland: just a question: why does gnome-software show byobu as non-free (I know it is GPL3)?
<hggdh> kirkland: also, it seems the copyright notice in ./share/doc/byobu/copyright should be updated (goes up to 2014 only)
#ubuntu-server 2016-06-18
 * I_AM_EJACULATING slaps her pussy for FREEDOM!  CHOLBY RULES
<hicoleri> I there a definitive guide I can follow to learn about setting up a webserver, server-side scripting in the language I want and websockets?
<lordievader> Good morning.
<mollox> hi (i come here as directed by https://help.ubuntu.com/lts/serverguide/httpd.html )
<mollox> does anybody know if it is possible to increase the apache2 process priority
<mollox> in the config
<ikonia> apache doesn't set the priority
<ikonia> the scheduler does
<mollox> ok
<mollox> thanks
<mollox> be nice to set nice .. bnvm
<ikonia> should you really need to set it ?
<ikonia> if you need apache at a high priority than the scheduler thinks....are you using apache right
<mollox> if i set it through system-monitor i get a tiny bit better download speed over LAN
<ikonia> download speed ?
<ikonia> what's the actual problem you're trying to solve
<mollox> it's not that important .. but i am copying 12gb .. and waiting a long time :)
<ikonia> 12GB over http
<mollox> yeah
<ikonia> doesn't seem the best of ideas
<ikonia> nice'ing apache shouldn't be required,
<mollox> i could use a usb disk ..
<ikonia> why are you using http ?
<ikonia> why not something like rsync
<mollox> nice=-20 gives me just a bit better speed
<mollox> rsync uses ssl
<ikonia> mollox: thats a false economy
<mollox> it's only for me
<ikonia> so ?
<ikonia> what's the problem with rsync
<mollox> ssl overhead
<ikonia> nonsense
<ikonia> it will be quicker than 12GB over http
<ikonia> and if you drop a packet you don't have to start again
<mollox> tried it .. it is maybe 150% more
<mollox> time
<ikonia> no way
<ikonia> you have a problem ten
<ikonia> thne
<mollox> well it is on my old rig
<ikonia> then
<mollox> encrypt at source and decrypt at dest adds a serious over head for 12gb
<mollox> normal priority gives about 1.8mb/sec over 100mbit LAN
<mollox> nice=-20 gives about 2.4mb/sec
<ikonia> disagree
<mollox> do it and see .. i am doing it now
<mollox> anyway .. it's only for one file and only need it done once
<maswan> what kind of servers are these? it's been a long, long time since a normal httpd would saturate a gigE with insignficant cpu load
<mollox> its a 100mbit not Gbit
<mollox> server is an old intel p4 2.3ghz
<maswan> yeah, that's the generation of hardware that were among the first to be able to solidly sustain gigE
<mollox> cpu load is ~14%
<mollox> with ssl the jumps to ~35%
<mollox> ~25%*
<mollox> its working fine .. just wondered about the apache2 config and nice .. many programs let you set it in config .. not apache .. nvm
<RoyK> mollox: how is the load average as reported by for instance 'uptime'?
<mollox>  13:45:46 up  2:41,  3 users,  load average: 3.28, 2.78, 2.51
<RoyK> mollox: how many cpu cores?
<mollox> server = 2cpu (not cores tho)
<mollox> pentium4 2.3ghz x2
<RoyK> generally, the load average shouldn't be higher than core count
<RoyK> that indicates a heavily loaded system
<RoyK> either cpu or I/O or both
<mollox> i guess it is a bit over loaded
<RoyK> not a lot, though
<mollox> well .. gotta get the most out of it ;)
<RoyK> how old is this box?
<mollox> oooold .. 10years or so
<RoyK> probably older
<mollox> i expect it was when first launched .. i had this for 10years ish
<mollox> and it is XPC-Shuttle (SIS chipset i think)
<mollox> its done a great job in its lifetime
<mollox> Phew ! saved by wget .. thought it was gonna bail out at 93%
<mollox> all done .. thanks for your time .. b4n
#ubuntu-server 2016-06-19
<jak2000> hi all
<jak2000> how to copy a file from svr1 to svr2 without ask a password? using scp command
<patdk-lap> jak2000, it should *just work*
<patdk-lap> assuming you setup your key
<Beautiful> hello. can anyone give me examples of big companies that currently use ubuntu as their server solution? thanks
<patdk-lap> !poll
<Xin> Beautiful; many use it for servers etc
<Xin> few use it for full desktop networks supporting end users
<Beautiful> Xin, oh yeah. right after i ask the question i found on their page they are partnered with a bunch of people. well their logos
<Xin> which means.. what?
<Beautiful> Xin, um....that it can be trusted?
<Xin> im partnered with google technically
<Beautiful> it means that many big companies use ubuntu servers
<Xin> can my os be trusted now
<Beautiful> so its like battle tested and shit
<Xin> lol yes, it is very widely used..
<Beautiful> yeah. it stood the test of time
<Xin> so was ssh with hartbleed
<Xin> ;))))
<Beautiful> Xin, if your OS was used by many many people i'd be inclined to trust it a bit more than others that have not been used by people
<Beautiful> but yeah i understand its not a definitive metric
<Xin> It's used by 10,000 people
<Beautiful> Xin, your OS?
<Beautiful> well how is it being used? is it used as a hobby or in production systems?
<Xin> yep
<Xin> production
<Beautiful> Xin, what is your os
<Xin> I call it UbuntuWithATrojan
<Xin> You should use it
<Xin> im in partnership with google
<Beautiful> why the Trojan part?
<Xin> No reason.
<Beautiful> lol....
<Beautiful> y u always lyin
<Beautiful> Xin, link me to your project then lol
<Xin> I'll send you a download link what's your email
<Beautiful> hahah
<Beautiful> i'll pass on dat
<Beautiful> topsecret@nsa.gov
<Beautiful> email for more inquiries
<Xin> wtf im sponsored by google
<Xin> I put their logo on my page bro
<Beautiful> thats why i give you the top secret email bro
<Beautiful> so you can send me in privacy
<jak2000> how to copy a file from svr1 to svr2 without ask a password? using scp command
<jak2000> need generate a key right anyone know a tutorial?
<LostSoul> Hi
<LostSoul> Anyone common with corosync and crm?
<Yuri4_> Guys, I'm a linux noob. Going to follow the tutorial on how to set up meteorjs (+nginx) on ubuntu 14.04, but on Ubuntu 16.04. Might I encounter problems because I'm using different version? It's for VPS in Azure.
<vbotka> Yuri4_, you may, but fitting to 16.04 should be trivial and straightforward.
<Yuri4_> vbotka, it wasn't trivial when my Apache wasn't working because of config location chane in 16.04. Is there are list of all of this changes?
<vbotka> Yuri4_, I see, best start would be to review the release notes https://wiki.ubuntu.com/XenialXerus/ReleaseNotes
<Yuri4_> Nope. Nothing about apache config change location there
<vbotka> Yuri4_, I see, 16.04 records are missing http://packages.ubuntu.com/search?keywords=apache2
<Yuri4_> vbotka, what does that mean?
<vbotka> Yuri4_, default is /etc/apache2/apache2.conf
<vbotka> Yuri4_, did the location change in 16.04
<vbotka> ?
<Yuri4_> vbotka, I had to edit /etc/apache2/sites-available/000-default.conf
#ubuntu-server 2017-06-12
<supercool> How do I load a command with high priority on ubuntu server?
<supercool> Could someone help me please?
<dpb1> supercool: look at the 'nice' command.   'man nice' for more info.
<supercool> dpb1: I got high sd from top
<supercool> guess it is not a inside issue but a server restriction of usage
<supercool> I use renice -n -20 -p # but didn't solve nothing
<JanC> also look at schedutil
<JanC> *schedtool
<DirtyCajun> can someone talk to me about snaps on ubuntu server ... am i seriously going to need to manage packages from 2 separate sources now?
<lynorian> DirtyCajun, you do not really need to need snaps if you do not want to you can still use all .deb
<DirtyCajun> lynorian, filebot (A wonderful program) has apparently moved completely to snaps.
<lynorian> I have not heard of filebot
<DirtyCajun> lynorian, its a great file/folder automation tool for media
<lynorian> DirtyCajun, I cannot find it in the repos
<lynorian> in trusty even
<DirtyCajun> lynorian, sudo snap find filebot
<DirtyCajun> im on 16.04.2
<lynorian> well if you used it without snaps you were already getting them from a seperate place
<DirtyCajun> lynorian, it was originally directly a .deb file from their site.
<lynorian> DirtyCajun, yes that is another source so I do not understand your question
<jushur> didnt subtitles get labeled eligal some court in EU a few months back?
<jushur> by some*
<TafThorne> jushur: Fan made sub-titles according to a Dutch court.  So that is a court within the EU but not an EU level court.  For those of you playing in the US think like a county (I do not think this was a big Dutch court yet) making a rulling.  There are probably bigger national courts for the Dutch (so like a State level court) that could weigh in and then after that someone might take it to an EU (federal) level court.
<TafThorne> Looks like that was going on at the end of April this year.
<jonfatino> Does anyone here work with Dell or HP servers a lot? I remember dell or hp used to have a tool that you could install on a massive amount of servers and it would collect all the stats for those servers. So when migrating to new servers you know how much resources you need etc
<jonfatino> I just can't remember the name of the utility.
<Poster> Dell is Open Manage iirc
<jonfatino> This is just a standalone application you can install on any server (virtual / etc)
<jonfatino> Just collects stats / resource usages / etc for 7 days then emails you
<mwhahaha> jamespage, coreycb: did you guys ever get the fix for sqlalchemy issues pushed to updates? http://logs.openstack.org/68/473268/1/check/gate-puppet-magnum-puppet-beaker-rspec-ubuntu-xenial/a1745a6/logs/magnum/magnum-conductor.txt.gz#_2017-06-12_08_07_37_626
<jamespage> mwhahaha: lemme check - I've had alot of plates spinning in the last week or so
<jamespage> mwhahaha: ah right - we pushed through updates to make magnum install; but that would appear to be an incompatibility with sqla 1.1.x
<mwhahaha> jamespage: ok, not a huge pressing issue but the magnum beaker jobs are blocked
<coreycb> jamespage, mwhahaha: i uploaded a new version of python-oslo.db in an attempt to fix that.  i wasn't positive that was the right fix but seemed relevant.
<macskay> hi guys trying to setup snort on my remote server running xenial. my ip ends with 111 and has a netmask of /27, so i set the home_net to 97/27 but when trying a port scan on my server the ids is not sending an alert. what could that be?
<rbasak> macskay: I'm not sure you've provided enough for a diagnosis, but you may find the "ipcalc" tool useful if you don't know about it.
<genii> Do you have broadcast ip set to .127 ?
<blizzow> RHEL offers a couple packages to manage virtualization tuning called tuned and tuned-adm. Is there an equivalent for ubuntu?
<hehehe> hi
<hehehe> I am running web app file permissions set to 660 and dirs to 770, now I moved from 14.4 to 16.4 appamor disabled, 403 yet to go
<hehehe> what else can i check?
<hehehe> btc 2400
<hehehe> thats still above 1900
<hehehe> why btc is overloaded?
<hehehe> lol wrong channel
<dpb1> hehehe: you were confusing me to no end
<hehehe> dont mind last lines
<hehehe> the question is about file permissions
<hehehe> I run a web app on 14,04 and 16.04
<hehehe> using 660 and 770 as permissions
<hehehe> but on 16,04 its yet to work
<Poster> make sure www-data is either the owner and/or group
<hehehe> that is done
<Poster> is it owned by www-data:www-data or something else?
<hehehe> nr1
<hehehe> www-data
<Poster> ok it sounds like you may have a path issue, can you pastebin the relevant configuration files?
<hehehe> path issue?
<hehehe> you mean nginx home path?
<Poster> yes, either the path to the files is incorrect or the www-data user cannot access it
<hehehe> well if I change permissions it does work
<Poster> change to what?
<sarnold> btw the 'namei -l /path/to/file' tool is superb. It saves a bunch of repetitive ls -l
<hehehe> just a moment
<hehehe> going to check something
<hehehe> Poster: I dont know
<hehehe> Poster: I guess permissions were inherited from 14.4 tar archive
<hehehe> cant be sure
<hehehe> something went wrong
<macskay> genii: Yes
<dpb1> sarnold: til, thx
<macskay> rbasak: Well basically this: https://unix.stackexchange.com/questions/370709/snort-not-firing-alerts?s=1|2.6134
<sarnold> dpb1: yeah isn't that nice? :) I'm surprised it's not more widely used
<hehehe> Poster: 755 644 works
<rbasak> macskay: I don't know snort, but what cutrightjm said. 176.9.103.97/27 is unusual. I'd expect .96 unless snort is special somehow.
<fallentree> hehehe: that means the web server is not running as www-data or the dirs/files that have g+r (regardless of o+r) are not in the group www-data
<hehehe> r the dirs/files that have g+r (regardless of o+r) are not in the group www-data how I can check if they are in a group
<hehehe> or not?
<sarnold> hehehe: namei -l is wonderful.
<hehehe> cool
<hehehe> sarnold: but whats it for?  I use ls all
<hehehe> to see who owns files and dirs
<sarnold> hehehe: ls -l is nice but it doesn't show you parent directories, only the specific thing you ask for. but the permission denied messages may be coming from directories higher up.
<sarnold> hehehe: you need to know the user:group and permissions of all directories and the target file in a pathname when a program reports 'permission denied'.
<hehehe> sarnold: fair point I did issue chown -r from the top dir, one above html root
<hehehe> i see
<hehehe> handy tool
<hehehe> www-data www-data index.php
<hehehe> and above same
<hehehe> its some kinda of small thing but I am yet to recall what is it
<hehehe> brb I may fix it now
<fallentree> hehehe: how are you running php? unless apache with php DSO, it's not the webserver that reads index.php
<hehehe> i use nginx and php fpm 7
<fallentree> if it's fastcgi, then it's the fastcgi daemon (eg. php-fpm) and user it runs under, not www-data (unless you configured it to run as www-data)
<hehehe> :)
<hehehe> fallentree: yes could be that also
<hehehe> going to recheck
<fallentree> with fastcgi, the web server sends a fastcgi request to php process, it doesn't check or touch the php files
<hehehe> i see
<hehehe> thanks for explaining
<hehehe> kinda common sense
<sarnold> once you understand how simple the unix access controls are you'll have trouble remembering that you used to find them difficult :)
<hehehe> :))))))))))))
<hehehe> lol
<hehehe> well so yes fallentree u were right
<hehehe> I checked box1 setup -where friend helped me
<hehehe> and box n2
<hehehe> listen.owner = www-data
<hehehe> listen.group = www-data
<hehehe> ;listen.mode = 0660
<hehehe> in box nr 1 listen mode is uncommented and set to 0666
<hehehe> I have changed listen mode to 0666 yet to work
<fallentree> 666 is not good, why world rw?
<fallentree> set up proper groups and permissions instead
<hehehe> fallentree: what is listen mode for anyway?
<fallentree> it's the owner of the socket file
<teward> it sets the permissions on the listener socket on the system.  You should probably *not* be messing with it.
<fallentree> example setup: you have multiple pools each running under different user, so you set the socket ownership to thatuser:www-data and 0660 mode
<fallentree> so nginx can rw to the socket
<teward> but unless you have such a setup, you should leave it alone.
<fallentree> teward: it was designed exactly to be messed with
<hehehe> correct
<hehehe> messing is good, and you learn :D
<fallentree> no, the proper answer is: learn what it does and decide how to set it up
<teward> fallentree: you're right, but i mean for a basic setup :p
<fallentree> all else is black magick
<teward> like a 'bare minimum'
<fallentree> no
<teward> (the rest is blackmagicks)
 * teward yawns
<fallentree> servers are not for users who don't understand how it works
<hehehe> its very easy to understand
<fallentree> of course.
<hehehe> onc explained
<hehehe> once
<sarnold> hehehe: if you set that mode 666 then you allow all users on the system to execute code with the privileges of the fpm service
<hehehe> thats not good
<sarnold> it's no big deal if it's a single-user machine and you don't care what happens; it's terrible if you've got multiple untrusted services or users on the system
<hehehe> so to sum up so far - I got 1 socket running owner is www:data group www:data, I want to use 660 and 770 permissions
<fallentree> hehehe: the socket must reflect ownership/mode so that BOTH nginx and php-fpm user can read and write to it. if both run as www-data, then yes, that's okay
<hehehe> yes they both run as such
<hehehe> idea is that dirs and files can be accessed only by owner and or group
<hehehe> which seems secure :)
<hehehe> well I meant modified
<fallentree> hehehe: if you want secure, also don't have the files owned and writable by the user running the php process.
<fallentree> only readable, but not writeable
<fallentree> that's why owning files to www-data is a bit insecure. the better setup is where the files are owned by root, in group www-data. 750 on dirs and 640 on files. fpm socket www-data:www-data, 0660.
<fallentree> however, only root can change those files (which is why it's secure). if you want sftp access, then it requires a different, a bit more complex setup.
<hehehe> fallentree: why would sftp nessesiate a bit more complex setup if I sftp as root?
<hehehe> I can then change files via chown
<fallentree> because you shouldn't sftp as root
<hehehe> its stfp so password cant be stolen
<hehehe> so whats the risks?
<hehehe> or  maybe use pem?
<fallentree> sftp requries ssh access as root and that should be avoided
<fallentree> (sftp as root requires....)
<hehehe> fallentree: but I use 70+ random char passwd
<hehehe> :)
<hehehe> so yes ok some can try and guess it and get tired
<fallentree> hehehe: history lesson: few years ago a debian maintainer fskced up and weakened ssh keys security, reducing the possible combinations to only 65k
<hehehe> oooo
<fallentree> that's why you should never allow root to log in
<hehehe> oki I can create some other user to login
<fallentree> in such a case, an attacker breaking through 65k combinations would still have to sudo things so there's additional layer of security
<hehehe> 65K is alot
<hehehe> but not really
<hehehe> if they ssh from say 50,000 ips
<fallentree> it's a few minutes to try all on a system that doesn't ban failed attempts
<hehehe> its fast
<hehehe> fallentree: but since then it was fixed right?
<fallentree> if they try from 65k ips, it'd be broken through in a fraction of a second :)
<fallentree> it was fixed. the lesson here is to NEVER trust things.
<hehehe> lol
<fallentree> the principle of least privilege should be your guide, if you want secure.
<fallentree> you don't need to log in as root, so reduce that privilege.
<hehehe> I do need sftp access
<hehehe> so setup some ordinary user and login as him?
<fallentree> yes
<hehehe> ok
<fallentree> but you can't chown/chmod php files to www-dat, those would have to be owned by the sftp user (if you want to manipulate the files over sftp), which is insecure as php can write own files.
<fallentree> that's where you use apparmor to fine tune what php-fpm can read or write.
<fallentree> OR
<fallentree> run php-fpm as another unprivileged user, and put that user into the sftp user group.
<fallentree> that way you can have files 640 (and dirs 750). sftp user can read/write, php process can only read. also put nginx (user www-data) into that sftp user group so it can read static files.
<fallentree> if php needs to write (uploads), have a specific directory for that, owned by the user running php-fpm, but then the sftp user won't be able to change those.
<fallentree> it's a trade-off any way you look at it. either it's easy but insecure, or secure but inconvenient.
<fallentree> convenient (sftp can rw, php+nginx can read) but secure requires complex (apparmor)
<hehehe> ok changing conf
<hehehe> first i will implement . the better setup is where the files are owned by root, in group www-data. 750 on dirs and 640 on files. fpm socket www-data:www-data, 0660.
<hehehe> to see  how that works :)
<hehehe> drwxr-x--- 8 root www-data added root to group www-data changed permissions
<hehehe> yet to work
<hehehe> now for some reason it gives nginx error index.html is foiden
<hehehe> forbiden
<hehehe> but its index.php ...
<hehehe> I am going to to shop to buy food
<fallentree> hehehe: do you have the "index" directive for the server{} ? if you want index.php to respond to example.com/  (without index.php explicitly stated), you need to set the "index" directive to index.php
<hehehe> home again
<hehehe> and yes I have index directive  think
<hehehe>     index index.html index.htm index.php;
<hehehe> it does work with less rescrtictive permissoions
<tomreyn> hehehe: are you mixing up 'index' and 'DirectoryIndex'?
<tomreyn> ignore this remark if this is nginx ratehr than apache httpd
<hehehe> it is nginx
<tomreyn> hehehe: if it says 'access forbidden' for index.html when you requested / then it means the web server thinks that the /index.html location exists and it should handle it somehow. this could be, for example, because you pass all requests (not just those for paths ending in .php) to php-fpm
<hehehe> tomreyn: I am planing to run open cart app on more secure permissions
<hehehe> its nearly ready
<hehehe> tomreyn: well nginx setup passed only php to php fpm
<hehehe> maybe its something to do with app code?
<zxliu> I'd there some way to install server packages from an ISO on a desktop system looking at virtual machine host group.
<nacc> zxliu: can you rephrase your question? you are on a desktop system and want to install server packages?
<sarnold> zxliu: apt-get install whatever
<nacc> zxliu: just install them, server and desktop use the same packages
<sarnold> skip the iso, the packages are liable to be out of date anyway
<nacc> sarnold: +1
<zxliu> in the past apt hasn't allowed adding ISO sources for installing
<sarnold> eh? apt-cdrom has been there for ever, and it's always been confusing to me why anyone would bother with it :)
<zxliu> nacc that is about right
<zxliu> sarnold why should it be confusing?
<nacc> zxliu: are you in an offline mode?
<zxliu> yes for building the base layer
<sarnold> zxliu: because in the time it takes to spin up a cd-rom you can often have downloaded the package entirely over the network..
<zxliu> ahem
<zxliu> we have reasons
<zxliu> the question does specify "from an iso
<nacc> zxliu: have you tried to use apt-cdrom? -- or you mean you are inthe installer and want to add more ISOs from there?
<zxliu> the desktop is installing now the server is laid down and U want to lift it into the desktop on a virtual machine
<zxliu> nacc so in the past yes apt-cdrom was tried
<nacc> zxliu: i'm unable to follow that sentence. desktop is installing *then* server is laid down? "want to lift it"?
<zxliu> and I expect the same thing to happen when this is installed the solution was to run a local web server to serve the apt packages
<zxliu> but the package database needs rebuilt is that so?
<sarnold> that's not a bad option, apt-ftparchive, aptly, among other tools, can make that process reasonable enough
<zxliu> laid down the n the disk
<zxliu> then it can be copied into a VM "lifted
<zxliu> ftp?
<sarnold> I rsync the entire archive to a local machine and used NFS mounts for a while; I stopped doing that because NFS mounts with a portable laptop were more annoying than they could have been..
<sarnold> yeah, don't worry about the ftp too much, we use the output of apt-ftparchive with apache or nginx as part of the workflow on the security team
<zxliu> so specify ftp::localhost/packagedir in the a apt config
<zxliu> so what needs be done then an extra script package for building an apt repo?
<zxliu> the server has an httpd installed
<sarnold> or 'deb http://192.168.122.14/ubuntu main' or whatever..
<zxliu> this can't be done until the server is up and running for the are installed on the same disk
<zxliu> so what command can be found for checking the deps of package group virtual machine host looks like the quickest route is to issue dpkg install commands singly
<sarnold> can you rephrase that question?
<nacc> zxliu: do you mean the virt-host task?
<nacc> isn't it something like
<nacc> apt install virt-host^
<zxliu> how can the packages and package dependencies for package group virtual machine host be resolved to a list for manual install with dpkg
<nacc> zxliu: well, you'd need all the packages in the tasks, all their dependencies, all their dependencies, ... until it stops growing, right?
<nacc> zxliu: why not just set up a repo?
<zxliu> repo requires a repo
<zxliu> I went through the possible routes in this chat
<hehehe> I set up server as following now - php fpm user and group www data , files owned by root who is in a www data group and I get following error - 2017/06/12  [error] 269#269: *4 FastCGI sent in stderr: "Unable to open primary script: /home/op/gd.com/index.php (No such file or directory)" while reading response header from upstream, client: xx.xxx.xxx.xxx, server: www.gd.com, request: "GET /index.php HTTP/2.0", upstream:
<hehehe> "fastcgi://unix:/run/php/op.sock:", host: "www.gd.com"
<zxliu> I can download a small script package if needed over cellular data.
<zxliu> I don't want to be download packages ges located on the install ISO.
<zxliu> What package is needed from the repo to setup a repo?
<zxliu> I can run the httpd in a chroot.
<zxliu> from the other part while on the desktop then do apt http://127.0.0.1/Ubuntu main
<zxliu> so I copy the packages over too var/www/ubuntu
<zxliu> is there something which scans and builds the package database for apt
<nacc> jamespage: mwhudson: do you happen to know if celery 4.0.2 is compatible woth python3.6? i'm getting pretty close, but the tests seem to be pegging my cpu and not making any progress with 3.6 :)
<zxliu> ..well there's worse things to lose
<zxliu> although wadya know looks like desktop doesn't boot after install
<sarnold> zxliu: if all the files are local just read them off the filesystem; I've got a line like this in my apt.sources on my archive mirror: deb file:///srv/mirror/ubuntu/ xenial main restricted
<zxliu>  so it accepts file://
<zxliu> fine
<zxliu> great answer
<sarnold> yeah way better than running a web server just for apt for local use :)
<hehehe> :))
<zxliu> sarnold not way better but the right start
<hehehe> sarnold: any idea what is my mistake
<hehehe> :)
<zxliu> so the servers in the VM need to access it o er http
<nacc> 'servers in the VM'?
<zxliu> overheating again , possibly why it didn't boot
<sarnold> hehehe: sorry, no, I'm not very familiar with php
<hehehe> if all files owned by root can www data user who owns php fpm sock send them via nginx? based on same group ownership
<zxliu> a laptop with a couple about as powerful as towers with radiators
<sarnold> hehehe: the error you pasted was "no such file or directory" -- no amount of permissions fiddling will fix that :) figure out why the file isn't there: is fastcgi looking in the wrong place? looking for the wrong thing? etc
<hehehe> file is there
<hehehe> nginx root dir is correct
<sarnold> hrm maybe that means the socket doesn't exist?
<hehehe> socket exist
<hehehe> it was all working 100% but with new more secure conf  yet to work
<hehehe> maybe problem is - socket is owned by www-data and files by root? although they are in same group
<zxliu> why not play?
<hehehe> zxliu: what do u want to do? :)
<zxliu> have some private property
<hehehe> ...
<mwhudson> nacc: no idea sorry
<zxliu> maybe a fingernail clipping that the public can't touch
<nacc> mwhudson: np, just figured i'd ping to see :)
<mwhudson> nacc: i had to backport a patch for kombu to get the tests to pass
<nacc> zxliu: at this point, you're spamming the channel, please stop
<hehehe> getent group www-data - www-data:x:33:root
<hehehe> root is da group
<mwhudson> so it might be worth checking celery upstream too?
<nacc> mwhudson: ack, will look on celery's github. They say it's supposedly working, but possibly only on master.
<zxliu> a crescent fingernail clipping and then from there security can expand possibly too a wife
<hehehe> sarnold: all I did - I changed file owner to root
<hehehe> I will change it back to www data and see whats up
<mwhudson> nacc: https://github.com/celery/celery/issues/4000 <- implies it works, i guess you've seen that too?
<zxliu> celery is down
<nacc> mwhudson: yeah that's where i started, not much progress from that :)
<zxliu> where are youns that you think your working on my hardware which is disassembled
<zxliu> the only thing up is an overheating laptop
<hehehe> sarnold: now it does not give cant open index.php error just 403
<hehehe> sarnold: could it be that open cart code does not make it easy to make it work with most secure settings?
<sarnold> hehehe: it's possible, most shopping carts are terrible rubbish
<sarnold> hehehe: but I'd hope you could make this work
<zxliu> I put some foam earplugs in a plastic tube and sealed it with wax. sure enough home was raided and the earplugs touched
<hehehe> sarnold: where do u think potential issue would b?
<hehehe> I think I just have to identify area of conflict and fix it
<sarnold> hehehe: i'm not sure. when it doubt follow the log files ..
<zxliu> When angels deserve to diiiiiiiiiiiiiiiiiiiiie
<zxliu> born of electeicity
<zxliu> while I born in the flesh
<zxliu> when angels deserve to diiiiiiiiiiiiiiiiiiiiie
<zxliu> the virtual machine can bridge me into the ram
<nacc> zxliu: please stop.
<zxliu> where the egos of angels go
<zxliu> what do you want to do lay my brain down on an arctic icecap
<zxliu> talk about health problems
<zxliu> this little CPU overheats
<zxliu> and your running ram frogs that say "werk" "werk"
<zxliu> while the entire GOD damned town takes turns on every aspect of your soul
<zxliu> not foresaken but earned
<zxliu> of course in the end foresaken is seen that way
<zxliu> how bout a fingernail clipping?
<zxliu> can me own a fingernail clipping
<zxliu> or da police come and strip all posessions
<zxliu> hold the door open for the town to continue to pilliage almost the lowest class home on earth
<zxliu> waiting for the CPU to cool down
<randymarsh9> hello
<zxliu> hello randymarsh9 can you go pay exorbitant prices for some fake plant food gmo and bring it over for tricking the body into thinking itbis not hungry
<zxliu> while DNA degenerates
<hehehe> hi
<zxliu> light purple need kidney beans
<zxliu> "red"
<compdoc> zxliu, just say NO! to drugs plz. tyvm
<zxliu> if it were that easy
<zxliu> haven't you seen the population dropping dead from illicit drugs?
<zxliu> growing and hunting food requires a community and I don't mean of drug users
<nacc> genii: thanks
<sarnold> genii: <3
<genii> np
<genii> @comment 77064 Spam
<ubottu> Comment added.
<hehehe> sarnold: I think biggest mistake listen to someone advice and implementing it asap
<hehehe> as then stuff just hangs in da air half way :D
<sarnold> hehehe: aye that can be an issue. in the end we're all responsible for our own systems.. it's on us to know as much as we need to run the systems..
<hehehe> ys
<hehehe> I say main reason many people dont code  other people dont have time desire to explain
<hehehe> if say 99% of people were to become good at coding we need social coding clubs offlines enmasse
<hehehe> but that will bring existing people salaries to the ground
<hehehe> :)
<hehehe> so maybe thats also a demotivator for soe
<hehehe> some
<hehehe> and security can be never ending hole
<hehehe> lol
<sarnold> the better developers will always have more opportunities and more interesting problems to solve; doubled incentives to keep progressing onwards and upwards :)
<hehehe> dude most coders are $$%^& and some are cool :D
<hehehe> I do agree with you
<hehehe> its better to share what you know
<hehehe> so all can progress and you will also enjoy more
<nacc> mwhudson: found it, buried in a semi-unrelated AWS change :)
<mwhudson> nacc: haha
<nacc> top-level commit message: "AWS DynamoDB result backend (#3736)"
<nacc> relevant line: "* Fix endless loop in logger_isa (Python 3.6)"
<mwhudson> nice
<hehehe> is it a security risk if file own by a root?
<hehehe> I dont think so
<hehehe> like web app files owned by root
<dpb1> everything is owned by root anyway
<dpb1> i.e., root can chown root:root on any file
<dpb1> having a file user permission as root is just saying that it's a "default" owner, or a system file.  something like that.
<tarpman> the downside is that only root can modify files owned by root. that means your process deploying/updating those files, or any process that needs to write to them, has to run as root, which _could_ be a massive security hole if the code isn't extremely trustworthy
<tarpman> for files deployed from a deb package, owned and updated by the package manager, never written to by anything else - root ownership makes sense
<tarpman> for web app files deployed by an automated script or something, I'd prefer a non-root deploy user that the script can run under
<nacc> jamespage: re: celery, upstream (4.0+) has removed celeryd, celerybeat, celeryd-multi. Does it make sense for our package to still be called celeryd? Or should we switch to  binpkg called 'celery'?
<hehehe> :)
<hehehe> true
<hehehe> dpb1: do u know nginx and php?
<hehehe> I seems to be experiencing some simple issue but yet to nail it
<hehehe> :D
<nacc> hehehe: teward is not around, but maintains nginx in ubuntu -- i'd just wait til he's around for help, he's quite fast to fix/explain :)
<hehehe> hehe o well I may as well read a bit
<hehehe> nacc: is there some cool video that explains all nginx and php fpm?
<nacc> hehehe: i'm not sure
<hehehe> so far I understood - when visitor comes to site 1) nginx serves html 2) php-fpm serves php via nginx
<hehehe> right?
<hehehe> just to understand entire server mechanics
<nacc> jamespage: finally, do you have testcases or otherwise that would help verify/vet my changes to celery are good? beyond the upstream test suite itself
<hehehe> https://serversforhackers.com/video/php-fpm-configuration-the-listen-directive
<hehehe> this one is pretty good for php :D
<nacc> jamespage: woot, celery 4.0.2 built :)
<hehehe> what is celery!!!
<hehehe> "
<sarnold> hehehe: http://www.celeryproject.org/
<nacc> sarnold: thanks :)
<nacc> hehehe: i'm just trying to unblock the new openstack in 17.10
<sarnold> I just hope there's no follow-up questions :) "uh distributed job runner hey lookit the time!"
<sarnold> nacc: sheesh good luck
<nacc> mwhudson: jamespage: i've added my debdiffs to the bug, i would like to spend some time testing it in practice, but both build and pass their tests
<sarnold> nacc: every round another two dozen dependencies
<hehehe> follow up questions are good
<nacc> where both = celery + billiard
<hehehe> to archieve 100% clarity
<nacc> sarnold: yeah, I'm just helping with this bit :)
<hehehe> sarnold: dont  love it when all is crystal clear
<hehehe> mmmm
<nacc> sarnold: kombu needs a newer celery, which pulls in some new upstream versions of deps
<hehehe> dont you )
<sarnold> nacc: do I want to know what kombu is? :)
<hehehe> nacc:  I have tried open stack a bit heat and ceilometer
<hehehe> but I dont know how to scale apps with it yet
<nacc> sarnold: nah, and tbh, i barely do, but i know how to deal with uscan/uupdate and package interdeps/rebuilds/etc
<sarnold> nacc: :)
<hehehe> sarnold: lol php bitch wants to load index html for some reason
<hehehe> I triple checked all configs
<hehehe> nowhere its said to load html :D
<hehehe> check this out https://www.dynatrace.com/blog/proper-configuration-running-php-nginx/
#ubuntu-server 2017-06-13
<hehehe> so nice
<hehehe> crystal clear text
<hehehe> everything is logical minimal effective
<sarnold> hehehe: you shouldn't use tcp sockets; that again allows all processes on the local machine to run arbitrary php in the context of the FPM process
<hehehe> i use file socket
<sarnold> good keep it that way :D
<hehehe> sarnold:   but where is mistake solution! :D
<hehehe> haha
<hehehe> and why would tcp sockets allow any proccess to run arb php?
<hehehe> is there a datagram for it?
<hehehe> to visualise
<sarnold> there's no access controls on tcp sockets
<sarnold> unix domain sockets do have access controls
<hehehe> ok such as file permissions
<sarnold> so if you wanted to constrain access to the tcp sockets you'd need to add that yourself via iptables
<hehehe> so user is www:data and nginx user is www:data
<hehehe> but say if someone hijack local process via bug
<hehehe> can you explain more
<hehehe> what happens then?
<hehehe> https://dt-cdn.net/wp-content/uploads/2014/10/FirstFastCGIrequest.png
<hehehe> niceee
<sarnold> if a local process is hijacked then the hijacker can perform all operations that the process is allowed to do: read/write to open file descriptors, filesystem access, all syscalls with capabilities of the process, etc..
<sarnold> and if that allows connect(localhost, 9000) kinds of operations, then it can send essentuially arbitrary php to the fpm system
<hehehe> emm
<hehehe> what kind of local process can do all that
<hehehe> its kinda tricky to hijack such process
<hehehe> ll /run/php/ | grep php
<hehehe> -rw-r--r--  1 root     root       5 Jun 13 01:40 php7.0-fpm.pid
<hehehe> maybe socket died?
<hehehe> sarnold: issue seems mostly with that dude idea to give file ownership to root:www-data
<hehehe> it then tries to serve html
<hehehe> which indicates it cant communicate with php
<hehehe> or lets say nginx www:data sends request to php fpm and then on  a way back something happen
<mwhudson> coreycb: seeing as you Touched It Last: https://launchpad.net/ubuntu/+source/python-pika-pool/0.1.3-1ubuntu2
<jamespage> nacc: thanks for your work on this - much appreciated
<jamespage> nacc: I'd go with the upstream test suites; the earlier this gets landed into artful, the more general testing it will get
<patsToms> can I concat two repositories when using debmirror to make local mirror?
<Aison> is there cacti  1.1.10 available for ubuntu xenial?
<frickler> jamespage: do you have a PPA with horizon 10.0.4 somewhere (uca newton)? I tried building locally, but seeing issues with the compress jobs when installing
<jamespage> frickler: lemme see - I think I deleted my testing ppa once I uploaded for SRU team review
<jamespage> hmm yeah I did tidy that one up
<jamespage> frickler: I can shove it somewhere for you if you need it
<jamespage> frickler: ppa:james-page/newton
<jamespage> frickler: its a trickier one to build from source due to the multiple orig tarballs thingmy
<frickler> jamespage: yeah, I know, its the only package I'm needing sbuild for, but the result still doesn't work for me
<hehehe> hello server gangsters
<hehehe> :)
<coreycb> mwhudson: +1 thanks for letting me know
<hehehe> I implemented htst
<hehehe> HSTS
<hehehe> however nginx also allows to use  return 301 https://www $request_uri;
<hehehe> to sent all requests to https
<hehehe> so whats the advantage of hsts in such case?
<hehehe> hi zhhuabj  :)
<lordievader> hehehe: The advantage is that clients ask themselves for https, instead of the server telling them they should go there.
<hehehe> lordievader:  hmm the dude who helped me with nginx told me to use both?
<hehehe> does it make sense?
<hehehe> *told me to use both
<lordievader> hehehe: If you have a man-in-the-middle pretending to be your website, hsts helps, your approach does not help in that case.
<lordievader> Yes, it makes sense to use both.
<hehehe> ok I see - first request is http and then it goes to https unless strict http reject all http right?
<hehehe> and also what are OWASP Secure Headers Project for? :)
<lordievader> How it goes in this scenario, a browser reaches your website, the server tells the client to go to https. Then hsts tells the browser to only reach this website over https in the future.
<hehehe> oki
<hehehe> so if they using site for first time max security comes when site is on distributed preload list
<hehehe> lordievader: any drawbacks with using hsts?
<hehehe> potential issues? :D
<lordievader> You have to make sure your https works. If it is broken you cannot simply switch back to http.
<lordievader> Ssllabs has some nice tests for this sort of stuff.
<lordievader> https://www.ssllabs.com/
<hehehe> cool
<hehehe> yes https works here
<hehehe> I read some nginx howto and its like blank for me :D
<hehehe> even after re reading
<jamespage> frickler: did you see
<jamespage> CommandError: An error occurred during rendering /usr/share/openstack-dashboard/openstack_dashboard/templates/horizon/_scripts.html: '\"../bower_components/respond/dest/respond.min.js\"' isn't accessible via COMPRESS_URL ('/horizon/static/') and can't be compressed
<hehehe> $fastcgi_script_name
<hehehe>     This variable is equal to the URI request or, if if the URI concludes with a forward slash, then the URI request plus the name of the index file given by fastcgi_index - makes sense but what is user wont use concluding slash?
<hehehe> then site wont server say index.php?
<hehehe> *serve
<frickler> jamespage: exactly
<frickler> while upgrading from 10.0.3 or on a fresh install with 10.0.4 directly
<lordievader> hehehe: I don't understand the question.
<hehehe> ok
<hehehe> lordievader: if u read info I pasted it seems fastscgi parama fastcgi_script_name servers  index file in a dir only if directory is /dir/ and not /dir?
<hehehe> *serves
<lordievader> It does read that way, yes.
<jamespage> frickler: looking now but I suspect its some sort of transient dep issue with the way the xstatic bundle is created
<hehehe> lordievader: but that is an issue as many people will type www.xexy.com and not www.xexy.com/
<hehehe> how to solve it? :)
<lordievader> hehehe: Have you verified if this is actually the case? Wouldn't be surprised if the wording is just a tad confusing and no problem actually occuring.
<hehehe> lordievader: well somehow it works without closing / but then its kinda contradicts wording
<lordievader> hehehe: Submit a patch ;)
<hehehe> also I discovered why I failed to generate lets encrypt cert before on 1 box
<hehehe> I had ngix  setting to dissallow access to all . files
<hehehe> :D
<hehehe> location ~ /\. {
<hehehe> deny all;
<hehehe> and I did not add location ~ /\.well-known\/acme-challenge {
<hehehe> allow all;
<hehehe> }
<hehehe> :)))
<jamespage> frickler: building a revised version in ppa:james-page/newton2
<frickler> jamespage: so you did see that error with your package, too? that would imply that my building foo isn't quite as bad as I'm thinking ;)
<jamespage> frickler: I did
<jamespage> frickler: the refresh-xstatic helper does not limit upper bounds when creating the xstatic tarball.
<jamespage> frickler: so I suspect something broke in the xstatic depends versions/deps
<Aison> why are my lvm volumes not activated after reboot? this is new here since systemd
<Aison> i'm not sure how to do it right
<Aison> is there some special systemd service I have to enable to use lvm2?
<ronator> Aison: did you upgrade?
<Aison> ronator, I just try to upgrade
<ronator> usually, an upgrade should convert start scripts to systemd - let me check here ...
<ronator> Aison: this won't really help but you are not alone: https://serverfault.com/questions/199185/logical-volumes-are-inactive-at-boot-time#200580
<jamespage> frickler: the one in newton2 works OK - I basically copied forward the 10.0.3 orig-static.tar.gz
<jamespage> 10.0.4-0ubuntu1 was rejected from the UNAPPROVED queue - will upload with the older renamed tarball to avoid the break
<jamespage> frickler: need to update the refresh process to use upper-constraints
<ronator> Aison: Do you have a "lvm2-monitor.service" anywhere on your system?  I have on ubuntu server 16.04.2 these in /lib/systemd/system: lvm2-lvmetad.service,  lvm2-lvmetad.socket,  lvm2-lvmpolld.service, lvm2-lvmpolld.socket, lvm2-monitor.service, lvm2-pvscan@.service, lvm2.service
<ronator> Aison: if you dont, this could be a reason but I do not know your whole system history :D
<ronator> Aison: maybe look also for help in chan #systemd?
<frickler> jamespage: cool, thx
<Aison> ronator, just checking...
<Aison> ronator, lvm2-monitor.service was already enabled
<frickler> jamespage: confirmed the newton2 build works fine for me, thx again
<ronator> "systemd-analyze" is a great command, maybe read about it and see if you can find the problem ?!?
<ronator> @ Aison
<Aison> maybe the problem is, that /var is on lvm device?
<ronator> well, if thats the case, there should be logs about it, like in "dmesg" or syslog
<ronator> is the system booting fast?
<ronator> considerable?
<ronator> 'systemd-analyze blame' can show you where systemd spends most time on while booting; may be of help ...
<Aison> ronator, no, it hangs at mounting the lvm devices for 90seconds
<Aison> then I can enter the admin password
<Aison> ronator, in #systemd they tell me to mount /var in initrd
<Aison> how to do that with ubuntu?!? never changed my initrd
<ronator> I read it ...
<Aison> I thought in initrd it is also done by systemd
<ronator> I am not sure how he/she meant it, that's why I kept silent to see if I can also learn sth. :D
<ronator> Aison: let's see if he gives an example. should be possible to apply that to ubuntu similiarly
<fallentree> initrd is required only to host tools required to mount root. why would you want to mount var in it?
<macskay> hi guys, im investigating an issue on my server. i have dovecot service running and it kept telling me that a user i created tries to connect every minute at around the same second-value. i therefore did a "netstat -nputw | grep :25" which shows me a TIME_WAIT: "tcp        0      0 127.0.0.1:49190         127.0.0.1:25            TIME_WAIT   -" is there a way to determine what process belonged to 49190 prior to the
<macskay> time_WAIT
<Aison> I also think my ssd is broken....
<ronator> fallentree: that was a suggestion from #systemd due to not mounted /var LVM device after reboot
<ronator> Aison: you should check thta first :)
<hehehe> hehe
<fallentree> it's a stupid suggestion (and no wonder it comes from systemd).
<fallentree> macskay: probably not, btw dovecot has nothing to do with port 25
<hehehe> hi fallentree  :)
<hehehe> fallentree:  I nearly made your suggestion work, but something is yet to work :) I think it may work soon
<hehehe> fallentree: if I add root to www-data group I also need to change socket ownership right?
<hehehe> or not
<hehehe> nah
<hehehe> I am just figuring out why its yet to work
<fallentree> why would you add root to www-data group?
<fallentree> root is omnipotent you don't need to add it to a group
<hehehe> fallentree: whats what u said yesterday
<hehehe> I was also wondering wtf is that
<hehehe> :D
<fallentree> I never said add root to www-data
<fallentree> I may have said you chown root:www-data <dirs>/<files>, so that 750 on dirs and 640 on files can work, assuming nignx runs as www-data.
<hehehe>  the better setup is where the files are owned by root, in group www-data
<fallentree> I also may've said if you needed sftp access, you add nginx user and php-fpm user into the sftp user's group
<hehehe> yes I misunderstood
<hehehe> anyway I done chown
<hehehe> and
<hehehe> https://paste.ngx.cc/9d
<fallentree> hehehe: so, is EVERY component in the path /home/op/gd.com/*   readable to the nginx user?
<hehehe> component means file?
<fallentree> every element of the path
<fallentree> home, op, gd.com, anything under gd.com
<hehehe> hmm
<hehehe> I dont know
<hehehe> since  after chown root:www-data www-data dont own da files
<hehehe> according to new permissions it would have to be a group member
<hehehe> :)
<hehehe> going to add it to a group
<fallentree> right, and that's why g+r is required so g (in this case www-data, for root:www-data owned paths)
<fallentree> adding WHAT to WHICH group?
<hehehe>  g +r means?
<fallentree> readable to group
<fallentree> (check chown manpage)
<hehehe> ok 1 moment
<fallentree> btw is "op" is some user and /home/op is its home dir, then you have a problem there
<fallentree> first, having root:www-data owned files in op's home makes zero sense
<hehehe> its not a user
<hehehe> its a simple directory
<fallentree> so what's inside /home/op except gd.com ?
<hehehe> nothing
<hehehe> just gd.com
<hehehe> in fact I will double check now
<hehehe> yes thats it
<fallentree> right, so, chmod 755 /home,    chmod 755 /home/op,     chown -R root:www-data /home/op/gd.com
<fallentree> and use whatever method you're comfortable with to set dirs to 750 and files to 640, under (and including) /home/op/gd.com
<fallentree> like,    find /home/op/gd.com/ -type f -exec chmod 640 {} \;
<hehehe> yes I done find stuff
<fallentree> and find /home/op/gd.com/ -type d -exec chmod 750 {} \;
<hehehe> however chmod 755 /home  why?
<hehehe> there may be other users stuff, its  not  a problem?
<fallentree> because it'd default directory for user accounts and in itself should be accessible to all users
<hehehe> oki
<fallentree> *it's
<fallentree>  /home should be world accessible, but individual paths in home, assuming user home dirs, should not
<fallentree> but since you said op is not a user... well... you're going against standards. better put root owned sites under /var/www
<hehehe> yes later I can do that
<hehehe> my friend said if I put in home it can fool some crackers
<hehehe> making it harder to hack lol
<fallentree> that's stupid
<hehehe> yes by now it seems stupid
<hehehe> ok nearly there
<hehehe> chown -R root:www-data /home/op/gd.com - this command permits what?
<hehehe> it simply changes ownership
<hehehe> ok
<fallentree> it recursively sets ownership to root:www-data to all files and folders under (and including) gd.com
<fallentree> check the manpage
<fallentree> `man chpown`
<fallentree> the manuals are you best friends.
<hehehe> ok so only thing I did not do before was to set 755 to op dir
<hehehe> I set is to 750
<hehehe> that caused issue right?
<fallentree> depends on who owned it
<hehehe> it was owned by root:www-data
<fallentree> that's accessible to www-data group
<hehehe> fallentree: that is clear, but how nginx www-data user is accessing it? he is member of www-data group by default?
<hehehe> I am getting some hackers guide to servers soon :D
<hehehe> also system/storage/modification/ is not writable. open cart want some directories writeable but by whom?
<hehehe> group?
<fallentree> use `id www-data` to check that.   `man id` for more info on the command.
<hehehe> so simple
<hehehe> awesome
<hehehe> :)
<hehehe> fallentree: also for extra security set config.php to 440?
<hehehe> or no need since if root is hacked it wont do anything anyway
<hehehe> :)
<hehehe> so 640 is as secure
<Ussat> if root is hacked, all bets are off
<hehehe> ye
<hehehe> dirs that app want to be writeable have to be set to 770?
<hehehe> read write execute
<fallentree> it's another layer of security.
<hehehe> fallentree: what is?
<fallentree> chmod 440 instead 640
<fallentree> that is, u-w
<hehehe> fallentree: what makes it extra layer?
<fallentree> that root can't write it without chmodding it first
<fallentree> there are classes of RCE which can try append/modify a file or mmap, but can't execute a chmod
<hehehe> RCE?
<fallentree> so every protection counts, every little detail is important. if you can 440, then do it.
<fallentree> Remote code Execution
<hehehe> yes I can do it
<hehehe> fallentree: also open cart wants some dirs writeable by group is that normal safe practise?
<hehehe> I think yes its for cache and images etc
<fallentree> sure, file uploads for example
<fallentree> yeah cache and other stuff generated by php
<fallentree> but those paths are most frequently abused to upload and execute PHP code
<hehehe> well what can be done to null such attemps?
<fallentree> best thing would be to be extra sure that the web server won't call the PHP handler from those paths
<hehehe> that can be done in php config file right?
<fallentree> no, in nginx
<hehehe> do you know how to do it?
<fallentree> it depends on the directory structure and many other factors
<fallentree> I have no idea what opencart has
<hehehe> cool
<hehehe> I am also installing metasploiter
<hehehe> to check site for common holes
<hehehe> if any
<fallentree> nice. I have to go now, bbl
<hehehe> cool
<hehehe> overall folks its better to hire sysadmin from same country and log all stuff on server?
<hehehe> cause some hire remote sysadmins from say bangladesh - if there is arguments etc he can simply screw server
<hehehe> cause who is going to go there to locate him etc :D
<nacc> jamespage: ack, i'll just check the manpages and stuff and then uplod today, probably
<ChmEarl> any advice to upgrade to pbuilder 0.228.7 on Xenial?
<ChmEarl> maybe, backport from Zesty?
<smoser> nacc, ping.
<smoser> http://people.canonical.com/~ubuntu-archive/proposed-migration/update_excuses.html
<smoser> can you explain to me why open-iscsi would be stuck in proposed ?
<nacc> smoser: pong
<smoser> oh... no -udebs. hmmm.
<smoser> libisns0 is avialable
<smoser> at needed version, but no -udeb i guess ?
<nacc> smoser: there's a MIR filed
<nacc> smoser: it's c-m
<nacc> smoser: LP: #1689963
<ubottu> Launchpad bug 1689963 in open-isns (Ubuntu) "[MIR] open-isns" [Undecided,New] https://launchpad.net/bugs/1689963
<smoser> nacc, thanks.
<nacc> smoser: np
<jamespage> nacc: great thankyou!
<nacc> jamespage: np
<hehehe> seems nice
<hehehe> who here used it?
<hehehe> https://book.serversforhackers.com/ :)
<ChmEarl> pbuilder backport for Xenial: https://paste.debian.net/plain/971347
<nacc> ChmEarl: wrong channel? ...
<zerocool443> hi
<nacc> jamespage: the biggest thing from the updated celery that will probably get hit is that many of the commands (celeryd, celerybeat, celeryd-multi) are gone. REplaced by `celery` subcommands (worker, beat and multi respectively) -- not sure if that matters for openstack itself or not
<The_Tick> I'm trying to figure out how in the world to change both the hostname and fqdn on my ubuntu server box
<The_Tick> I'm using 14.04.5 LTS, /etc/hosts modification doesn't seem to do a thing, hostnamectl set-hostname doesn't seem to have a way to set the fqdn
<The_Tick> I'm finding a lot of random on google but nothing else, any help is appreciated
<nacc> The_Tick: /etc/hosts is used for name resolution, not setting the hostname. (see `man hosts`)
<nacc> The_Tick: `hostnamectl` (I thought) is a systemd thing
<dpb1> nacc: having your host wrong there is problematic though. (/etc/hosts)
<nacc> dpb1: absolutely
<nacc> dpb1: but changing values there won't change your hostname
<dpb1> +1
<nacc> The_Tick: the underlying file is /etc/hostname, iirc
<nacc> The_Tick: `man 1 hostname` may help
<The_Tick> oof just got it
<The_Tick> hostnamectl and /etc/cloud/templates/hosts.debian.tmpl
<Aison> i'm still stuck at initramfs that should activate lvm volumes
<Aison> I dont get it ;(
<Aison> since zesty, no lvm is activated on my machine
<Aison> I always have to do it manually
<Aison> is that a problem of my lvm.conf or initramfs?
<nacc> Aison: when you get dropped the shell, are you able to debug why it failed?
<nacc> e.g., systemctl status lvm2 or whatever
<Aison> lvm2.service is masked
<Aison> ;)
<ChmEarl> Aison, check for a hook: /usr/share/initramfs-tools/hooks/LVM
<nacc> Aison: and how do you activate it?
<jamespage> nacc: celery is not actually used by openstack; they just share a common dependency in kombu and one blocks the other with proposed migrations
<Aison> lvchange -ay alv0
<nacc> jamespage: ah ok
<Aison> this way all logical volumes of logical group alv0 are activated
<db`> Hi nPeople!
<db`> How do I verify DMARC record for a subdomain?
<db`> It always fails when I mail from a subdomain. SPF passes, since I added the IP to SPF record already.
<db`> I also added a dmarc record for the subdomain, still it fails.
<nacc> jamespage: just getting the autopkgtests to pass and i should be able to upload
<IShavedForThis_> I can't seem to get my vpn tunneled transmission to work anymore and I'm not sure what broke it, could anybody help?
<IShavedForThis_> https://www.htpcguides.com/force-torrent-traffic-vpn-split-tunnel-debian-8-ubuntu-16-04/
<IShavedForThis_> that was the guide I used and it worked for a few months up until about last week
<Aison> when I use auto_activation_volume_list = [ "alv0" ]
<Aison> then the it is auto activated
<Aison> (though an empty auto_activation_volume_list should auto activate all volumes...)
<Aison> but mounting still doesn't work, since the activation is too late ;)
<ChmEarl> Aison, sudo udevadm info --name=<PV> | grep SYSTEMD_WANTS  <-- I think this ENV var is missing on Zesty
<ChmEarl> ^^ same thing on Stretch
<Aison> ChmEarl, systemd_wants is not defined
<ChmEarl> this is an old bug filed in Sid 2 years ago
<ChmEarl> the lvm2-pvscan@.service is broken as a result
<Aison> an is there a workaround?
<ChmEarl> yes, you copy the 69*rules to /etc/udev/rules.d/69-lvm-metad.rules and patch it
<ahasenack> nacc: hi, question
<ahasenack> nacc: if https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1668940 is sru'ed, it will introduce a libcephs1 dependency into samba-vfs-modules. That's generally frowned upon?
<ubottu> Launchpad bug 1668940 in samba (Ubuntu Yakkety) "[FFe] samba-vfs-modules misses ceph vfs module" [Undecided,New]
<ahasenack> it's a new feature per se. The "bug" is that we included the manpage of the ceph module, just not the module itself. Another way to fix it would be to remove the manpage ;)
<Aison> ChmEarl, where do I get these files?
<Aison> and the patch? :P
<ChmEarl> Aison basic idea is to add in the 3 ENV vars: https://paste.debian.net/plain/971356
<ChmEarl> Aison that patch is quite old so the context might be changed
<Aison> ok
<ChmEarl> Aison test with:  sudo udevadm info --name=<PV> | grep SYSTEMD_WANTS
<ChmEarl> PV is the physical volume with your VG's
<Aison> yes, I already tested
<Aison> there is only SYSTEMD_READY=1
<ChmEarl> Aison,  the patch is invisible
<ChmEarl> patch it, test again
<ChmEarl> find the 69*rules under /usr/lib, copy it to /etc/udev*, patch it
<ChmEarl> Aison I did this in Stretch & Zesty
<ChmEarl> Aison, original bug was found by M Biebl in #debian-systemd on OFTC
<ChmEarl> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=791869#209
<ubottu> Debian bug 791869 in lvm2 "lvm2: updating src:lvm2 from 2.02.111-2.2 to 2.02.122-1 breaks booting, mounting LVs other than / fails" [Grave,Fixed]
<Aison> I guess I have to do update-initramfs -u ?
<Aison> bug report with some spam at the end
<ChmEarl> Aison, I hesitate to post that BTS since its 2 years ago
<Aison> hmm, still not working
<Aison> looks like this udev is simply ignored
<ChmEarl> Aison, lvmetad.socket  enabled,  lvm2-lvmpolld.socket    enabled,  lvm2-monitor enabled
<ChmEarl> ^^ only these are enabled
<Aison> well, I can't even see the env vars with udevadm info
<ChmEarl> Aison, if you add the major/minor for your PV here:  lvm2-pvscan@.service what happends
<ChmEarl> Aison, this patch fixed it for me in 2 very different contexts, so I think it should work
<Aison> lvmetad.socket and lvmpolld.socket is present
<Aison> when I type systemctl, is the order of the services the order they were executed?
<Aison> lvm2-monitor is also enabled
<Aison> ChmEarl, the funny thing is, as soon as I type lvchange -ay alv0, everything works is is mounted
<Aison> so strange...
<dpb1> nacc: ok, so where autopkgtest runs, what is the network like.  is there an http_proxy etc?
<Aison> ChmEarl, how do you mount the lvm then? by uuid?
<Aison> or by name?
<dpb1> nacc: I'm assuming it's fine for boto to have network-dependent tests.
<db`> If I'm wanting to copy all files/folders inside a directory to remote server using rsync, do I need to use option -r ?
<db`> I just see rsync -avz in tutorials.
<Aison> ChmEarl, and do you use auto_activation_volume_list in lvm.conf?
<dpb1> db`: read the manpage and look at -a: -a, --archive               archive mode; equals -rlptgoD (no -H,-A,-X)
<dpb1> db`: go look up what each of those flags means for -a, it's a fun read. :)
<db`> sure
<ChmEarl> Aison, all defaults
<Aison> ok
<Aison> one thing is very very strange. even when the volumes are activated and visible in /dev/mapper/
<Aison> they are not mounted by systemd
<db`> dpb1: so if I use rsync -avz, I hope the files in remote which are NOT present in localhost, will NOT get deleted.
<dpb1> db`: right, --delete is specifically not bundled in the '-a' option
<dpb1> for just that reason
<db`> but I would be using -e
<db`> it shows several 'deletes' in the man
<db`> I'm sorry if its a really noobish query.
<ChmEarl> Aison, lvm2-pvscan@.service can activate only as its sequenced by systemd
<ChmEarl> not mount
<dpb1> db`: it's ok, have to start somewhere.  not following you about several deletes in the man.
<Aison> ChmEarl, do you use .mount files? or fstab?
<ChmEarl> Aision I use the lvm2-pvscan@.service to sequence activation before Xen starts so my VM can start from LVM2
<Aison> but this service is executed automatically, I guess
<db`> dpb1:http://prntscr.com/fje9ag
<db`> hows that supposed to be read?
<dpb1> db`: the '--delete' options, you mean?
<db`> yes, if you see it says "-e,
<db`> and then all the delete types
<dpb1> db`: ah I see your confusion
<dpb1> db`: '-e, --rsh' are one entry
<dpb1> --rsync-path the next entry
<dpb1> basically, each line is separate.
<db`> oh
<dpb1> ya, confusing layout.
<db`> so what if I just use -e and not anything after that?
<dpb1> yup, -e will just change the remote shell to use, that's it
<db`> so -option would by default do the first ones, from the list?
<dpb1> db`: also the most important option to remember to append '-n'  -- that will do a dry-run and just print out what would be done.
<db`> sure.
<db`> thanks
<dpb1> ok
<db`> so I can start with rsync -nazv ?
<dpb1> db`: notice also the difference between --longoption and -avz
<dpb1> two dashes at the front means a long spelled out option, one dash is like specifying -a -v -z
<dpb1> just shorthand.
<db`> right, since -n is short for --dry-run, can I use rsync -navz .. ?
<dpb1> db`: that is a very sensible starting point, yes.
<dpb1> and correct on --dry-run being equal to -n
<db`> sure, thanks.
<dpb1> nacc: have you ever needed to modify the whitelist for squid.internal?
<nacc> dpb1: no :)
<nacc> dpb1: has the test ever succeeded?
<dpb1> so I'm guessing that's not it
<dpb1> from the output it looks like it's getting validish data back from AWS
<dpb1> lmc
<dpb1> nacc: ... how do I tell?
<dpb1> :)
<dpb1> yes
<dpb1> I think it did
<dpb1> marked 'regression' on the proposed migration page
<nacc> dpb1: http://autopkgtest.ubuntu.com/
<nacc> dpb1: heh: http://autopkgtest.ubuntu.com/packages/python-boto
<dpb1> nacc: so 'regression' is more like 'massive fail'
<nacc> dpb1: last succeed in ... 2015?
<dpb1> rbasak: it's actually the "unit" tests in python-boto that reach out to the network
 * dpb1 looks if there is a disable_network_tests env var or something
<rbasak> """In general, tests are also allowed to access the internet. As this
<rbasak> usually makes tests less reliable, this should be kept to a minimum; but
<rbasak> for many packages their main purpose is to interact with remote web
<rbasak> services and thus their testing should actually cover those too, to
<rbasak> ensure that the distribution package keeps working with their
<rbasak> corresponding web service."""
<rbasak> https://anonscm.debian.org/cgit/autopkgtest/autopkgtest.git/plain/doc/README.package-tests.rst
<dpb1> that seems to fit python-boto
<dpb1> :)
<rbasak> Yeah.
<rbasak> I guess that's the official answer.
<dpb1> ok thx
<nacc> and it looks like, at least, the version that passed on xenial at some point, did get out to the network
<dpb1> I'll keep digging on it then.  they seem reliable enough run locally
<dpb1> nacc: 'nother quick q: since this might require some inline debugging, how do I trigger a hand-rolled test *in that environment*
<dpb1> nacc: or can I *gasp* get access to the host with an interactive shell?
<ahasenack> this debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820965
<ubottu> Debian bug 820965 in samba-common-bin "[regression]: net usersidlist: Could not malloc sid array Could not get the user/sid list" [Serious,Fixed]
<ahasenack> mentions that the fix is in http://git.debian.org/?p=pkg-samba/samba.git;a=commitdiff;h=d29a694
<ahasenack> but that is a 404 essentially
<ahasenack> even with the full hash
<ahasenack> I also cloned it with git, and can't find references to the bug in debian/changelog, git grep, or git log
<ahasenack> it's not the first time I've seen this. Any clue what is going on?
<nacc> dpb1: i think this is where jgrimm got stuck :)
<nacc> ahasenack: looks like buggy botting, or something, but it's this version, right? https://anonscm.debian.org/cgit/pkg-samba/samba.git/commit/?h=debian/4.2.14%2bdfsg-0%2bdeb8u1&id=2bbf380759b4a03b86ca3b26c8375024924dc2c7
<ahasenack> nacc: I think so, how can I find the code change based on that?
<nacc> ahasenack: ideally you can deduce it from: https://anonscm.debian.org/cgit/pkg-samba/samba.git/log/?h=debian/4.2.14%2bdfsg-0%2bdeb8u1
<nacc> ahasenack: but the 'fix' was grabbing a new upstream
<ahasenack> I was expecting the "log msg" search by bug number to find it
<nacc> ahasenack: only if they committed it with such a log message :)
<ahasenack> since the diff in the bug shows the changelog change
<nacc> ahasenack: the d/changelong entry is from: https://anonscm.debian.org/cgit/pkg-samba/samba.git/commit/?h=debian/4.2.14%2bdfsg-0%2bdeb8u1&id=d4092f0849e2ec1c92214da90d052c7947913d19
<ahasenack> correct
<ahasenack> and "UNRELEASED" at that time
<nacc> ahasenack: and since the *git* log doesn't contain any bug #s, it won't show up in the 'log msg' search
<nacc> afaict
<ahasenack> powersj: I need some context about http://iso.qa.ubuntu.com/qatracker/milestones/359/builds/117343/testcases/1409/results, can you help a bit?
<powersj> looking
<ahasenack> powersj: that's a manual test case, right?
<ahasenack> that someone once upon a time decided to run?
<powersj> ahasenack: these are manual tests cases placed on the ISO tracker that we ask people to run when we publish alpha/beta/release ISOs
<powersj> we (server team) run those tests in an automated fashion as well
<ahasenack> powersj: where can I find the last time someone ran it?
<ahasenack> and, the last automated run for that particular one?
<powersj> ahasenack: so that looks like that failure was reported on Xenial final initial release ISO
<powersj> the "latest" by my definition would be on the Xenial .2 point release (16.04.2)
<ahasenack> I'm thinking maybe the installer does something extra, because I can't see how that test would work by just installing the sambe and winbind packages
<powersj> so I would look at http://iso.qa.ubuntu.com/qatracker/milestones/372/builds/142896/testcases/1409/results which you will see a response from me responding
<ahasenack> powersj: was that you going over it manually, or one of the automated runs?
<powersj> automated
<powersj> At Software selection, choose "Samba server"
<powersj> that is choosing the tasksel for samba server
<ahasenack> where can I see the output of that run?
<dpb1> nacc: btw, any response on my questions? (more rapid debugging, etc)
<nacc> dpb1: sorry, i meant that jgrimm was looking into that becuase I don't know :)
<nacc> dpb1: i don't believe you can login to the runners, but presumably it's reproducible somewhere
<powersj> ahasenack: if you are on the VPN you can see all the test runs for ISOs here: https://platform-qa-jenkins.ubuntu.com/view/server/
<powersj> for the purpose of showing the results I've pastebin that run's syslog here (5MB):
<dpb1> nacc: and to 'retry' this with debugging?
<dpb1> nacc: can I commit somewhere and it just picks it up?  can I schedule adhoc jobs?
<ahasenack> powersj: checking
<nacc> dpb1: i'm not sure if i follow -- the autopkgtest is following what's in the archive. So if you want to retry it there, you'd need to upload a new version. But uploads aren't typically used for debugging :)
<powersj> ahasenack:  https://paste.ubuntu.com/24851571/
<powersj> that's a big paste
<powersj> that's the installer output
<nacc> dpb1: I'd probably start with asking the release folks how best to reproduce that env (slangasek, infinity)
<ahasenack> better there than here :)
<dpb1> nacc: But uploads aren't typically used for debugging -- yes, this is what I was assuming. :)
<nacc> dpb1: that's also why we haven't made much (any) progress on it
<dpb1> done that already
<dpb1> ok
<dpb1> email time
<powersj> ahasenack: https://paste.ubuntu.com/24851587/ that's the yaml of the test cases result
<powersj> which says "    /bin/sh: 1: tsetup/setup.sh: Permission denied" *sigh*
<ahasenack> powersj: I'm trying to find in the output where "net usersidlist" is run, according to the test case
<ahasenack> hm, it didn't run then?
 * ahasenack branches lp:ubuntu-test-cases/server/testsuites/samba-server/
<ahasenack> ops, enoperm
<hehehe> :)))
<hehehe> what is sticky bit?
<hehehe> if you have write + execute permissions on a directory, you can {delete,rename} items living within even if you don't have write perimission on those items. (use sticky bit to prevent this)
<ahasenack> hehehe: /tmp is an example of a directory that has the sticky bit set
<ahasenack> hehehe: everybody can write to it, but only the owner (and root) of a file/directory can remove it from inside /tmp
<powersj> well now I get to find out when this test stopped working and why it isn't marked as failed :\
<hehehe> ahasenack: and how do you set sticky bit
<ahasenack> hehehe: with chmod(1)
<ahasenack> hehehe: chmod +t <directory> sets it, for example (there is also an octal syntax)
<hehehe> cool
<hehehe> and I also noticed while I use say chmod 755
<hehehe> there is sometimes 0 before?
<hehehe> 0755
<hehehe> so whats that very first digit for?
<ahasenack> that indicates it's a number in the octal base (base 8)
<hehehe> cool
<ahasenack> like when you see 0x0A meaning hexadecimal
<ahasenack> the 0x precis means hexadecimal
<hehehe> but it makes no difference if I use chmod 755 or 0755?
<hehehe> or it does?
<nacc> ahasenack: are you sure? I thought leading 0 just means no sticky, setuid or setgid?
<ahasenack> right, it's a relaxed rule for chmod
<nacc> ahasenack: ah ok
<ahasenack> "Omitted  digits  are  assumed  to  be  leading
<ahasenack>        zeros"
<nacc> ahasenack: right, and numeric parameters to chmod are assumed octal anyways (afaict)
<ahasenack> yeah
<ahasenack> it's relaxed
<ahasenack> leading us to surprises elsewhere where it's not relaxed :)
<ahasenack> like yaml
<nacc> heh
<ahasenack> I banged my head against the table a few times with an yaml file that had something like key: 09
<ahasenack> and 09 was treated as a string instead of a number
<hehehe> what is yaml?
<ahasenack> it's because it's invalid octal, therefore it must be a string (!)
<dpb1> nacc: do we ever file bugs for packages stuck in proposed?
<dpb1> or, is there specifically a bug for this python-boto thing is really what I'm after
<powersj> ahasenack: guess it is glad you brought this up. Looks like that test has been failing to even run for sometime :\ other tests appear operational, so I'll dig into why samba hasn't
<ahasenack> hehehe: loosely, a file format that is both readable by people (meaning it's visually simple) and computers at the same time
<hehehe> ok anyways I run opencart app and it wants to access /cache /images  folders - I am thinking of safest permissions i can get away with
<hehehe> :)
<ahasenack> powersj: ok, just one more question
<powersj> ok
<ahasenack> powersj: https://platform-qa-jenkins.ubuntu.com/job/ubuntu-xenial-server-amd64-smoke-samba-server/303/console is this also defined by that yaml?
<ahasenack> "smoke"tests
<hehehe> I tried 770 and it wont display images inside admin bit sometimes
<ahasenack> or something different
<ahasenack> and if it's also a false success
<nacc> dpb1: we have -- let me look
<ahasenack> because I see errors, but RETCODE=0
<powersj> ahasenack: those errors are red herrings from utah
<dpb1> mmmmmm, herrings.
<ahasenack> hehehe: I'm not familiar with that app, sorry. In general, you start with the error, then figure out what it tried to access (which you did), and as which user, then come up with the right permissions
<ahasenack> powersj: ok
<hehehe> ahasenack: yes
<powersj> the YAML I linked to you are the results of test cases after an install which runs the tests themselves
<ahasenack> powersj: and it's not the same as that manual test with which we started this conversation, right?
<powersj> ahasenack: it is suppose to be the same
<nacc> dpb1: not finding any bug filed
<nacc> dpb1: this is intersting, though: LP: #519567
<ubottu> Launchpad bug 519567 in python-boto (Ubuntu) "euca2ools does not correctly specify port when $http_proxy is set" [Medium,Incomplete] https://launchpad.net/bugs/519567
<ahasenack> powersj: the yaml would have the output of that comment I'm looking for, had the test run?
<powersj> ahasenack: yes
<ahasenack> "net usersidlist", "step 28"?
<ahasenack> ok
<powersj> last fall none of these tests were working really at all
<powersj> I spent a number of weeks going through them, updating them, and getting them all running for the yakkety release
<dpb1> nacc: yes, I was suspecting something like that.  after I followed up with #is, my next stop was reproing a general squid proxy and see if it can pass when wide open
<powersj> they are great when they work ;)
<ahasenack> :)
<nacc> dpb1: the eventual conclusion may be that we will need the release team to mark this a 'badtest'
<nacc> dpb1: however, iirc, this test passes on debian -- so it'd be good to be sure about that
 * ahasenack -> EOD
<ahasenack> cya tomorrow
<dpb1> nacc: how can I check that fact
<dpb1> (passes on debian)
<nacc> dpb1: https://ci.debian.net/packages/p/python-boto/
<nacc> dpb1: says "OK (SKIP=8)" like the last pass on ubuntu
<dpb1> and not surprisingly, I see no 'http_proxy' in the captured output anywhere
<jgrimm> nacc, dpb1: sorry, I wasn't actively watching IRC today.. but yes, I think you are on the right path of what's going on with python-boto; i didn't get chance to track it down to root cause but given I could run tests locally fine, i was assuming it was an issue with the test environment.
<nacc> jgrimm: thanks! :)
<dpb1> jgrimm: hey there
<jgrimm> nacc, dpb1: an added fun bit was that I was told (i think by steve?) that the firewall rules are potentially different depending where it ends up getting run and magical that only IS knows what they are
<dpb1> yup
<dpb1> that matches
<jgrimm> that's as far as i got. :)
<dpb1> good, glad I'm stuck where you were!
<jgrimm> \o/ cool. documenting the FW rules would be nice to get done if discovered.
<dpb1> jgrimm: indeed!!  there is a good place for them: https://wiki.ubuntu.com/ProposedMigration/AutopkgtestInfrastructure
<dpb1> it just lacks mentioning them
<dpb1> :)
<jgrimm> :) have fun!
<dpb1> always
<hehehe> :)))
<hehehe> fun is food
<hehehe> good :D
<nacc> jamespage: celery uploaded -- i think it should even pass it's dep8 tests now :)
<nacc> or at least it does locally
<mwhudson> nacc: hooray
<mwhudson> i guess i should unblock the kombu migration
<mwhudson> not that it's going to migrate by itself for weeks anyway
<nacc> mwhudson: right, i can do that once it propagates into proposed (it = celery)
<nacc> mwhudson: jamespage: and excellent, all tests passed in the build on python2.7, python3.5 and python3.6: https://launchpadlibrarian.net/323872413/buildlog_ubuntu-artful-amd64.celery_4.0.2-0ubuntu1_BUILDING.txt.gz
<mwhudson> nacc: \o/
<nacc> mwhudson: once it migrates to proposed and the dep8 tests pass there, i'll unblock the bug
<nacc> mwhudson: if that's ok by you
<mwhudson> nacc: +1
<nacc> mwhudson: thanks
#ubuntu-server 2017-06-14
<nacc> mwhudson: sweet: http://autopkgtest.ubuntu.com/packages/celery/artful/amd64
<nacc> jamespage: mwhudson: unblocking the packages
<mwhudson> nacc: \p/
<mwhudson> \o/ rather
 * mwhudson is making is very own das keyboard
<nacc> mwhudson: i figured it was in profile
<nacc> mwhudson: maybe a stretch or something :)
<mwhudson> heh
<jamespage> nacc: awesome - thanks again for all of your work on this!
<lordievader> Good morning
<db`> cron job for every 1.5 hours
<db`> https://stackoverflow.com/questions/247626/how-can-i-set-cron-to-run-certain-commands-every-one-and-a-half-hours
<db`> won't this work?
<db`> */90 * * * *
<db`> I didn't find it anywhere..
<db`> all say about splitting the syntax.
<db`> */90 * * * * won't work?
<hateball> db`: no, as 0-59 are the allowed values for minutes
<db`> okay
<frickler> db`: "run in when $minute is a multiple of 90" won't happen very often. what's so bad about having two entries?
<db`> Okay. will do it like that
<db`> tahnks.
<cpaelzer> jamespage: I got the patches I needed for openvswitch and tests look good.
<cpaelzer> jamespage: I will likely upload the arm-dpdk+ftbfs-fix later today - let me know if there are any conflicts ahead
<cpaelzer> patches are arm-dpdk only, still I checked and normal OVS seems unaffected as it should be
<jamespage> cpaelzer: nothing that I am aware of
<cpaelzer> thanks jamespage
<jamespage> cpaelzer: no thankyou for your work in this area - its appreciated by me and the wider community of users :-)
<cpaelzer> you make me smile, but I wonder if you just want to raise my mood
<ahasenack> hm, why would someone add a "samba" tag to a bug against samba? Kind of redundant? :)
<jamespage> cpaelzer: could you look at https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1697729 when you're next in libvirt land
<ubottu> Launchpad bug 1697729 in libvirt (Ubuntu) "port allocator allocates the same SPICE port for multiple guests (race condition)" [Undecided,New]
<cpaelzer> jamespage: added to my list
<cpaelzer> jamespage: but by german luck (public holdiys) this week is a short one, so needs a bit of time
<cpaelzer> but the bug and patch are nice and clear - so I don't expect anything stopping me
<cpaelzer> jamespage: btw just saw that the new mininet fails on OVS Test in artful-proposed
<cpaelzer> jamespage: seems like it needs an explicit shutdown now
<cpaelzer> jamespage: https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-artful/artful/amd64/o/openvswitch/20170531_164045_f27a5@/log.gz
<cpaelzer> jamespage: the number of control ports rise each test by one and they fail saying it should be stopped
<cpaelzer> jamespage: haven't looked deeper into it
<cpaelzer> just saw that checking for my upload in excuses
<nacc> jamespage: np!
<nacc> dpb1: ping me when you want to review your `git ubuntu build` issue
<nacc> *build-source
<dpb1> nacc: thx
<dpb1> nacc: ya, I need some interactive debugging I think
<powersj> ahasenack: samba tests appear to be working as expected now
<powersj> https://paste.ubuntu.com/24857332/
<teward> powersj is doing my bug triage job for me lol
<nacc> teward: yw! :)
<powersj> :D
<teward> :P
<powersj> And I even copied and pasted from your page this time ;)
<teward> powersj: thank you again for doing my job :)
<teward> powersj: yay!  I appreciate the assistance :)
<ahasenack> powersj: the tests swallow stdout somehow? like http://pastebin.ubuntu.com/24857739/
<ahasenack> I would expect to see the local workgroup SID somewhere in there
<ahasenack> as evidence
<powersj> ahasenack: yes it does
<nacc> dpb1: note also that `git ubuntu build` is *just* a wrapper around dpkg-buildpackage
<nacc> dpb1: it's not often used by end-users
<dpb1> I have time now
<dpb1> so...
<nacc> dpb1: sure
<ahasenack> powersj: it's hard to verify that test as it is, it could be a false green as we have seen
<dpb1> build-source is what I should have been using
<nacc> dpb1: and did (it looks like)
<nacc> dpb1: yeah, typically i use build-source followed by an appropriate sbuild
<powersj> ahasenack: I would suggest going and looking at the actual tests before going that far
<dpb1> hm, right
<powersj> I do agree in principle, but knowing how we check for output for the tests I like to think we are ok
<dpb1> nacc: so, git ubuntu clone; quilt push -a; git build-source
<dpb1> that should get me the latest source package as it would be installed in the dev release
<nacc> dpb1: no, you don't want to be in patches-applied state
<powersj> Although I haven't thought about keeping all the stdout before, that is one I didn't question
<nacc> dpb1: you should be able to just do `git ubuntu clone; git ubuntu build-source`
<dpb1> nacc: ah, only when making a modification
<dpb1> ok
<nacc> dpb1: with a cd in  between, i guess
<dpb1> right
<nacc> dpb1: alternatively `pull-lp-source <srcpkg>` :)
<dpb1> makes sense
<dpb1> well
<dpb1> I have changes I want to make, but first I want a baseline
<nacc> dpb1: those two should produce the same output
<dpb1> nacc: fwiw, I'm looking at this bug: https://bugs.launchpad.net/ubuntu/+source/nis/+bug/1658653
<ubottu> Launchpad bug 1658653 in nis (Ubuntu) "Ypbind service fails to start on system bootup [race condition]" [Medium,Confirmed]
<ahasenack> powersj: I branched lp:ubuntu-test-cases/server/
<nacc> dpb1: your 'baseline' for a source pacakge is obtainable from `pull-lp-source <srcpkg>` as well, is all i meant before
<dpb1> nacc: got it
<nacc> dpb1: or more correclty, sorry, `pull-lp-source -d <srcpkg>`
<ahasenack> powersj: is that the automated version of http://iso.qa.ubuntu.com/qatracker/milestones/351/builds/117343/testcases/1409/results ?
<nacc> dpb1: that won't extract the source package, and you can use that as the baseline for generating debdiffs
<ahasenack> well, samba-server inside that branch, that is
<dpb1> nacc: idk, I like git log, it's helpful to have it right at first
<nacc> dpb1: sure that will work too
<dpb1> nacc: for the mechanics of actually testing my change.  what do you normally do?  new lxd for artful?
<nacc> dpb1: so it happens with artful too (already confirmed)?
<nacc> dpb1: yeah, so what i'd do is a) setup a PPA to test (a bit slower) or b) build in sbuild and `lxc file push` to a artful lxd and install there
<dpb1> haven't confirmed yet, no.
<nacc> dpb1: ok, that's probably step 1 -- you can also just look in d/changelog if something stands out
<powersj> ahasenack: the automated ISO tests have a repo where the jenkins jobs are kept and another for the tests
<powersj> tests are here https://code.launchpad.net/~ubuntu-server-qa/ubuntu-test-cases/server-tests-raring
<powersj> which looks like you found further above (sorry didn't read that far up)
<ahasenack> np
<ahasenack> they don't include the steps from that manual test page
<ahasenack> step 28 seems to be the only one missing
<Epx998> Is there a guide on tftp/network booting/installing against the full server iso? so we get all the drivers.
<sarnold> Epx998: perhaps investigate what maas is doing?
<Epx998> sarnold: maybe one day we'll get hours approved to POC MAAS, but for now we use tftp against the netboot images, we just want an all inclusive image with all the drivers.  Installing against the iso, wondering if there is a how-to or documentation somewhere for it.
<nacc> Epx998: rather confused -- you're using the netboot image, which implies you're using a rather minimal env to start (just enough to netboot generally). "All the drivers" in what context do you mean?
<Epx998> nacc: my manager has a bad habit of ordering servers for many different manufactors, tired of dealing with driver issues every time we get new hardware.  This time its huawei, video drivers out the box with netboot, no issues if we use the iso.  We have some UB14 servers still, good ol controller issue there.
<Epx998> meant also we have some ub12 servers still, that are giving controller issues for the drives.
<ahasenack> powersj: hey, how would one change a test like http://iso.qa.ubuntu.com/qatracker/testcases/1409/info? Where is that stored?
<ahasenack> I would like to propose a change to step 28, which the automated bits are not even running
<powersj> ahasenack: at the top of the page there is a file a bug link, which takes you to the project
<ahasenack> aha
<ahasenack> thx
<nacc> ahasenack: https://code.launchpad.net/~ubuntu-testcase/ubuntu-manual-tests/trunk
<nacc> ahasenack: i think?
<ahasenack> will check
<nacc> ahasenack: http://bazaar.launchpad.net/~ubuntu-testcase/ubuntu-manual-tests/trunk/view/head:/testcases/image/1409_Install%20%28Samba%20server%29
<nacc> ahasenack: that's "1409_Install_Samba_server" i think
<powersj> that looks right
<ahasenack> thanks
<ahasenack> powersj: I can add the new step 28 to the automated tests, will look into that later
<powersj> sweet
<powersj> ahasenack: if there are other bigger changes that would make it easier, please do. I have looked at these tests way too much, and taking a step back to review them would be good.
<ahasenack> sure
<ahasenack> we can add the simple dep8 tests i added recently too, they are simple, exercise the localhost network only, and can be run right after a default install
<ahasenack> https://bugs.launchpad.net/ubuntu-manual-tests/+bug/1697996 ftr, now cooking up a branch
<ubottu> Launchpad bug 1697996 in Ubuntu Manual Tests "samba: step 28 doesn't work without joining a domain" [Undecided,New]
<Epx998> Does MAAS have to act as a DHCP server or does it have a built-in tftp service that I can next to?
<ahasenack> I think not using the dhcp server that comes with maas will lead to pain. I know it was possible in the 1.8/1.9 versions, not so sure about current 2.2. But even with 1.8/1.9, it wasn't really the recommended way
<ahasenack> roaksoax will have a better insight :)
<Epx998> all you need with dhcp is to point to a tftp server
<Epx998> if maas is running a tftp server internally, makes it easy
<ahasenack> tbh, maas nowadays only uses dhcp for that step. The Ip assignment is made by writing to /etc/network/interfaces* directly
<ahasenack> commissioning and enlisting steps, I mean. In the actual node deployment you get a "static" IP in e-n-i
<ahasenack> but you can still select dhcp if you want
<ahasenack> Epx998: I suggest you hop into #maas here on freenode
<Epx998> we run isc-dhcp-server on another node, all of our subnets have a dhcp helper to the dhcp serve, that just next's our tftp
<Epx998> will do
<ahasenack> that channel was active 30min ago
<ahasenack> Epx998: did you read https://docs.ubuntu.com/maas/2.1/en/installconfig-network-dhcp ?
<Epx998> ahasenack: need to validate maas as a replacement for OS provisioning, we really dont need to replace our dhcp server
<ahasenack> sure
<Epx998> yeah its running tftpd, i can see port 69 in use - so thast good
<hehehe> hey hey
<hehehe> :D
<keithzg> Hmmm, does anybody know how to fully disable winbind auth in dovecot? I have "auth_use_winbind = no" configued, and `doveconf` confirms that's active, yet I'm constantly seeing pam_winbind being invoked for dovecot:auth in the log.
<qman__> not an expert, but it sounds like dovecot is using pam, and pam is using winbind
<qman__> so, either configure pam to not use winbind, or configure dovecot to not use pam
<keithzg> Unfortunately neither of those options is exactly optimal :(
<keithzg> Particularly considering that the server in question also doubles as a fileserver to Windows machines.
<qman__> well, that's what VMs/containers are for
<keithzg> Yeah, because I'm sure I won't run into *other* issues greater than just spurious log file lines if I complicate things like that ;)
<sarnold> keithzg: is there an /etc/pam.d/dovecot?
<qman__> separation of duty is important for lots of reasons, and that's one of them
<keithzg> sarnold: There is indeed!
<sarnold> keithzg: does it use winbind? :)
<keithzg> sarnold: Not explicitly, although I should look into if any of the inlcuded options in turn include winbind; just lists common-auth, common-account, and common-session.
<keithzg> qman__: Eh, I don't disagree in principle, and it's why most of the internal services are indeed run in VMs. But in this instance, the users being authed also have their home directories on the server, which is in turn where their Maildirs live. And everyone insists on accessing all this at least slightly differently than everyone else...
<keithzg> sarnold: Yeah, good catch, all three of those include pam_winbind.so
<sarnold> keithzg: now you get to decide if you want to neuter those or just duplicate them directly into dovecot without the line..
<ndboost> hey all i am trying to move my mysql datadir off to a block volume on DO
<ndboost> and syslog shows these entries
<ndboost> Jun 14 22:03:49 app01 kernel: [27231.885231] audit: type=1400 audit(1497477829.157:531): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/23000/status" pid=23000 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=112 ouid=112
<ndboost> Jun 14 22:03:49 app01 kernel: [27231.885383] audit: type=1400 audit(1497477829.157:532): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=23000 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=112 ouid=0
<ndboost> Jun 14 22:03:50 app01 systemd[1]: Started MySQL Community Server.
<ndboost> even though i have an entry in /etc/apparmor.d/tunables/alias pointing to the new path
<ndboost> the service comes up fine but ansible still thinks its failing :\
<sarnold> ndboost: note that those DENIED messages aren't for data files
<sarnold> ndboost: https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1658233
<ubottu> Launchpad bug 1658233 in mysql-5.7 (Ubuntu) "missing apparmor rules" [Low,Triaged]
<ndboost> is it denys for starting mysqld?
<ndboost> ahhh
<ndboost> "For MySQL the call to proc/pid/status is done as part of a check to ensure no other processes are using the same socket file, so it affects the server's ability to detect an invalid configuration."
<ndboost> bingo
<dpb1> ahh
<ndboost> forgive me for my lack of knowing how to navigate launchpad but is there a workaround?
<Aison> ChmEarl, thx for your help, lvm2 works now. Unbelievable that this bug is more than an year old
<sarnold> ndboost: here's something to fiddle with https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1658239
<ubottu> Launchpad bug 1658239 in apparmor (Ubuntu) "base abstraction missing glibc /proc/$pid/ things" [Undecided,New]
<ndboost> thanks sarnold
<keithzg> sarnold: Seems to me that merely changing the order in common-auth would solve my problem (so that winbind is last, rather than LDAP being last---LDAP being where the users actually live). I guess I have to give up using pam-auth-update then, though, since I don't see a way with it to specify order of plugins, only which plugins are enabled.
<sarnold> keithzg: you're firmly into territory I've never needed to know, but i'm surprised re-orderingw ould fix it
<keithzg> sarnold: Yeah, it's not a hard failure, all it is is an annoying set of lines printed in the dovecot logs (in scary red in our colorful systemd world, heh) when winbind fails, but then it moves onto ldap and is placated by successfully authenticating the users.
<keithzg> So I'm largely just fixing a cosmetic log issue for myself here, haha
<sarnold> keithzg: oh! I get it
<sarnold> my world is back together again, thanks :)
<keithzg> sarnold: haha, no problem :) And many thanks for being, yet again, The Answerer Of Questions :)
<ChmEarl> Aison, cheers
<sarnold> :D
<Aison> is there some nagios nrpe server 3 backport for xenial?
<Aison> the nagios 3 client from zesty is not working correctly with nrpe server from xenial
<tarpman> https://packages.ubuntu.com/xenial-backports/nagios-nrpe-server says no
<tarpman> Aison: is it https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849417 ?
<ubottu> Debian bug 849417 in nagios-nrpe-server "nagios-nrpe-server: segfault during SSL negotiation with older NRPE 2.15 plugin" [Normal,Fixed]
<nacc> Aison: fwiw, nagios3 is being removed from artful (hopefully)
<nacc> Aison: it's already been removed from Debian
<Aison> tarpman, yes, it is related to ssl
<Aison> nacc, why?
<nacc> Aison: it's insecure and inactive upstream (icinga2 is the alternative) and nagios4 is the future (i think)
<nacc> Aison: there are unfixed CVEs in nagios3
<nacc> LP: #1696252 is the artful bug
<ubottu> Launchpad bug 1696252 in nagios3 (Ubuntu) "Please remove nagios3 (and revdeps) from artful" [Undecided,New] https://launchpad.net/bugs/1696252
<Aison> well, nagios4 is an option too ;)  but v4 it is also not in ubuntu (not even zesty)
<nacc> Aison: not in debian either :)
<hehehe> GET /index.php?route=product/product&manufacturer_id=7&product_id=165 HTTP/1.1" 403 177 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0;
<hehehe> baidu spiders are weird
<hehehe> he followed aliexpress scraper seems so :D
<mwhudson> nacc: thanks for taking care of that kombu / celery mess
<tarpman> this channel makes me hungry sometimes
#ubuntu-server 2017-06-15
<hehehe> good
<hehehe> be hungry
<hehehe> whats the common danger to give any kind of folder or file permision to public?
<hehehe> read is safe
<hehehe> write - they can try to load malicious code?
<patdk-l2> read is not safe
<patdk-l2> not if it contains a config file with your mysql permissions and stuff like that
<patdk-l2> write should NEVER be given
<sarnold> if you ever grant someone untrusted write access to a directory that basically means there's entire classes of tools that should never be used on that directory again
<sarnold> just about everything that traverses directory structures assumes they are operating on safe inputs
<sarnold> no tar, no rsync, etc.
<sarnold> while it is possible to safely implement tree walking routines in the face of malicious modifications I honestly can't say I know any tool offhand that does it correctly.
<hehehe> :)
<hehehe> sarnold:  there's entire classes of tools that should never be used on that directory again
<hehehe> like what tools and why
<sarnold> hehehe: anything that works on directory trees
<hehehe> like?
<sarnold> no tree, no find, no tar, no ls -R, etc.
<sarnold> no du.
<hehehe> so if someone have write access how they can use find?
<hehehe> i just read open cart golden partner tutorial We recommend setting the permissions of config.php to 444. This will make the file as read-only. :D
<hehehe> lol
<hehehe> ehehe
<sarnold> hehehe: if you give someone else write access to a directory and you don't trust them then _YOU_ and _root_ do not get to use find
<patdk-l2> give find u+s rights :)
<sarnold> (don't give find setuid rights! :)
<patdk-l2> that is like the first thing I do on some of my systems
<sarnold> holy hell
<patdk-l2> is remove setuid and setgid to everything
<sarnold> oh okay
<sarnold> you scared me to death man
<patdk-l2> as there is no ligit usecase for any of them
<patdk-l2> as user management and stuff are on another box
<sarnold> "did patdk really forget about -exec? and -delete?" :)
<patdk-l2> na :)
<patdk-l2> I really don't get apple
<patdk-l2> on this order confirmation email
<patdk-l2> they **** out my phone number
<patdk-l2> but left everything else, my address, and everything
<hehehe> remove setuid and setgid to everything - what is everything and how u do it?
<hehehe> :D
<patdk-l2> I think my phone number is the least of my worry
<hehehe> even credit card details?
<patdk-l2> use find :)
<patdk-l2> lucky, no cc details at all
<patdk-l2> if you remove setgid/setuid from everything, you will normally have a very broken system
<patdk-l2> sudo won't work, passwd won't work, sendmail won't work, ...
<hehehe> not good
<patdk-l2> but those are all things I had no issues with
<hehehe> ur idea is bad :D
<patdk-l2> not if it's a webserver
<patdk-l2> and NOTHING else
<hehehe> but how do u change pass?
<hehehe> without passwd
<patdk-l2> why would I?
<patdk-l2> passwords won't live on that box
<patdk-l2> if someone changed a password from there, it's hacked
<patdk-l2> passwords live in ldap
<hehehe> is there howto on it?
<hehehe> to read more :D
<patdk-l2> not really, it's more just knowing how everything works and what you can get away with
<patdk-l2> these days people generally use lxd/docker for these type of things
<patdk-l2> but I build this like 12years ago
<patdk-l2> been moving it to lxc
<patdk-l2> but still keep the basics I always do, since no reason not to
<hehehe> how many times your server been hacked?
<hehehe> :D
<hehehe> none?
<patdk-l2> that depends
<patdk-l2> atleast multible times a day
<patdk-l2> but never rooted
<patdk-l2> I can't really secure customers stuff
<patdk-l2> but as long as they stay contained to the customer
<hehehe> so you offer hostin?
<patdk-l2> yes
<hehehe> files hotel or motel
<hehehe> :D
<hehehe> well this app opencart - uses some dirs like images etc to write and read, I set folder to 770 - however  images wont show in checkout and also some ajax functions like menu dont work
<hehehe> most does work
<hehehe> maybe faulty code a bit?
<patdk-l2> you probably just need to make it group owned and set the group to writable
<patdk-l2> by whatever it runs under
<patdk-l2> likely php, and that is likely defaulted to www-data unless you changed it
<hehehe> I have done that
<hehehe>  but set to group to writable hmm I done some of it
<patdk-l2> only folders it needs write access
<patdk-l2> like your images/tmp/... folders
<patdk-l2> 770 would be fine
<patdk-l2> as that is read+write+execute
<hehehe> yes
<hehehe> so I need to use setgid?
<patdk-l2> no
<hehehe> chmod g+s /image stuff like?
<patdk-l2> chmod g+w
<patdk-l2> and I hope you don't use /
<patdk-l2> that would be a very strange location for a image folder
<hehehe> its app/image :D
<hehehe> change mode to make it group writeable right?
<hehehe> like chmod g+w /app/image or /app/image/ ?
<hehehe> and how I can check existing things like that if any
<hehehe> ls -l does not seems to show them :D
<hehehe> patdk-l2: anyway I did run chmod g+s image etc etc
<hehehe> same story
<hehehe> dun
<hehehe> 770 means its writeable by group
<hehehe> why I need to use chmod g+w?
<lordievader> Good morning
<a_z0_9823> Hello, testing, first time IRC user..
<lordievader> o/
<a_z0_9823> anyone here familiar with email hosting?
<lms> Hello all. I'm having some issues setting up a simple kerberos environment. I've posted a serverfault question about it: https://serverfault.com/questions/855859/mit-kerberos-keeps-asking-for-password-when-authenticating-to-openssh . I'd really appreciate if anyone here could shed some light.
<sadsheep> hi$
<sadsheep> I would like generate an .po file from old but this old po file is in subfolder
<sadsheep> i using this cli
<sadsheep> msgmerge --no-wrap  --directory="../locales" -o ../locales/new.po  messages.po ./testersclub.pot
<sadsheep> but this, no run ! OUTPUT : msgmerge: Erreur lors de l'ouverture de Â«Â messages.poÂ Â» en lecture: Aucun fichier ou dossier de ce type
<sadsheep> please ?
<hehehe> hey hey
<hehehe> :D
<lordievader> o/
<hehehe> hi lordievader  :)
<lordievader> Hey hehehe
<lordievader> How are you?
<hehehe> I nearly managed to wrestle all I want from a server - 1 thing left app writeable dirs like /images yet to work, and it was working on the other box (but I forgot how I made it work) , using chmod 770
<hehehe> and I am fine
<hehehe> any idea how I can check whats the issue is?
<lordievader> Is the party trying to write to that folder the owner or in the group?
<hehehe> in the group, not an owner
<hehehe> its root:www-data
<hehehe> and party writing is www-data
<lordievader> What I usually do is open a shell as that user and see if I can do it manually.
<hehehe> lordievader: like simply su as that user and copy file into dir in question?
<lordievader> For example, touch would be sufficient ;)
<hehehe>  su www-data This account is currently not available.
<hehehe> why is that .. :)
<lordievader> Because it is disabled ;)
<lordievader> But there are ways around that: sudo -u www-data bash
<hehehe> bash: /root/.bashrc: Permission denied
<hehehe> ok it worked
<hehehe> lordievader: yes I was able to copy file to /images and create a file there
<hehehe> weird
<lordievader> Is the app running as some other user?
<hehehe> it should run via nginx as www-data, anyways to double check?
<lordievader> I don't know what you are running.
<hehehe> opencart a php app
<hehehe> its simply uses nginx and php fpm
<lordievader> Oh, but php-fpm runs as a different user, I though.
<lordievader> thought*
<hehehe> I checked php-fpm config - user www-data, group www-data
<lordievader> Hmmm
<hehehe> is that a right way to do it?
<lordievader> Then I do not really know what the problem is.
<lordievader> Yes
<hehehe> and in sockets owners listen mode 0660
<hehehe> ok I will check more :D
<hehehe> lordievader: PHP Warning:  fwrite() expects parameter 1 to be resource
<hehehe> hehe
<hehehe> I am getting closer to it
<lordievader> That sound like an error in the program.
<hehehe> https://pastebin.com/ufV76bda
<lordievader> Could be a mismatch between target php version and installed php version.
<SlimG> Is it possible to stop mysql from creating the default files in the datadir when they are missing?
<hehehe> lordievader: many say delete cache
<hehehe> I googled the error
<hehehe> i think that can fix it :D
<DirtyCajun> so, NFS mount. If a single mount and moving files within that mount then there is no loss in speed over the lan. But 2 mounts that go to the same server would require the information to pass from mount a to mount be causing lan slowdown correct?
<lordievader> Most likely, yes.
<DirtyCajun> lordievader,  e.g. /parent/folder1  /parent/folder2   mount /parent as /parent  and symlink folder1 and folder2 as /folder1 /folder2.  then you can move files from folder1 to folder 2 with no loss of lan speed though right?
<DirtyCajun> ***from /folder1 to /folder2
<lordievader> Yes, they move stuff from the same mount.
<lordievader> As long as they do not traverse the boundary of the mount, you should be fine.
<DirtyCajun> wonderful.
<DirtyCajun> lordievader, nope. No cigar. Looks like if folder1 and folder2 are their own filesystems on the host server then nfs cannot traverse the subdirectoreis
<DirtyCajun> guess im gonna use SMB -,-
<Aison> can I define some default user and password for "mysqladmin"?
<DirtyCajun> Aison, what do you mean by default... its a tool
<DirtyCajun> you just want to be able to type in mysqladmin without typing a u or p?
<yeeve> Aison, a nice way of making the mysql tools easier to use is 'login paths'. Have you used .ssh/config file before?
<yeeve> Aison, I think by default it may already try `-uroot -p -hlocalhost` but I'm not 100% sure
<Aison> yeeve, DirtyCajun eg. when I try to install zoneminder, mysqladmin is used to create some database
<Aison> and because there is no username password defined, I get the error
<Aison> mysqladmin: connect to server at 'localhost' failed
<Aison> error: 'Access denied for user 'root'@'localhost' (using password: NO)'
<Aison> during apt-get install
<Aison> brb
<yeeve> Aison, by default it could be that MySQL is locked down so root cannot login. You need to change your MySQL setup so root without password can login to localhost.
<jamespage> anyone know whether the s390x autopkgtests run under LXD or under KVM?
<xnox> jamespage, lxd
<xnox> jamespage, or actually lxc.
<jamespage> xnox: oh
<xnox> jamespage, both armhf and s390x are containers, one is lxc the other is lxd.
<xnox> hence the two are "different" from everyone else, and between each other.
<jamespage> xnox: I'm trying to reproduce a s390x failure
<xnox> should be possible with local amd64 lxc / lxd runners.
<jamespage> have a lxd container on an s390x; can get test to fail...
<jamespage> :(
<jamespage> can't rather
<xnox> which package / test?
<jamespage> xnox: gnocchi
<jamespage> its been failing pretty consistently on that architecture
<jamespage> xnox: hmm when not running with security.privledged=True, I see alot of systemd unit startup issues - "status=237/KEYRING"
 * jamespage scratches his head
<xnox> jamespage, that one is a known regression in artful, yet to be fixed.
<jamespage> xnox: ah
<hallyn> rharper: cpaelzer: any plans on keeping https://launchpad.net/~ubuntu-virt/+archive/ubuntu/virt-daily-upstream updated?
<hallyn> (I don't have any, at least for now, sorry)
<hallyn> (wouldn'tmind doing a rotating schedule for handling it if we want to do it as a team)
<cpaelzer> hallyn: to be honest I didn't even know it existed
<cpaelzer> hallyn: but if it is a no commitment as good as possible thing we could try to get it back to live again
<cpaelzer> hallyn: it is also nnot so daily anymore since a long time
<hallyn> cpaelzer: right, someone just complained aobut htat which is why i bring it up
<cpaelzer> hallyn: I'm actually not here today (public holidy), but I added a card to not forget looking into it more seriously at https://trello.com/c/RdKlRFk2
<cpaelzer> hallyn: I'd reach out to you once I have taken a deeper look - ok ?
<hallyn> wtf is that - trello :)
<hallyn> sure.  ttyl :)
<dpb1> hallyn: welcome to 2017
<hallyn> (I'm actually on vacation too :) - see you on relaxation island)
<dpb1> :)
<cpaelzer> hallyn: the Team is now "planning in the public space"
<hallyn> we used to do that on lp with blueprints :)
<hallyn> anyway - \o
<cpaelzer> hallyn: it is world readable like the blueprints were, yet more featureful
<dpb1> have a good vacation hallyn
<cpaelzer> hallyn: if you want to write dpb1can make you an external  Team member
<hallyn> sure why not
<hallyn> can see how it compares to atlassian and lp.  maybe it rocks
<dpb1> will do
 * cpaelzer is hiding again
<dpb1> yay https://github.com/boto/boto/issues/3739
<dpb1> now I just need to figure out how to get a change to the 2.44.0 upload re-uploaded...
<Capprentice> What to use for DNS ad filtering for a Metro ISP ?
<sarnold> Capprentice: I'd probably start with powerdns recursor and rpz https://blog.powerdns.com/2016/06/28/response-policy-zone-support-in-powerdns-recursor/
<jelly> where does one get an anti-advertising rbl anyway
<drab> re
<adv-t> Hello all!
<adv-t> How do you do?
<adv-t> Wondering:  How much space do you guys leave for your Ubuntu server installs?
<adv-t> I only have a 120GB SSD, and I'm planning to do some virtualization, so...
<dpb1> ya, virt is what takes up the room for sure
<adv-t> Yeah, I've got some more hard drives in there that I can "give" to the VMs, but I want all of the OSes/apps to be running off of the SSD, ideally.
<dpb1> I personally like to segregate my VM disk usage in some way
<adv-t> I was thinking 10GB pretty much each
<adv-t> Oh, yeah, ideally that'd be great.
<adv-t> And I may end up doing that, but I think that what I'm looking to do with my server + vms isn't really super disk intensive.
<sarnold> I see our is guys having to clean up space on vms due to being short on space from time to time; I think they grumbly about 10g roots
<drab> adv-t: about 10GB for a basic install of roots and then I export disks for data
<adv-t> This is why I asked!  :D
<sarnold> if you're religious about the 'disks for data' then probably 10 gigs does work okay
<drab> it also depends what you're doing...
<adv-t> I think I'm pretty religious about disks for data.
<drab> for example, if you are doing qemu/kvm and you'll mostly use static images, then using a shared root + incrementals could dramatically reduce your data usage
<drab> same with lxd and something like overlayfs
<drab> but generally speaking everybody recommends against using snaps/immutables for prod because sooner or later things will drift enough you'll regret it
<sarnold> oh?
<drab> however ime if you know your workload well that can be really advantageous
<adv-t> I have a 120GB SSD that I wanted to use as the boot drive, and then I've got three VM's that I plan to build:  One for my own files (SMB and such which will be located on a separate disk), one for an ethereum stratum proxy (I will store the full blockchain on a separate disk), and one for a web server for me to play around with.
<adv-t> Again, I figured that for the most part, it'd just be the OS and applications that "run" off of the SSD - data would be stored on separate disks.
<adv-t> This means I need to reinstall Ubuntu and redo my Xen VM.  T_T
<drab> for that use case I think you've got plenty if you don't need to save up SSD space for future usage
<drab> if data is always on another disk for each VM, then 15GB is prolly safer
<adv-t> Yeah, I don't think I do.  I figured 10GB partitions JUST to be extra conservative, but, shoot, it's not like I can't get a bigger SSD if I need.
<adv-t> I could do 15GB.
<adv-t> I just had this 120GB laying around, figured I'd put her to use.
<drab> most of my / start at about 4GB with all my
<drab> "basic sw" installed
<drab> so to my use case, 10GB is plenty
<drab> but I've ran into some cases where it got tight
<drab> especiallyif you need to keep multiple kernels or source code around for some reason
<adv-t> i do like to tinker though.
<adv-t> i might need an ubuntu 16.04.2 vm just for that.
<adv-t> so i can blow that one up, and not nuke all my services.
<drab> fwiw, depending on your taste, I've moved 99% of my thinkering to lxd instead of VMs
<drab> but I'm also stubborn and refuse to use libvirt which would have made sticking with VMs probably a lot easier :P
<drab> so like I said, it's partly a taste thing
<drab> the real physical limit is how many "VMs" you need to thinker with and if you can pack those on the machien you have or not
<drab> containers will obviously pack a lot more
<jushur> you want to keep 20% of the drive free at all times, so it has good space to use for rewrites.
<adv-t> Because it's an SSD?  Or just in general?
<jushur> due to SSD
<adv-t> Gotcha, yeah.  Good idea.
<drab> lol
<jushur> performance will drop realy fast if you fill it upp
<adv-t> Does Ubuntu Server 16.04.2 do TRIM?
<drab> there was just a massive thread^Wflame about that on ZOL list
<adv-t> Like, automagically?  Or do I need to set that up via cron?
<trippeh> on consumer ssds this is good advice.
<adv-t> It should be obvious by now that I am... learning... am nub
<jushur> actually "small" ssds in particular
<jushur> if you have a 240gb or bigger its less of an issue. as you tend to not actually fill them. while a 120 you easily fill
<trippeh> enterprise ssds tend to have like 40% unaddressable flash set off for spare/gc management so "filling up" is much less of an issue on those.
<jushur> yep
<jushur> is also why they seem faster then consumer ones
<jushur> and cost more
<drab> http://list.zfsonlinux.org/pipermail/zfs-discuss/2017-June/028440.html
<drab> just for reference
<drab> there's some good comments and myth busting
<drab> and I think people overall agree with the above, especially the distinction between enterprise vs consumer SSDs regarding overprosioning
<sarnold> adv-t: if you use a filesystem that supports the fstrim ioctls crontab up fstrim..
#ubuntu-server 2017-06-16
<SarahJane888> Hi crew - I'm new to linux, but learning a ton. I've built a service that mounts google drive to my machine, but want to have a second service that fuses that mount with a local folder. I'm having issues with systemd loading them correctly. My gdrive mount works fine, but the local folder won't mount overtop. journalctl isn't helping me too much
<sarnold> what does "fuses" mean?
<SarahJane888> union-fs
<SarahJane888> i want to layer them on top of each other
<sarnold> aha. I think I've heard that overlayfs or overlay is the 'modern' preferred such thing. I'm also not sure I'd trust it with fuse.
<nacc> mwhahaha: np!
<Village> Hello, what VLC on Ubuntu server 16.04 are lasted?
<rbasak> Village: https://launchpad.net/ubuntu/+source/vlc. But if you're using VLC, it's probably not a server?
<lordievader> Good morning
<jamespage> beisner_: https://bugs.launchpad.net/ubuntu/+bug/1698350
<ubottu> Launchpad bug 1698350 in python-zunclient (Ubuntu) "[MIR] python-ovsdbapp, python-pypowervm, python-zunclient, python-deprecation, python-os-traits" [Undecided,New]
<jamespage> tagged openstack-mir as discussed
<jamespage> os-traits is not actually in yet but raised the paperwork anyway
<ikonia> openstack-mir ?
<ikonia> thats interesting,
<fallentree> Hiall. I'd like to run multiple "copies" of the same snap application on the server. Each snap would run on different port. but I'm not sure how to achieve this, it appears there can only be one instance of a snap.
<fallentree> What I'm trying to do is snap-up a PHP application deployed to multiple clients per server.
<fallentree> Why snap? Isolation, and also some clients will run version X, some X.1, etc...
<fallentree> So one such snap would deliver a php-fpm daemon, readonly php files, and a designated write (file upload) area, with each havign custom config (port or unix socket path, etc...)
<beisner_> ack jamespage - will talk to folks when they come online later today - tyvm
<rbasak> fallentree: you could use multiple lxd containers I think, each with one snap installed. That'd put them on different IPs by default though I think. For more, try #snappy.
<fallentree> rbasak: I specifically want to avoid using full containers like lxd, but it seems there really is no other way, thanks.
<rbasak> nacc: should http://paste.ubuntu.com/24873590/ work? Can you see if you can reproduce it please?
<rbasak> Oh, disregard.
<rbasak> That's my broken changelog parsing branch. Sorry!
<dpb1> woop http://people.canonical.com/~ubuntu-archive/proposed-migration/artful/update_excuses.html#python-boto  first thing I fixed in ubuntu
<dpb1> now, that deja-dup failure is concerning
<nacc> dpb1: looks to be a ftbfs?
<dpb1> but, I guess it was failing on the glib2.0 trigger
<dpb1> OK
<nacc> dpb1: there is a new vala in a-p, iirc
<sarnold> error: Argument 1: Cannot pass value to reference or output parameter
<nacc> dpb1: there was some discussion earlier this week between myself, jbicha and fossfreedom on this, as their builds were failing due to vala changes
<sarnold>      (model as Gtk.ListStore).remove(iter);
<sarnold>                                       ^^^^
<sarnold> that's strongly unlikely to be due to a python-boto change :)
<dpb1> indeed
<nacc> sarnold: yep
<nacc> and it's not a true regression in the sense of caused by, it's that the test has been failing now and wasn't failing before
<dpb1> nacc: so, the whole artful-proposed pocket isn't used for that test, it's scoped at just --apt-pocket=proposed=src:glib2.0 ... is that right?
<nacc> i've often thought it would be nice if 'regression' was more accurate (just seeing if the old and new version of this pkg is what caused the failure)
<nacc> dpb1: you're right, but valac migrated between the passing and failing cases
<dpb1> ya, when I saw regression, I was like WHAT
<dpb1> k
<nacc> dpb1: valac-0.34-vapi to valac-0.36-vapi
<nacc> i'm comparing https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-artful/artful/amd64/d/deja-dup/20170607_164021_ffb63@/log.gz (PASS) to https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-artful/artful/amd64/d/deja-dup/20170614_181615_bf8b3@/log.gz (first FAIL)
<nacc> so even that is inaccurate as to it being hte first FAIL
<nacc> because really glib2.0 isn't causing it either, afaict
<nacc> but there's not a good way to force all packages but one to change when you've got an archive to build against that has stuff moving constantly :)
<nacc> dpb1: https://github.com/manjaro/pamac/issues/235 ? similar error and possible fix?
<nacc> dpb1: or more correctly referred to in LP: #1686083
<ubottu> Launchpad bug 1686083 in Simple Scan "Needs to use ref syntax with GtkListStore (Vala 0.36)" [High,Fix committed] https://launchpad.net/bugs/1686083
<nacc> dpb1: with a #if VALA_0_36 wrapper etc
<nacc> dpb1: actual bug: LP: #1668915
<ubottu> Launchpad bug 1668915 in deja-dup (openSUSE) "Deja-dup 34.3 fails to build with vala 0.35.6" [Medium,Confirmed] https://launchpad.net/bugs/1668915
<nacc> dpb1: jbicha already has a branch proposed: https://code.launchpad.net/~jbicha/deja-dup/+git/deja-dup/+merge/325865
<dpb1> ah I see.
<dpb1> sweet
<drab> anybody in server land that has seen the cockpit-project?
<dpb1> I've seen it, yes. :)
<dpb1> never used though, no
<drab> I can't tell to what degree it's an evil webmin 2.0 kind of thing...
<drab> but I have a bunch of use cases where I'd have to explain to people what ssh is and that's a non starter
<drab> I'd be used internally only so relatively safe, but I'm not finding much in terms of audit/testing from the larger community
<dpb1> drab: it dovetails interestingly in ideas we have bantered about over beers before.  API like administration of your ubuntu box, etc.
<hehehe> hi
<hehehe> :)
<hehehe> i have managed to fix all server issues
<hehehe> :D
<sarnold> hehehe: nice
<hehehe> sarnold: do u laravel? :D
<sarnold> hehehe: no idea what that is
<sarnold> it sounds sticky
<hehehe> what kind of geek are u!
<hehehe> :DP
<hehehe> Laravel - The PHP Framework For Web Artisans
<hehehe> https://github.com/laravel/laravel
<sarnold> oh gods no
<dpb1> web artisan.  I'm not that, for sure.
<drab> lol
<sarnold> I avoid php at all costs
<hehehe> why
<hehehe> u are assembler addict
<hehehe> I am Web Culinary Master
<hehehe> combining flavors of various languages I barely now
<hehehe> know
<hehehe> I wonder if I can work remote for google with such title? :)
<hehehe_offline> https://www.scaleway.com/virtual-cloud-servers/
<hehehe_offline> so nice
<hehehe_offline> i wonder if I can make some kind of image of ubuntu server
<hehehe_offline> and load to new box via kvm?
<hehehe_offline> seems possible
<hehehe_offline> what do u think
<sarnold> on scaleway specifically? or local? or a private cloud?
<hehehe_offline> any provider with kvm
<tomreyn> by kvm, do you mean the virtualization technology or keyboard, video, mouse?
<sarnold> most providers let you make images of some sort; openstack-based things store images in glance, aws lets you do something like convert ebs volumes to ami ..
<hehehe_offline> sarnold: virt tech
<hehehe_offline> but many dont allow it openly
<hehehe_offline> aws yes
<hehehe_offline> I used ami :D
<hehehe_offline> https://www.lowendtalk.com/discussion/100818/windows-on-ovh-vps-ssd
<hehehe_offline> neat
<hehehe_offline> oki I must sleep
<hehehe_offline> :D
<hehehe_offline> slepppppppppppp
<sarnold> "Keep in mind this will take well over an hour, so leave this running and go to something else until it finishes." holy cow why is that so terribly slow?
<drab> what's that?
<sarnold> drab: downloading a compressed windows disk image, gunzip -c, then dd that to a virtual disk
<sarnold> it's less than ten gigs uncompressed
<drab> what's the virtual disk? qcow2 stuff?
<sarnold> dunno. The rest of that page suggests it's nvme backed ssds.
<sarnold> qcow2 is sloow but even that ought to be able to handle 10 gigs in less than two hours right? :)
<drab> yeah, fair, maybe storage is not local?
<sarnold> maybe that 100mb/s is the switch speed? :)
<drab> :)
<dpb1> powersj: guess I can poke you over here: https://wiki.ubuntu.com/ServerTeam/KnowledgeBase?action=diff&rev2=160&rev1=157
<powersj> oh yeah sorry :)
<powersj> I like the recently updated
<powersj> better verbiage around server-next would be nice
<dpb1> give me words
<dpb1> powersj: nice pics on https://powersj.github.io/ubuntu/2017/06/16/server-sprint-denver.html
<powersj> thx
<powersj> dpb1: I like "top 20 important bugs" or just "top 20 bugs"
<dpb1> ok
<dpb1> ya, it's better
#ubuntu-server 2017-06-17
<axisys> got a new server hp dl360 gen 9 with 12 SSD of 800G each. I need little bit of space for OS and rest will be for /home and /var and /var/log
<axisys> any suggestion on partitioning? may be a raid 1 of two and raid 10 of the rest 10 in the hardware raid controller?
<axisys> any suggestion SSD related?
<lordievader> Good morning
<drab> axisys: it really depends on what you're trying to achieve/workload
<drab> and whether speed, data integrity/resiliancy etc are most important
<drab> axisys: per yesterday's convo, if those are consumers ssds, overprovisioning would be a good thing to do, to help with perf long term
<drab> and to make sure that trim is ran regularly
<drab> regarding the raid controller, one thing that matters ime is whether you have more spare hw like that/and backups to restore in case the controller fails
<drab> because most likely disks won't just work on a diff controller
<qman__> highly dependent on the hardware
<drab> yep
<qman__> some manufacturers are pretty consistent with their structure and it'll work on most controllers by the same manufacturer, others not so much
<ndboost> hey
<ndboost> how can i run sftp on a seperate port and match only to users in group "sftp"?
<ndboost> i get an error "Directive 'Subsystem' is not allowed within a Match block"
<tomreyn> ndboost: use Match to restrict the set of options certain users or user groups have when connecting to the server. don't try to use it to provide those with elevated access. The 'Subsystem' directive is available on the global scope only.
<ndboost> thx tomreyn this is what i ended up with but chroot aint working ... https://gist.github.com/mikedevita/2e545c5d0438ad0ed39c70db9021f856
<tomreyn> sftp is a subsystem of ssh, i.e. users need to be able to connect to the ssh daemon using the ssh protocol first, then shift the protocol to sftp
<ndboost> that makes sense
<ndboost> looks liek bad perms
<ndboost> bingo
<ndboost> thx
<tomreyn> ndboost: welcome, but have you now achieved to prevent that the sftp users (those in Group 'sftp') are no longer able to authenticate to port 22 and operate there without restrictions?
<ndboost> i have 22 locked down
<ndboost> what else would i need, i have Port 22 and Port 2222 in sshd_config, then that block i showed you
<tomreyn> ok, i wonder how you locked down 22 then
<ndboost> and sftp users are set to /bin/false as their shell, and are in sftp group
<ndboost> just firewall
<tomreyn> oh so sshd listens on 22 but the firewall prevents access to it form all or most source locations
<tomreyn> i guess this works.
<ndboost> yes
<ndboost> i have a select few of IPs whitelisted
<ndboost> for 22
<ndboost> and all ipv4/6 on 2222
<tomreyn> consider doing it the other way around if you want to do users a favor
<tomreyn> but other than that, sounds good to me.
<tomreyn> you might want to allow only public key authentication on the 'admin' port (where users can get a shell)
<ndboost> yeah but then i get tons of hits on 22
<ndboost> i only allow pubkey auth on ssh
<ndboost> and the users are editing web docs n stuff, they should be competent enough to use 2222
<tomreyn> totally not ;)
<ndboost> lol
<tomreyn> but your config sounds good to me.
<patdk-l2> why would you use port 2222?
<patdk-l2> I have a few friends that use port 222 or 2222 isntead of 22, to stop attacks
<patdk-l2> their logs show just as many attempts as mine on port 22, in the same ip space
<axisys> drab: well this server will be used a for tons of scripts .. mostly cpu and mem intensive..
<axisys> based on the current build on the old server
<axisys> drab: ^
<axisys> so do I need to build a raid5/6 with many spares.. or just a raid1 (2 disks) and a raid10 (10 disks) will do?
<axisys> I suppose running trim is a must since these are all SSDs and do I need a discard in fstab?
<axisys> also found this https://wiki.debian.org/SSDOptimization .. and probably applies to ubuntu as well since it is made from debian?
<drab> axisys: if the workload is mostly cpu/mem intensive I don
<drab> 't see the benefits of a configuration that adds to io perf (raid10)
<drab> since you don't need the extra perf I'd go for extra reliability and build a raid6
<drab> with as many spares as you can afford, but I'd say one is plenty considering you
<drab> 're already got 2 drives safety net
<axisys> drab: good point
<drab> at which point no need to split the raid1 on its own, just have one raid6 which makes the whole system much more resiliant
<axisys> so a raid1 and a raid6 .. where raid1 will be just for OS?
<axisys> ah.. :-)
<drab> if you split your os can only rtake 1 disk failure, after which it's out
<drab> if it's on on raid6 with a spare the whole thing can survive 3 disks
<axisys> right
<drab> which is a heck of a lot
<axisys> as for swap.. I see not to use SSD for swap.. and I see current system (retired onces the new one built) swappiness is 0
<axisys> but swap went up to about 2G in May when we had some network dependency broke. and restored since then.. but swap stayed at flat line 1.6G per our monitor
<drab> there's a ton of arguments on using no swap on the webs, that swap is bad, blah blah blah, and it's true that swap is the killer, but ime it's saner to make a small swap partition and monitor it, treating any sign of swappiness as something to fix, rather than to avoid swap altogether "because your app should never swap"
<axisys> so obviously swap not in use in normal situation.. so since SSD is a no no for swap.. may be use RAM for swap (tmpfs) ?
<axisys> I have 64G ram on new one.. and old one has 32G ram and 80% in use in avg per monitor
<drab> you could do that, even tho swap on ram is as much of a practical joke as it gets :P
<drab> I don't necesasrily see why swap is a no no for SSD, especially knowing that it almost never happens
<axisys> drab: right..
<drab> I'd rather "throw away" 2GB of SSD than 2GB of ram on a mem intensive workload
<axisys> I am not leaning to any direction.. discussing
<axisys> I just did a swapoff -a && swapon -a on the old system since I have 20G ram available..
<axisys> so I guess I can run that routinely
<axisys> yes it does check if enough mem available before running the off/on.. with a script
<axisys> .. if enough mem available to take over the used swap ..
<axisys> drab: so you are saying use tmpfs on ssd ?
<axisys> drab: just making sure I am following it correctly
<axisys> oh one more question.. should I still use LVM in this scenario?
 * axisys brb
 * axisys back
<axisys> do I still need lvm.. probably should ask in a different channel?
<drab> axisys: I dind't understand the swapon/off comment. I'd just setup a small (4GB tops) swap partition on the SSDs, I don't see a problem with it and it seems better than using RAM (on a mem heavy workload machine)
<drab> axisys: the main benefit of LVM is if you think you'll need to add/expand the storage
<drab> if you're already using all the bays and you're likely to not be wanting to readjust partitions, then no need
<drab> given that you want to use /var/ and /var/log, my guess would be you're better off to use it as things may change and you may need to reallocate space
<drab> I've personally been bitten by this allocation issue enough times that I don't do it anymore, it's just one big partition except for home fileservers where /homes are indeed separate with quotas
<drab> altho as I'm migrating everything to zfs that's also no longer something I have to worry about
#ubuntu-server 2017-06-18
<axisys> with zfs all bets are off.. I am from solaris and I loved zfs.. but I am not sure ubuntu will win the fight with oracle on zfs license.. so may be btrfs is a better route?
<axisys> lot of ubuntu server using zfs or rather btrfs?
<genii> openzfs is pretty mature
<axisys> genii: ah.. I forgot about that.. so people are using it?
<genii> Yes
<genii> ..more than btrfs, anyhow
<axisys> genii: which package offers openzfs ?
<genii> zfsutils
<axisys> I see it https://wiki.ubuntu.com/ZFS
<axisys> genii: thanks a lot
<genii> Glad to assist
<axisys> so I guess, if I use /home as a zfs partition then I cannot use quota per user
<drab> yeah when I said zfs I meant openzfs. ppl definitely use it, ZOL list is pretty active and community very competent afaics
<drab> I've been building new infra nodes with it for 6 months now and converting more stuff to it
<drab> so far I've very happy with what I've seen and snapshotting/send/receive has made a whole lot of things easier
<axisys> drab: so user quota will not work same way as ext4 unless I create one zfs partition per user
<drab> plus I use a lot of lxd and zfs is the default backend since it's, like genii said, actually more mature than btrfs at this point
<axisys> also /boot partition will still have to be ext* .. unless boot works to with zfs like solaris does?
<drab> axisys: I don't know how ti works on solaris, but on linux datasets aren't really partitions even tho they kinda look like it
<drab> but they are completely flexible, kinda like the lvm/vg stuff, but much much easier
<drab> axisys: boot can work, but that's where I haven't pushed the issue yet
<axisys> drab: right .. datasets.. it has been 5_ yrs since I played with it in solaris.. we mostly linux shop now
<drab> I use a small raid1 for that or a sataDOM
<axisys> drab: I wont use sataDOM, I like disk hot swaps .. in anycase.. so a raid1 and then rest 10 disks as single disk lun and then create zpools ?
<axisys> raid1 will be used for ext2 for /boot
<drab> fair enough, we don't have large budgets and the bays are too precious for us
<drab> that's what I do, yeah, minus the lun thing if you mean using the onboard raid
<drab> generally the recommendation is to not mix hw raid with zfs
<axisys> drab: yes single disk raid0 logical units
<axisys> drab: but then I have to bypass raid .. hmm
<drab> up to you, everything I read when I picked it up 6 months ago said to avoid hw raid and just do passthrough
<drab> if you google this stuff out you'll see most folks flash their raid controller in IT mode/passthrough
<axisys> ofcourse I wont have to worry taking the server down to replace raid controller battery :-)
<drab> fwiw root on zfs is possible and there's tutorials about it and "it works"
<drab> it just didn't seem stable enough to me when I looked at it
<drab> too much thinkering for a server
<drab> tinkering*
<axisys> I won't do it now 1000s of users rely on this server :-)
<drab> :)
<axisys> drab: how about user quota ?
<axisys> drab: short from dataset per user :-)
<drab> that's how I do it, create a /homes DS, then one DS per user, works very well for me, but I'm not doing 1000s of users, maybe at that scale something works differently
<drab> still, on paper that's the design I've seen implemented and it makes sense to me, it's a single instance command including quota setting if you use properties and inheritance
<axisys> drab: yes I am familiar with zfs.. built solaris containers with zpool and all other magics.. but just out of practice, so need a refresher..
<axisys> they call it zones / containers depending on the context.. :-)
<drab> cool, never used solaris
<drab> gtg, ttyl, best of luck with setting the new box up
<axisys> drab: thanks for your help!
<lordievader> Good morning
<IShavedForThis_> whats the best program for automatic plex renaming for ubuntu server?
<tomreyn> IShavedForThis_: what is "plex renaming"?
<hehehe> hi
<hehehe> http://readcomicbooksonline.net/
<hehehe> who here used scaleway bare metal servers?
<hehehe> any good?
<hehehe> https://www.scaleway.com/baremetal-cloud-servers/
<hehehe> haha
<hehehe> The C1 server has a 4-cores ARMv7 CPU with 2GB of RAM and a 1 Gbit/s network card.
<hehehe> :D
<hehehe> All of these servers are designed for the cloud and for horizontal scaling.
<hehehe> ...
<hehehe> so nice
<hehehe> also
<hehehe> how to prevent admin from planting logical bomb etc?
<hehehe> I think all commands should be sent in text file reviewed by admin 2
<hehehe> I wonder if verelox girl chats here
<hehehe> why did u deleted all customers data ? :D
#ubuntu-server 2018-06-11
<Mava> hey guys, help me to understand: one of my friends told me that he was running some experiments on a one server containing 256 CPU cores. Is he lying to me or can it be "relatively" easily achieved ?
<nicolas17> Mava: for *only* $13.34 per hour you can use an AWS server with 128 cores and 2TB of RAM
<Mava> nicolas17: is the processing then spanned somehow over several hardwares ?
<Mava> on the other hand you might have quad socket with xeon platinum 8180 (56 threads): that means 224 threads in a single server
<nicolas17> apparently that particular AWS server uses multi-socket Xeon E7-8880 v3 (Haswell)
<Mava> thats an old server
<Mava> or a cpu
<nicolas17> and obviously it's NUMA
<Mava> must be
<cpaelzer_> good morning
<lordievader> Good morning
<coreycb> jamespage: do you have any opinions on keeping/dropping uwsgi support for openstack merges?
<coreycb> jamespage: for example, sahara-api uses uwsgi for py3. seems we might want to drop it and get apache2/eventlet working.
<jamespage> coreycb: just switch it over to mod-wsgi - if we place all of the binaries in python in python{3}-<module> then if someone wants to use uwsgi they can do so without packaging bits
<jamespage> i.e. apt install python3-sahara + uwsgi
<jamespage> avoiding any mod-wsgi stuff we default to for more automated installs via pkging
<coreycb> jamespage: ok, similar to what we have for gnocchi then
<coreycb> jamespage: i debated moving libapache2-mod-wsgi-(py3) to python(3)-<module> but decided not to. suppose i could be convinced otherwise though for ease of switch to py3.
<blackflow> but it's not a python module. maybe tehre should be some consistency in what is python3-*, as in actual python modules  (those you can 'import').
<coreycb> blackflow: yes, seems that should be the case. for openstack it just might be simpler for users to have a consistent way to move to python 3, where all you'd have to do is install the python3-<module> across all projects, rather than having to know to install libapache2-mod-wsgi-py3 or perhaps other deps. (where python3-<module> and libapache2-mod-wsgi-py3 are alternative dependencies)
<blackflow> yea but mod-wsgi is an apache module not a python module, that's my point.
<coreycb> blackflow: agreed
<coreycb> blackflow: thanks for the input
<blackflow> yw
<jamespage> coreycb: I think we need to not have that dependency
<jamespage> python*-<component> will work with either
<jamespage> so our '<component>-api' package can be opinionated and install python3-sahara + libmod-wsgi-py3
<jamespage> leaving others to use uwsgi + python3-sahara if they want without pulling in apache
<jamespage> but I think you got to that point anyway!
<coreycb> jamespage: ok right, that's where i am now. so sahara-api depends on libapache2-mod-wsgi-py | libapache2-mod-wsgi-py3. but installing the sahara-api is optional if someone wants to use uwsgi.
<coreycb> and sahara-api depends on python-sahara | python3-sahara
<coreycb> jamespage: thanks for the input
<jamespage> coreycb: I think the quicker we can get through the 'alternatives' stage the better - we can have an opinionated default of py3 + mod-wsgi - but if someone wants to use py2 + mod-wsgi or py2/3 + uwsgi that's also doable, but not via dependencies - i.e. explicit install of components
<coreycb> jamespage: true but if we don't have a simple py2 api path then we're going to get a lot of bugs incoming like the gnocchi one. it's not that much work to have libapache2-mod-wsgi-py | libapache2-mod-wsgi-py3.
<jamespage> ok
<coreycb> jamespage: the apache config is the same. i think?
<jamespage> I think we reduce the risk of people getting things wrong with reference to alternative dependencies if we do one thing i.e. py3 + mod-wsgi
<jamespage> but I also appreciate that's not working everywhere yet
<jamespage> so hence 'quicker through the alternatives phase' rather than 'just don't do it'
<jamespage> if that makes sense
<coreycb> part of the problem is that upstream is not fully py3 supported
<coreycb> jamespage: ^  i'm picturing just dropping libapache2-mod-wsgi-py and python-<module> with a breaks/replaces on all projects at once when py3 is fully supported
<jrewing> Hi. are anyone good @ pxe servers? Ive followed thos manuals that I can find and I cant get it work.. so my question is, is there anyone here that can help me?
<rbasak> jrewing: please ask your question. People who can help usually don't volunteer themselves without knowing what the question is first.
<jrewing> rbasak: sorry.. I need help to install an PXE- server
<rbasak> jrewing: start by reading https://wiki.ubuntu.com/IRC/Guidelines and http://www.sabi.co.uk/Notes/linuxHelpAsk.html please - that'll help you ask the right questions here to get the most useful help.
<jrewing> rbasak: thanks, i did read some of it...i will  resend my question :)
<jrewing> Im trying to install an PXE server and I cant get it work... it wont start ftpboot. ive tryed to reinstall all as the manuals said byt i still get the same problem and i wonder if there is anyone here that can help med to install through some remoteprogram?
<SliderFish> Hi, I've got a question re .htaccess redirect problem I'm having, I thought someone here might be able to help maybe? I'm trying to redirect all files in directory from (domain.com/other)/transfer/ to (domain.com/other)/files/, but the rules that I'm entering redirect me to (domain.com)/var/www/html/other/files/. I haven't found anything useful after searching for a while so I thought I'd try here. Thanks!
<Aison> what could be wrong here?
<Aison> man: error while loading shared libraries: libmandb-2.8.3.so: cannot open shared object file: Permission denied
<Aison> I get this error whenever I try to read a manpage
<Aison> as root!
<sarnold> Aison: check your dmesg or audit logs, there's a possibility your apparmor profiles are too tight
<Aison> oh, strange: [  572.147660] audit: type=1400 audit(1528752452.004:86): apparmor="DENIED" operation="sendmsg" profile="/usr/bin/man" pid=2220 comm="man" laddr=10.0.0.14 lport=899 faddr=10.0.0.2 fport=2049 family="inet" sock_type="stream" protocol=6 requested_mask="send" denied_mask="send"
<sarnold> okay that's curious
<sarnold> why exactly is your man process using the network?
<sdeziel> NFS mounts maybe?
<Aison> yes, exactly, nfs mounts
<Aison> it used to work over an year now. strange things are happening now ;)
<sdeziel> Aison: man is apparently contained by apparmor now
<sdeziel> this is one of the annoying thing with Apparmor and NFS
<Aison> going to remove apparmor
<Aison> it is a complete closed box anyway
<sarnold> sdeziel: dude, nice crystal ball :)
<sarnold> sdeziel: I guess the 2049 should have said it all
<sdeziel> sarnold: TCP/2049 ;)
<sarnold> still :D
<jdstrand> Aison: you can update /etc/apparmor.d/local/usr.bin.man to have: 'network inet,' then do: 'sudo apparmor_parser -r /etc/apparmor.d/usr.bin.man' and it should start to work
<jdstrand> Aison: if you could file a bug at https://bugs.launchpad.net/ubuntu/+source/manpages/+filebug, then a dev can get it fixed for everyone
<sdeziel> jdstrand: if the NFS server is referenced by a DNS name, would it need <abstractions/nameservice>?
<jdstrand> sdeziel: yes, to get nsswitch.conf
<sdeziel> jdstrand: OK, thanks
<jdstrand> it may not need all of abstractions/nameservice. I've not tried it
#ubuntu-server 2018-06-12
<cpaelzer> good morning
<admcleod> i notice the installer doesnt prompt for tz/locale, what is the rationale here?
<admcleod> cpaelzer: hi! :)
<cpaelzer> admcleod: wihch installer
<cpaelzer> subiquity?
<lordievader> Good morning
<cpaelzer> hi lordievader
<cpaelzer> how are you today
<lordievader> Hey cpaelzer
<lordievader> Doing good here, how are you?
<cpaelzer> lordievader: fine as well
<cpaelzer> a bit rainy, but no floods here at least
<Assid> hi there
<Assid> so im considering a setup with a raid 1  using 1 samsung 850 pro and 1 wd green (mlc+tlc)
<Assid> i was just asking if theres an issue with using different drives  altogether
<Assid> hello?
<lotuspsychje> !patience | Assid
<ubottu> Assid: Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or https://ubuntuforums.org or https://askubuntu.com/
<lotuspsychje> Assid: the ubuntu channels run worldwide on timezones, not everyone is awake at same time
<Assid> yeah im aware mate..
<Assid> lotuspsychje: any idea if this looks like a drive thats failing? https://pastebin.com/CDL05Ark
<cpaelzer> Assid: yep raw-read and seek should usually not fail non-rarely
<lotuspsychje> Assid: smart test passed, perhaps also take a look in your syslog for IO issues
<cpaelzer> unless you had some crazy special test load (unlikely)
<Assid> cpaelzer: thats what i was thinking.. it shouldnt be that much.. but the other values dont look like it..
<Assid> and the smart tests pass fine
<Assid> i need to do a long test perhaps tonight after work..
<cpaelzer> OTOH
<cpaelzer> it seems that seagate encodes values more special than the tool might know
<cpaelzer> http://www.users.on.net/~fzabkar/HDD/Seagate_SER_RRER_HEC.html
<cpaelzer> so take it with a grain of salt
<cpaelzer> and maybe take a calculus to check the values :-)
<Assid> uhh.. crazy idiots..
<Assid> if thewy wanna do that.. why not provide a patch to smartmontools to be able to READ it back to a standardised format
<cpaelzer> https://lime-technology.com/forums/topic/31038-solved-seagate-with-huge-seek-error-rate-rma/
<cpaelzer> similar discussion
<cpaelzer> Assid: I assume there is a list of per device quirks already
<cpaelzer> just nobody yet cared to create one for this device
<cpaelzer> unfortunately manufacturers still love to hold back specs sometmies
<Assid> so this device somehow lags slightly everytime i run a command..  while i get its a 4th gen i5, it really shouldnt behave the way it is
<cpaelzer> ltrace -S and perf are your friends
<cpaelzer> this could be so many sources
<Assid> yeah i;ll check that
<Assid> so what about the raid 1 situation ..  using 1 samsung 850 pro and 1 wd green (mlc+tlc)  ; would there be an issue with using different drives  altogether
<Assid> man.. im worse than a person with ADD..
<cpaelzer> honestly that is a LMGTFY question
<cpaelzer> TL;DR not recommended but working, has special implications you usually do not want
<Assid> while most guides say you should use similar drives or similar spec drives.; i can understand the performance of the slower  drive would be the final performance of the system
<lotuspsychje> Assid: see also the ##hardware channel for hardware questions, like combining ssd's in raid
<lordievader> Assid: Depends a little bit on how it is implemented, but if the write wait until everything is stored on both drives the benefit of an ssd will dissapear.
<Assid> yes but it will be as quick as the slowest drive in the array.. which would still be fine; since thats an SSD
<lordievader> Err, the WD green you mention is a regular hard drive right? Or am I misunderstanding the setup you have in mind?
<lordievader> But yes, it will be as quick as the slowest dive in the array.
<cpaelzer> lordievader: Assid: I think writes will be as slow as the slowest
<cpaelzer> reads will be more interesting
<cpaelzer> as they might end up being served round robin
<cpaelzer> being slow and fast one (or whatever i t switches) at a time
<Assid> WD Green SSD ..
<cpaelzer> Oh there is a green ssd now
<Assid> i wouldnt put an SSD with an HDD
<cpaelzer> well then it is probably ok
<cpaelzer> if characteristics don't differ too much
<Assid> yes thats  why i mentioned MLC+TLC
<Assid> i want the benefits of RAID without needing to spend too much on MLC drives
<cpaelzer> in general it is prefered to use different drives anyway, to lower the chance of breaking at the same time
<cpaelzer> at least not from same production batch
<Assid> the TLC just helps incase of hw failure on the drive controller of the samsung..
<Assid> i also have a VM which has the snapshot of the database every 15 minutes.. incase of total hw failure
<Assid> once i learn how to use pg  replication , i'd probably use that instead of snapshots
<jamespage> coreycb: I'm going to start a run of dep refereshes for b2
<jamespage> coreycb: merging with debian as I go
<jamespage> coreycb: oslo.config to start with
<jamespage> coreycb: ok config, utils, log, i18n and oslotest done and uploaded to cosmic
<jamespage> doing context now
<rawi> Hello folks. Xenial Server with encrypted root partition. After the kernel update to 4.4.0-128 the server goes into endless boot loop. Booting the old 4.4.0-127 is OK. Somebody here, who experienced it to?
<jamespage> context done moving to cache
<coreycb> jamespage: cool, i'm starting on clients now
<coreycb> jamespage: working on glanceclient and heatclient
<ahasenack> hi, does anobody know if inotify can catch changes to a symlink's target?
<ahasenack> like I watch resolv (which is a symlink pointing at resolv1)
<ahasenack> then ln -sf resolv2 resolv (have resolv -> resolv2)
<ahasenack> but inotifywait didn't catch that
<ahasenack> https://pastebin.ubuntu.com/p/TSHx3pR8pW/
<ahasenack> hm, there are more operations happening there: https://pastebin.ubuntu.com/p/wKpMVY4dVz/
<coreycb> jamespage: looks like glanceclient needs a new keystoneauth so going to do that
<coreycb> jamespage: keystoneauth and heatclient are done
<coreycb> jamespage: working on keystoneclient and keystonemiddleware
<jamespage> coreycb: .cache done moving on
<coreycb> jamespage: ok. glanceclient is done.
<jamespage> coreycb: oh I see you already did .concurrency - lemme check for a rev
<jamespage> gbp:info: package is up to date, nothing to do.
<jamespage> nice
<coreycb> jamespage: ok that was probably during b1. keystonemiddleware is done.
<coreycb> jamespage: keystoneclient is done. moving on to python-neutronclient and python-neutron-lib.
<jamespage> coreycb: ack
<jamespage> coreycb: oslo.db underway
<jamespage> coreycb: ovsdbapp needed an update btw
<coreycb> jamespage: ack. neutronclient and neutron-lib are done. moving on to novaclient and openstackclient.
 * lopta downloads Ubuntu Server 16.04.4 for i386
 * compdoc passes the hat for donations so lopta can buy a real computer
<lopta> compuguy: This is a test rig that I use for things and stuff.  I have another test rig for amd64.
<coreycb> jamespage: novaclient and openstackclient are done.  working on os-brick and os-vif.
<jamespage> coreycb: ok I've got this far - https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3285/+packages
<jamespage> coreycb: will pickup again tomorrow as have a few calls todo before I EOD
<coreycb> jamespage: great and thanks!
<jamespage> coreycb: those are all merge/update for rocky
<jamespage> coreycb: I took the re-align with Debian where possible decicion paths
<jamespage> but kept to the upstream release tarball for sources
<coreycb> jamespage: yep makes sense
<powersj> nacc: rbasak: added pulling the built snap as an artifact for the nightly and ci jobs example: https://jenkins.ubuntu.com/server/job/git-ubuntu-ci-nightly/28/
<l4m8d4> Hello there, I am trying to set up a server in the following way: There are 2 system disks, on each disk should reside a big LUKS container, which contains one mirror of a btrfs RAID11 configuration. Now, I used to install on BIOS systems in the past, where I would then install grub to the beginning of both disks, which worked fine. Now with the new EFI system I have here, grub has to reside in the EFI
<l4m8d4> partition right? So how do I set up an ESP on both drives so they are both bootable in case of a hardware failure?
<l4m8d4> The server installer only lets me select one boot disk, where it creates the ESP
<rbasak> powersj: thanks!
<nacc> powersj: excellent, tyvm
<nacc> powersj: will that lead to eventual space issues/how will it be pruned?
<powersj> it should (heh) be fine as the jenkins runs are limited to last 25 runs
<powersj> that is an extra 5Gb of space and I'm ok with that
<powersj> 2 jobs * 100mb snap * 25 runs
<powersj> if it gets bad I can lower the number
<nacc> powersj: ack, thanks for thinking about it :)
<l4m8d4> So, nobody here has a clue regarding multiple ESP?
<rbasak> nacc: so my plan for now is to upload to edge manually using the artifact after checking the hash built matches origin/master. Sound OK?
<rbasak> (as a process, every time)
<rbasak> Though I noticed that particular build failed CI due to the bug we haven't been able to reproduce previously
<rbasak> If that keeps happening, I could try the edge snapcraft snap instead, which would mean adjusting the CI a little.
<nacc> rbasak: yeah i think that's reasonable
<nacc> rbasak: i mean the goal is to fix this bug, right? :)
<rbasak> Yeah but it's blocked on snapcraft being deterministic and then us being able to give Kyle a reproducer.
<nacc> right
<nacc> so for now, edge will just be manually updated by you as we land things in master?
<nacc> and we'll be leaving beta/stable alone until the bug is fixed?
<rbasak> I thought I could promote the edge snap directly to beta/stable in the store.
<rbasak> When it's known good. Rather than using the git branches.
<nacc> rbasak: ah then yeah you can do that
<nacc> rbasak: are you going to delete the git branch then?
<nacc> or would we eventually move back to that?
<runelind_q> I'm trying to set static DNS servers (ipv6) in an ubuntu1804 container.  It seems like changes in 50-cloud-init.yaml don't persist, should I create a new file with just the DNS servers?
<runelind_q> or what's the best way to go about it?
<nacc> "Changes to it will not persist across an instance."
<nacc> runelind_q: that's for getting networking info from the data source
<nacc> runelind_q: you might want #cloud-init as well
<nacc> or #netplan
#ubuntu-server 2018-06-13
<hashwagon> Anyone know why in the world I can't ssh to an Ubuntu 16.04 server from my Ubuntu 18.04 desktop? Get this, if I ssh into this CentOS server, I can ssh to the Ubuntu 16.04 server. All on the same network. From the 16.04 server I can ssh to my desktop. WTF is happening haha...
<sarnold> check your RSA key sizes? https://wiki.ubuntu.com/BionicBeaver/ReleaseNotes#Other_base_system_changes_since_16.04_LTS
<ChmEarl> hashwagon, on 16.04 you have a stale key in .ssh/known_hosts... open it and remove the key for the CentOS
<nacc> ssh -vvv is your friend for debugging, as well
<hashwagon> I did with no luck :( I was able to SSH to it successfully once after the install. It seems like SSH works bi-directionally between it and every box on my network, besides my 18.04 destop to the 16.04 machine.
<hashwagon> It seems like it may be an issue on the 16.04 server. On my desktop I ran 'sudo -i' and couldn't ssh from the root user either. No prompts for key recognition or anything.
<hashwagon> ssh -vvv doesn't seem to have much stick out: [line 5] debug2: ssh_connect_direct: needpriv 0 [line 6] debug1: Connecting to 1.1.1.1 [1.1.1.1] port 22.
<hashwagon> So attempt the ssh connection - nothing - wait 60 seconds - Connection timed out. I can ping it.
<ChmEarl> hashwagon, while in 18.04, can you ping hostname? if not, alias hostname in /etc/hosts to 127.0.0.2
<hashwagon> ChmEarl, when I ping $HOSTNAME it responds
<hashwagon> responds as 127.0.1.1
<ChmEarl> hashwagon, good enough, don't change it
<hashwagon> good suggestion though I wouldn't have thought of that
<cpaelzer> moin
<lordievader> Good morning
<rbasak> nacc: can do (delete those git branches). For now the snap jobs are disabled from automatically uploading to the store.
<rbasak> Longer term, I don't know.
<jamespage> coreycb: ok I think I have all of the oslo.*'s done
<jamespage> coreycb: I did the 3parclient rename as well - pending AA review - I'll see if I can get that into Debian as well
<coreycb> jamespage: great, thanks. is that still under the python-hp3parclient source package?
<coreycb> jamespage: i think most of the clients are done but will take a scan now to make sure. i have openstacksdk in the works but having trouble with a hanging test atm.
<coreycb> jamespage: these are below upper-constraints but only openstacksdk and osc-lib are below lower-constraints so just going to focus on them for b2: https://paste.ubuntu.com/p/XQ6MqxbNgf/
<jamespage> coreycb: ok do you want me todo some?
<coreycb> jamespage: i think we're good for b2. actually i think a few of those were bumped just since yesterday.
<coreycb> jamespage: thanks for the help :) I can probably focus on the core packages now.
<jamespage> coreycb: awesome
<jamespage> coreycb: sqlalchemy popped up in my merge list - seems like one to get done IMHO
<coreycb> jamespage: ok i can add it to my list if you want
<jamespage> coreycb: no I've got it in flight
<ahasenack> does something need to happen with this ticket now for the dep8 tests to run? https://bileto.ubuntu.com/#/ticket/3293
<ahasenack> or will that happen eventually, it's just in a queue somewhere?
<jamespage> ahasenack: no you need a lander signoff from someone with the right perms
<ahasenack> ok, not me then
<jamespage> no prob needs to be a core-dev or suchlike
<ahasenack> is it tied to upload perms?
<jamespage> yah
<jamespage> ish
<jamespage> I think
<ahasenack> I can't create new tickets, and that's even before I tell it what package I want the ticket for, so I think it's a blanket core-dev permission
<jamespage> coreycb: do you want me todo the neutron-*/networking-* set? happy to help push this one out of the door
<coreycb> jamespage: sure!
<jamespage> coreycb: ok on it
<coreycb> jamespage: thanks
<jamespage> coreycb: get b2 in and then workon the switched to py3 right?
<jamespage> i.e. move forwards where possible, incremental changes
<coreycb> jamespage: sorry, sure that's fine
<lopta> Ah crap.  I don't think Ubuntu Server (or perhaps just the Linux kernel) will run on my 32-bit test rig.
<rbasak> Ubuntu dropped support for non-PAE i386 a while ago. I think it was Precise or pre-Precise. Could that be it?
<rbasak> Apart from that I think it should still work on i386 at the moment.
<lopta> I'm probably non-PAE.  Time to recycle this test rig, I think.
<lopta> I /could/ put a 64-bit board in it.
<lopta> Not sure I can justify the expense though.
<l4m8d4> Hello there, I am facing a problem when I try to configure an ubuntu 18.04 server. First I do a normal install with the new installer to a single drive with a big btrfs single partition and an ESP before that. This works. I got a second drive though, which I want to add in to the system. I want there to be 2 LUKS containers, one on each drive, containing a btrfs raid1 mirror each. After I configure all
<l4m8d4> that, creating the partitions and LUKS volumes and migrating the filesystems around, adding in fstab entries, adding in the necessary crypttab entries, adding "GRUB_ENABLE_CRYPTODISK=y", updating the initramfs and update-grub, and reinstalling grub into the ESP, the system will not boot anymore. I just land in the grub shell. cryptomount commands are unavailable though, so I can't mount the luks
<l4m8d4> volumes.
<l4m8d4> I can't figure out why it fails, because grub doesn't give me errors, it just goes to the terminal...
<l4m8d4> Also, it's not the first time I've done this on ubuntu, so I know it is possible in principle. Only difference is now it is ubuntu 18.04 and also this time the system was installed in EFI mode
<l4m8d4> First thing that's strange is that luks module
<l4m8d4> is not found
<compdoc> last time I tried drive encryption, it would not boot unless you entered the password each time. something I couldnt have on a server
<l4m8d4> Entering the password on a reboot is not a problem for me. But unfortunately, grub doesn't ask for a password, it just drops me into a shell without the possibility to decrypt the luks containers...
<l4m8d4> both "btrfs" and "crypto" module seem to be present (listed when using "lsmod") but that alone isn't enough to give me cryptomount
<nacc> rbasak: ack re: branches/snap
<jamespage> coreycb: ok neutron*/networking-* and ovsdbapp done
<jamespage> I suspect they will wedge in -proposed but I can deal with that tomorrow
<coreycb> jamespage: great, thanks
<jamespage> coreycb: np
<jamespage> coreycb: I really need to loop back to ceph mimic now
<jamespage> 32 bit was not happy
<coreycb> jamespage: ack
<l4m8d4> It seems that after setting up full disk encryption with a LUKS partition and an ESP, there are some modules missing, which makes the cryptomounts fail. Is there anything known about issues like that on 18.04?
<l4m8d4> I think I did everything correctly, modifying fstab, crypttab and /etc/default/grub accordingly, and the config files in /boot/efi/... and /boot/grub... look good as far as I can see. It drops me right into a shell on reboot, and for example the module cryptodisk is unavailable, making it impossible to unlock the volumes from the grub shell.
<l4m8d4> Also, I reinstalled grub-efi-amd64, which caused changes in /boot/efi/... to accomodate the configuration, so I was confident at first that it would work
<ahasenack> do we have a standard way to tell grub to reboot into a specific kernel that was just installed?
<ahasenack> I've seen grub-reboot, and grub-set-default, but I was wondering if there was some debian or ubuntu wrapper
<nacc> ahasenack: not that i know of
<genii> Doesn't it just normally boot to the highest numbered one?
<ahasenack> apparently not
<ahasenack> for example, I'm in an aws instance
<ahasenack> where it's running some -aws kernel
<ahasenack> $ uname -r
<ahasenack> 4.4.0-1061-aws
<ahasenack> I installed linux-image-generic
<ahasenack> and rebooted, just like that
<ahasenack> it's still the aws kernel that it booted into
<ahasenack> so it's a case of switching flavors, actually
<sdeziel> ahasenack: the grub menu items are ordered by numeral order
<sdeziel> and -generic uses -128
<ahasenack> where do you see that?
<sdeziel> cat /boot/grub/grub.cfg?
<ahasenack> that is not a trivial file to parse :)
<sdeziel> ahasenack: at least that's the conclusion I reached when installing some such kernels, maybe not your exact issue
<sdeziel> please paste it :)
<ahasenack> menuentry 'Ubuntu' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-84ce5b56-30b1-4479-a864-7296bb549cec' {
<ahasenack> for example
<ahasenack> that's the first "menuentry" I see in that file
<ahasenack> what id is that?
<ahasenack> don't tell me 0 :)
<sdeziel> I usually look at the bottom and work my way up
<ahasenack> the second entry is a submenu
<sdeziel> then I look at the first item's vmlinuz name
<ahasenack> so if I wanted to boot into something from that, the syntax, from what I have read, would be like "1>n", where "n" is the index of the submenu
<sdeziel> ahasenack: I don't want to induce you in error so I'd like to look at the actual grub.cfg file please
<ahasenack> -128 is just the kernel rev, it's not related to grub
<ahasenack> just happens to be the current linux-image-generic kernel. It was 127 some days ago, etc
<sdeziel> the -127/128 is involved in the grub menu ordering is what I'm saying
<powersj> nacc: does git-ubuntu use serverstack?
<nacc> powersj: yes
<powersj> thx
<nacc> powersj: the bastion is running there, which is then used to spin up the vm the instance that is actually running the importer
<powersj> nacc: any data on there?
<nacc> powersj: minimal, just the state of the importer (as in where it got to last). No effect if we hve to pick it back up from a fresh VM
<nacc> powersj: are they doing some maint?
<powersj> yeah was asked to blow away and recreate our instances
<nacc> ok, that'll be for rbasak to do then
<nacc> or is it running under the team now, i can't recall
<powersj> I'll confirm with rbasak, thanks!
#ubuntu-server 2018-06-14
<lordievader> Good morning
<sveinse> Will 18.04 server by default reboot on automated updates?
<sveinse> I had a reboot on server yesterday, and I'd like to know if it was intentional/software triggered or if it was something unexpected
<jamespage> coreycb: working on ceph mimic and py3 transitions for neutron/networking pkgs hope that's ok
<coreycb> jamespage: sounds good, thanks
<ahasenack> good morning
<a_ok> How can I install a package as a dependency?
<a_ok> If anyone here is familiar with Arch I want to do: pacman -S --asdeps package
<jamespage> coreycb: how are you assessing py3 readiness for projects?
<coreycb> jamespage: well, i'm not really. there is the upstream wiki doc that has status. for now i'm adding dep8 tests to ensure daemons start and py2/py3 usr/bin shebangs are correct.
<coreycb> jamespage: and installing py2 by default with py3 as an alternative for now
<coreycb> jamespage: i think we need to do this until all upstream projects are +1 saying they support py3 and then we can drop all the py2 support
<jamespage> coreycb: ok
<nacc> rbasak: fyi, my changes to the importer loop now pass self-test (i used the edge snapcraft build) and integration test. Working on cleaning them up, I still haven't got to the point where I've written the tests for the branch moves, but I might put up an MP just so you can see what I mean.
<rbasak> OK
<rbasak> I'm half way through preparing a PR to switch our CI to use the edge snap
<nacc> cool, it does seem better there in my testing so far
<jaydemir> I want to build a basic file server for my office to reduce the dependency on google drive. I have a few machines at my disposal, but DDR3 ram is scarce and I'm practically swimming in DDR2. Is it a significant difference what I use?
<oerheks> a duak core machine with gigabit and 4 gb memory, perfect for an owncloud server
<oerheks> you could serve 100 clients with that, i guess
<RoyK> oerheks: or nextcloud, perhaps? ;)
<oerheks> sure, own/next/.. openstack :-P
<sruli> i have a few 16.04 headless servers, donât really need to login more than 2-3 times a year, each time i have a full boot drive (never reboot so its full of kernels the oldest one is in use) cant install anything, removing the kernels manually is a taks and a half, and still as there are still more newer kernels downloaded and not installed as soon as i remove a few and run "install -f" boot gets full again and i have to remove again and again, how do o
<sarnold> sruli: irc has line length limits, looks like you were cut off at 'how do o'
<sruli> sarnold: thanks... "how do others get by this issue? and is there at least a script to hook onto update to check if there is a new kernel and i'll manually login and reboot each time"
<ahasenack> sruli: I run "apt autoremove" every now and then, that takes care of it. I don't have it automated, though
<ahasenack> it knows which old kernels to remove, and leaves two behind, plus the one you are currently booted into, iirc
<sruli> ahasenack: problem is i only login 2-3 times a year by the time i login its too late for auto remove
<ahasenack> sruli: what handles the updates? unattended-upgrades?
<sruli> yes unattended-upgrades
<sruli> i dont mind logging in when a new kernel is installed but i need some script to check that and i'll add it to my email script
<sarnold> what's *really* annoying is that the automated update things supposed to handle this transparently
<ahasenack> sruli: check /etc/apt/apt.conf.d/50unattended-upgrades
<ahasenack> / Do automatic removal of new unused dependencies after the upgrade
<ahasenack> / (equivalent to apt-get autoremove)
<ahasenack> Unattended-Upgrade::Remove-Unused-Dependencies "true";
<ahasenack> that's what I have in my little remote server
<ahasenack> it can also automatically reboot if you are so inclined, there is an option for that
<sarnold> apt.conf.d/01autoremove-kernels
<sarnold> // DO NOT EDIT! File autogenerated by /etc/kernel/postinst.d/apt-auto-removal
<ahasenack> that configures which kernels to remove, right
<ahasenack> the one I linked to is about unattended upgrades only, and not specific to kernels, but it has that "apt autoremove" bit
<ahasenack> so it covers removing old kernels
<sruli> the problem is not that it doesnt remove old kernels, it cant remove it as usually the oldest one is the one in use, the problem is it keeps on installing new ones with the oldest in use until it gets full than the download dir has a belly full of even newer kernels that it cant install
<ahasenack> sruli: it won't get full
<ahasenack> sruli: as new kernels come in, it removes installed ones that are not in use
<sruli> i need some script which checks if a newer kernel is install, i cannot have it reboot automatically at a random time
<ahasenack> so you always have 3 installed, of which one is in use
<sruli> ahasenack: it will remove newer ones than the one installed?
<ahasenack> sruli: that config file I showed also has a config option to reboot at a specified time if needed
<ahasenack> sruli: yes
<ahasenack> Unattended-Upgrade::Automatic-Reboot "true";
<ahasenack> Unattended-Upgrade::Automatic-Reboot-Time "02:00";
<sarnold> sruli: just how small is your boot partition anyway?
<sruli> i changed "Unattended-Upgrade::Remove-Unused-Dependencies" to "true" thats it?
<sarnold> sruli: it might be too small to handle the number of packages ..
<sruli> sarnold: the default installer size 256MB, which in my opinion is way to small for ubuntu boot
<ahasenack> true, you need to be able to hold at least 3, possibly more to cope with temporary files during initrd generation perhaps
<sarnold> yikes
<ahasenack> 256mb? wow
<ahasenack> that won't work
<ahasenack> well
<ahasenack> that machine I'm using as an example
<sruli> 256mb is the default installer size if you choose guided partitioning, i stopped using guided for that reason some time ago
<ahasenack> $ sudo du -hs /boot
<ahasenack> 137M	/boot
<ahasenack> with 3 kernels
<ahasenack> my that /boot is not on its own partition :)
<sarnold> neither of my machines has a separate /boot, I guess I got sick of dealing with those
<sarnold> and now that I'm not using lilo any more ..
<ahasenack> it's a tight fit, but using that autoremove option might be what you can do now
<sruli> what i did now was add a virtual drive 1GB (its vm) dismounted boot mounted this as boot copied all files over, updated fstab, will now "grub-install /dev/new1" and hope that it will work fine
<ahasenack> also have it email you
<sruli> have it email what?
<ahasenack> whenever it upgrades or autoremoves packages
<ahasenack> there is a config setting in that file
<sruli> i will try to find it.. i'd rather have it email me when a new kernel is installed as it would be ideal to run on latest kernel anyway
<sruli> i can simply make a script to check if /var/run/reboot-required exists, is this file only created after new kernel install?
<ahasenack> sruli: other packages can touch that file as well, like openssl
<ahasenack> any package that decides that a reboot is required for a particular update will touch that package, not just the kernel
<sruli> what command would i use to check if there is a newer kernel installed than the one in use?
<sarnold> sruli: afaik no such command exists ready-made for that task..
<sarnold> sruli: you could probably drop a script in /etc/kernel/postinst.d/ that could alert you in some fashion
<sruli> i will need for the script to check if its a kernel that's been updated
<sarnold> considering that we publish new kernels every three weeks or so and you downgrad ekernels .. once a year? once per install? :) .. it might be fine to fudge it and just alert on every new kernel package install
<sdeziel> sruli: you can do this:grep ^linux-image- /var/run/reboot-required.pkgs
<sruli> i dont mind rebooting once a month.. what would i put in the script to alert me that a kernel package has been installed?
<sdeziel> reboot-required.pkgs contains a list of packages that wanted you to reboot
<sdeziel> grep -q ^linux-image- /var/run/reboot-required.pkgs && reboot
<sruli> sdeziel: thanks, that will do, if true will email me, great
<sruli> sdeziel: cant reboot randomly, have to make sure no users are connected...
<sarnold> sruli: something like echo new kernel | mail -s "new kernel" sruli@sruli.example.com   might do the trick
<sarnold> assuming mail works, anyway
<sruli> sarnold: i use python to email me on different vents, will add a crontab to check this
<sdeziel> sruli: you can check for connected users with "w -h | wc -l"
<sruli> sdeziel: users dont connect directly, its a local web-server
<Ussat> Is july still the target for upgrades from 16.04LTS --> 18.04LTS ?
<sdeziel> sruli: then "netstat -puant | grep ESTABLISHED" or something with ss instead
<sruli> sdeziel: it will never reboot, lol, if there are < 10 users i send a quick email that service will be down for few minutes
<sruli> if there are > 10 i wait, i useually get up in the early hours of the morning to do my reboots
<sruli> sdeziel: thanks for "grep -q ^linux-image- /var/run/reboot-required.pkgs" great help
<sdeziel> np
<compdoc> is there a webpage that mentions which large corps or businesses that use ubuntu?
<DirtyCajun> #AllTheOnesThatDontHaveTheirOwnOSorAre100YearsOldLikeIBM
<nacc> define "use ubuntu'
<nacc> IBM actively contributes to Ubuntu
<DirtyCajun> contributes yes but more of their evironment is on CentOS/RedHat as of the last polling
#ubuntu-server 2018-06-15
<lordievader> Good morning
<cpaelzer> hi lordievader
<lordievader> Hey cpaelzer , how are you doing?
<cpaelzer> Friday'ish :-)
<V7> Hey all
<V7> Could anyone help with one situation
<hateball> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<V7> So, a probem:
<V7> When trying to boot an installer from a CD on old machine it gives: "Loading bootlogo...; graphics initialization failed; Error setting up gfxboot; boot:;
<V7> When typing "help" in "boot:" prompt it gives the same
<V7> Screen: https://i.imgur.com/tQhsnzL.jpg
<V7> This is Ubuntu Server 16.04.4 i386
<V7> Checksums the same
<V7> So any command I'm trying to run it tells the same as you can see on screen.
<V7> So, screen: https://i.imgur.com/LUBCmrT.jpg
<V7> Anyone ?
<ikonia> V7: it can't load the splash so is failing
<ikonia> V7: most likley your video card won't support the framebuffer
<ikonia> something like that
<olivierbourdon38> Hello everyone. Anybody having experience / has solved issues generating a working initramdisk using initramfs (as opposed to dracut which works) when disk is GPT table and LVM used for all partitions ? the boot process fails as it does not find the root partition. grub.cfg seems perfectly similar (only UUIDs have changed) so must be something missing in the ramdisk content
<olivierbourdon38> ubuntu xenial
<olivierbourdon38> very minimal set of packages (270 in all)  https://gist.github.com/obourdon/0647f84321aac7cbe8db6a65cf78e100
<tomreyn> olivierbourdon38: i think update-initramfs is the default, isnt it? i've got a xenail system which uses it and boots off a GPT disk. there's a mirror RAID, dmcrypt-LUKS, LVM on top, and no manual customizations to how the intramfs is compiled were needed.
<tomreyn> /etc/kernel-img.conf has (the default of) do_initrd=yes
<olivierbourdon38> tomreyn yes, indeed but I could never had it working as I am using DIB (https://github.com/openstack/diskimage-builder) to build the images. Only dracut seems to do the job for proper LVM booting so I am trying to figure out what to change in DIB to make it work
<tomreyn> well you havbe a working (supposedly all needed modules contained), and a non working (supposedly missing modules) initramfs there. just compare what's in there and see what's missing in the initramfs one?
<tomreyn> you usually want "MODULES=most" in /etc/initramfs-tools/initramfs.conf unless you have special needs.
<tomreyn> (this is also the default)
<tomreyn> olivierbourdon38: ^
<olivierbourdon38> yes I did try to compare those and running update-initramfs -u -v shows that lvm plugin is called and embbed everything necessary in ramdisk but still no luck when booting
<olivierbourdon38> I also changed the underlying volumes FS type from xfs to more "standard" ext4 3 and 2 without more success, LVM and labels seems to be the issue
<tomreyn> based on what?
<tomreyn> you could also just try to enter commands manually on grub console and thus see what seems to be wrong / missing
<olivierbourdon38> based on the fact that rootfs can not be found whereas the same mechanism without LVM works perfectly
<tomreyn> !who Â» olivierbourdon38
<ubottu> tomreyn: I am only a bot, please don't think I'm intelligent :)
<tomreyn> !who | olivierbourdon38
<ubottu> olivierbourdon38: As you can see, this is a large channel. If you're speaking to someone in particular, please put their nickname in what you say (use !tab), or else messages get lost and it becomes confusing :)
<tomreyn> olivierbourdon38: so the lvm module is not included when you build with update-initrfamfs?
<olivierbourdon38> tomreyn lvm module seems to be there but boot process does not seem to be able to retrieve rootfs by label as far as I can tell
<tomreyn> hmm, without a lot more details anylzing this will not be possible. but i trust in you working it out. ;-)
<jamespage> coreycb: contining work on py3 migration for neutron/networking pkgs - going OK so far if a little fiddly
<olivierbourdon38> tomreyn I understand but I was hoping that this kind of issue to have occured before and that I could grab some ideas on where to look at to try solve it
<jamespage> coreycb: I'm introducing quite a few -common pkgs for shared config files
<jamespage> hope that's inline with your work so far
<tomreyn> olivierbourdon38: thanks for explaining your take on this. understandable. good luck in sorting it out.
<olivierbourdon38> tomreyn I think I found a way to get better/easier comparison to solve this. I created a preseed file which partition the disk in the exact same way my DIB images are.
<tomreyn> good, keep narrowing it down
<olivierbourdon38> I was able to successfully boot over net and LVM were recongnized ;-), will now go on comparing this working pattern with my failing one. Thanks tomreyn because our discussion triggered this idea
<tomreyn> glad i could help, if indirectly ;)
<Palm_premium>  
<tomreyn> Palm_premium: you just sent an empty line there, in case you wanted to send more?
<jamespage> coreycb: urgh missed that python3-ostestr still uses 'python' for the actual tests
<coreycb> jamespage: oops, hopefully it does support py3.
<jamespage> coreycb: yeah but you have to set PYTHON=python3 in the env
<Nafallo> heh. I don't think you're meant to deploy landscape server on ubuntu core, right? ending up with a bunch of missing dependencies I think ;-)
<Nafallo> stuff like ip and openssl
<coreycb> jamespage: it looks like it's doing that in override_dh_auto_test
<jamespage> coreycb: yeah that's what I'm just working back through now
<Nafallo> s/ubuntu core/ubuntu base/
<jamespage> coreycb: well two fail with the switch
<jamespage> nice
<coreycb> jamespage: not bad i guess
<jamespage> coreycb: https://review.openstack.org/575732
<jamespage> I have at least three neutron-*'s with the same patching
<coreycb> jamespage: +1
<jamespage> coreycb: I've also cherry picked a ssl recursion fix for eventlet - will see if that helps some of my failing tests shortly
<coreycb> jamespage: ack
<coreycb> jamespage: i think we're pretty good for b2. i'm going to switch gears back to py3 and will pick up any fringe b2 packages along with that.
<coreycb> jamespage: poking at backports as well
#ubuntu-server 2018-06-16
<asdasd> algum br?
#ubuntu-server 2018-06-17
<l4m8d4> It seems that ubuntu 18.04 server comes, on an EFI system, with a signed version of grub to support secure boot. Now the problem is, this version of grub seems to lack LUKS support, and running grub-install always installs the default signed module, making the system unbootable.
<l4m8d4> Making the system unbooatable on a fully encrypted file system, of course. On others, it would work normally
<l4m8d4> Is there a way to give ubuntu the ability to sign grub after building it itself, so it doesn't become corrupted on a grub update, for example? So we could create our own certificate, and add it into the system firmware
<hehehe> l4m8d4: why don't you use vera crypt?
<hehehe> instead of LUKS
<l4m8d4> Is that even included in the default package archives and can be used to provide encrypted containers to the system like luks?
<l4m8d4> On the official vera crypt page it states on the page "Operating Systems Supported for System Encryption", that ubuntu is not a supported target. So no, it's not an alternative. I don't know if any linux bootloader would even boot from a vera crypt volume.
<l4m8d4> As I said, my problem is not really with luks itself, but that the shipped grub binary will not have the necessary modules to open LUKS containers.
<hehehe> l4m8d4: you can create vera file as vol
<hehehe> as boot from normal grub
<hehehe> why is it essential too boot in encrypted way?
<l4m8d4> hehehe: It is required because if the machine were to be stolen, or the drives at least, it should be impossible, or at least very hard, to recieve all the files on the system.
#ubuntu-server 2019-06-10
<stripe> Hi Everyone, setting up a home 3 disk array (running / on the array), for partitioning would a seperate /boot partition (raid 1), the / partition (raid 5) and the swap partition (raid 0) be an acceptible scheme? (and not cause problems resilvering a disk after faliure) thanks :)
<TJ-> stripe: why the different RAID levels per FS, if there's the same 3 disks underlying it all?
<stripe> TJ the /boot is raid 1 to allow booting from any drive after faliure, the swap (0) is to minimise the amount of writes. or am I over thinking it (as usual lol)
<TJ-> stripe: I wouldn't like to be using RAID-5; it is very risky especially with 3 disks
<stripe> thanks TJ what would you use?
<TJ-> once you lose a disk you've no resiliance until you've replaced it with a hot spare, and most admins will tell you with RAID-5 *don't touch the array, don't shutdown" until you've got the replacement drive in place (oh, and do a full backup BEFORE adding the replacement disk) !
<stripe> TJ would you add another spare disk to the array or run a 4 disk (raid 5) array? I will have all my data snapshot'd and backed up.
<TJ-> I wouldn't use RAID-5 at all; RAID-6 or RAID-10 (mirror + stripe)
<TJ-> stripe: are these real spining disks or actually SSD ?
<TJ-> stripe: short informative read here: https://storageswiss.com/2015/01/13/which-raid-level-use-for-ssd-tier/
<stripe> thank you TJ will look at 6 and 10, all spinning drives, and thanks for the link. all the best :)
<TJ-> stripe: I'd always prefer RAID-10 even if it does give less capacity than 5/6 because it so much easier to rationalise about and work with when a disk (or two) fail
<stripe> TJ the loss of capacity is not an issue, (will mainly be running LXD{lxc} containers) so will do some further reading, thanks again for the help. have a great day :)
<blackflow> GB are cheap. What RAID10 loses in $$ for storage space, it gains with simplicity and robustness.
<stripe> thanks blackflow, my two favourite words simplicity and robustness it looks like I will be using raid 10 :)
<blackflow> also btw I wouldn't recommend RAID0 for swap. In case of disk failure it's crashy-crashy time, and the whole point of RAID is to keep the server running while you resilver the faulty disk
<blackflow> (and if at all possible, use ZFS)
<stripe> blackflow, have used zfs on freebsd, never even thought about using it on linux (facepalm) excelent reminder :)
<blackflow> d'oh!
<blackflow> :)
<blackflow> stripe: the only "problem" (for now) is that you'll have to install Ubuntu from debootstrap, until the installer grows the ZFS capabilities, which is in progress. But hey, I prefer deboostrapping anyway, I end up with most minimalist possible installation, no cloud-init, snapd and similar bloatware.
<stripe> debootstrap is not a problem, thats how I originally built my containers/chroot's (back in the day)
<blackflow> ZFS it is, then :)
<stripe> yep :)
<RoyK> blackflow: the only issue with zfs is the lack of flexibility
<RoyK> blackflow: you can't just toss in a new drive in a VDEV or remove one - it's rather static on the VDEV level - there are talks of this changing, but I haven't seen the code yet
<blackflow> precisely why a 2-disk mirror vdev is best. you just keep expanding by adding 2 disks at a time (or replacing them with bigger ones)
<blackflow> 2-disk mirror vdev, and then many vdevs are "stripes", so it's effectively a RAID10 as ZFS doesn't explicitly have a "RAID10" option
<RoyK> blackflow: for striped mirrors, yes, but I was thinking of raidz things
<blackflow> yeah.
<rbasak> bryce: bug 1773324 came up in triage. Are you OK to re-review/sponsor please?
<ubottu> bug 1773324 in rabbitmq-server (Ubuntu Eoan) "rabbitmqadmin shows %%VSN%% as version" [Medium,Triaged] https://launchpad.net/bugs/1773324
<rbasak> bryce: and nice job helping the volunteer to get the patch into shape :)
<bryce> rbasak, sure will take a look at it now
<supercool> Hello!
<supercool> Could someone tell me if Ubuntu Server comes with an active firewall nowadays?
<supercool> Please?
<sarnold> supercool: ufw is available to install if you want a friendly front end to iptables
<supercool> sarnold: actually I am just trying to figure why am an unable to access a server from a client server
<supercool> I think iptables are not initialized here
<supercool> So, no firewall?
<sarnold> how about nftables or ebtables?
<ploxiln> I don't think there is a firewall config blocking SSH or HTTP etc by default. probably no significant firewall by default
<supercool> I am trying to use 8000 and 8080 port and none of them worked
<supercool> I mean couldn't get anything from host side
<ploxiln> are you on the same lan, the same subnet?
<ploxiln> how do you know some application is listening on those ports?
<supercool> ploxiln: I am running a Django server on those ports
<supercool> I can acess from 127.0.0.1:8000 or 127.0.0.1:8080 using curl
<ploxiln> is it listening on 0.0.0.0 or 127.0.0.1?
<supercool> But the host doesn't receive anything
<supercool> I bridged the guest, So I think it is listening on 0.0.0.0 from outside
<ploxiln> so this is running in a VM on your laptop/desktop
<ploxiln> and you are trying to access from the browser on your laptop/desktop?
<supercool> My network IP would be 192.168.15.45:8000 for example
<supercool> Yes, exactly
<tds> can you reach it on the non-loopback IP if you curl on the same box?
<supercool> tds: yes
<ploxiln> hmm, well, that might not do it, the VM might not have the same ip as your laptop. depends on VM setup. how do you ssh to the VM?
<ploxiln> the laptop/desktop may have a firewall enabled by default
<supercool> ssh user@192.168.15.45
<ploxiln> hmm. ok, I would expect that accessing http://192.168.14.45:8000 from the same context as you ssh would work
<ploxiln> from the laptop/desktop, outside the VM
<supercool> ploxiln: yes, but it is not
<ploxiln> if run "ip addr" inside the vm, do you see the same or similar address in the output
<supercool>  inet 192.168.15.45/24 brd 192.168.15.255 scope global dynamic
<tds> what's the full output of `iptables-save`?
<supercool> tds: nothing shows
<supercool> or shows nothing*
<tds> ok, doesn't sound like firewall then
<tds> unless there's ebtables of nft rules as sarnold suggested, seems unlikely though
<ploxiln> looks like django listens on 127.0.0.1 by default, you need to specify 0.0.0.0:8000
<ploxiln> https://code.djangoproject.com/ticket/27537
<ubottu> Django bug 27537 in Core (Management commands) "Provide a simpler way to default runserver IP/port to 0.0.0.0:8000" [Normal,Closed]
<supercool> ploxiln: you are right! o/
<tds> sounds like it's already bound to the right ip if you can reach it from 192.168.15.45 on the same host though?
<tds> oh, weird
<supercool> I had to runserver as 0:8000
<supercool> 0 is a shortcut for 0.0.0.0. Full docs for the development server can be found in the runserver reference.
<ploxiln> good to hear :)
<supercool> Thank you a lot! What is your account number for the deposit?
<supercool> Thank you guys!!!
<ploxiln> haha. uh, 42
<supercool> ploxiln: \o/
#ubuntu-server 2019-06-11
<supercool> I am trying to make a shared folder persistent as https://gist.github.com/estorgio/1d679f962e8209f8a9232f7593683265
<supercool> The item 2 Add the following line to fstab (separated by tabs) and press Ctrl+O to Save.
<supercool> As shared /home/<username>/shared vboxsf defaults 0 0
<supercool> Is blocking the boot process
<supercool> Any ideas what could be happening?
<sarnold> supercool: sagrawal-idrc's comments seem likely to be in the right direction
<supercool> sarnold: alright, checking it.
<lordievader> Good morning
<jamespage> coreycb, sahid: reminder to us all - when removing py2 support, remember to drop all maintainer scripts that deal with alternatives only.
<sahid> jamespage: ack
<friendlyguy> hi i am trying to get ubuntu 18.04.2 LTS to resolve .local hostnames
<friendlyguy> its just ignoring my dns settings from netplan
<friendlyguy> how can i make sure the nameservers i set in the netplan config are actually being used?
<friendlyguy> netplan --debug apply show the correct nameservers
<friendlyguy> but i cant resolv hostnames that have a .local domain
<blackflow> btw, .local shouldn't be used outside of mDNS. iirc resolved would refuse resolving those
<friendlyguy> well, not an option to change that
<friendlyguy> i need to fix the server so its asking the dns server for those hostnames
<blackflow> then you shouldn't be using systemd-resolved, if you're going against the standards and specs.
<friendlyguy> i think its very common to have .local domains in ad
<blackflow> .local is reserved for mDNS via RFC <number forgotten> so whoever is using .local for regular DNS is doing it wrong, "common" or not.
<blackflow> your options are either to employ mDNS in your network for .local, or don't use systemd-resolved.
<friendlyguy> okay, what do i need to do to remove systemd-resolved?
<blackflow> stop the service, disable it, mask it. set up resolv.conf manually for your upstream resolver. unlink it first, as it's a symlink into /run/...
<blackflow> oh also, iirc you shouldn't then use DNS config in netplan. I think that thing only talks to resolved. I'm not using netplan anywhere, so I can't test for you.
<friendlyguy> what do you mean by "mask it"
<friendlyguy> i disabled and removed the service, i removed the resolv.conf symlink
<blackflow> `systemctl mask systemd-resolved.service`
<blackflow> if you just disable it, other processes like netplan, NM, ...   can start it
<friendlyguy> ah. thanks for explaining that
<friendlyguy> i did it and saw a symlink to /dev/null was created
<blackflow> right.
<friendlyguy> okay, this looks much better
<friendlyguy> ping to host works, ping to host.local works
<friendlyguy> btw. interesting to read: https://en.wikipedia.org/wiki/.local
<friendlyguy> there are examples for the "confusing" recommendations microsoft gave its customers
<friendlyguy> i know plenty of HUGE (80000 servers+) domains that are on .local
<blackflow> nothing wrong with .local if it's done via mDNS tho
<friendlyguy> well, they are not :)
<blackflow> gtg, good luck.
<jamespage> coreycb: yuck - https://launchpadlibrarian.net/427745205/buildlog_ubuntu-eoan-amd64.python-oslo.log_3.44.0-0ubuntu3_BUILDING.txt.gz
<jamespage> oslo.config -> oslo.log -> oslo.config
<jamespage> nicely wedged
<coreycb> jamespage: thanks for fixing that
<Koopz> https://gist.github.com/Koopzington/dacef5d2b76890a5d2f6c386e9bf9124 would you say that HDD needs to be replaced after spamming syslog with those messages for about a week?
<jamespage> coreycb: not fixed yet - trying to figure out how to unpick
<rbasak> ahasenack, bryce, paride, rafaeldtinoco: I just noticed that if we mark a bug Won't Fix and the reporter responds, that won't reappear for triage.
<rbasak> I can fix this easily enough, but the question is: exactly which statuses, if any, should we exclude for retriage?
<rbasak> For example: do we want a comment on a bug where are tasks are marked "Fix Released" to reappear for triage?
<rafaeldtinoco> rbasak: well, won't fix sounds appropriate to revisit (maybe by another person)
<rbasak> rafaeldtinoco: right - so I think we should at least add "Won't Fix" to the list of "bugs that reappear for triage if there is activity"
<rafaeldtinoco> rbasak: fix committed could appear again (for proposed migrations check)
<rafaeldtinoco> it would remind us to check regressions during triage (? makes sense ?)
<rbasak> Proposed migration isn't really part of our triage process - we check the excuses list separately to make sure we cover that.
<paride> rbasak, we recently discussed this for the curtin/cloud-init triage and agreed to look only at active bugs with the following statuses:
<rafaeldtinoco> alright
<rbasak> For triage purposes what I want to make sure is that we don't miss useful community communication by accident.
<rafaeldtinoco> makes sense
<paride> New Incomplete Confirmed Triaged In Progress
<paride> so no wontfix, with the idea that the bug reporter should set the status back to New if they want to reopen the discussion
<rafaeldtinoco> paride: should we leave a msg warning about that ?
<rafaeldtinoco> i wouldn't know :\
<rbasak> paride: I noticed through bug 1832110, where I explicitly asked the reporter to do that but they didn't. I'm not sure how I could have made it clearer.
<ubottu> bug 1832110 in openssh (Ubuntu) "Resource Sharing with multiple sshd services" [Undecided,Won't fix] https://launchpad.net/bugs/1832110
<rafaeldtinoco> reporter might be afraid of changing that after a maintainer/core dev changes it to wontfix.. i would give the argument but not change the flag
<paride> rafaeldtinoco, I think that most of the time we explicitly tell the reporter to change the status back to New if they think the issue is not actually solved -- at least I do, and I mostly took rbasak's replies as my reference :)
<rbasak> Perhaps, if we always do that (I do, and it sounds like paride does), then we can accept that the kind of occurrence in this bug today will get missed, and that's OK.
<rafaeldtinoco> yep, if explicitly said, i would
<rafaeldtinoco> "could you double check because of X, Y, z" -> change back to new.. sounds okay
<blackflow> Koopz: I definitely would, yes. Also check its S.M.A.R.T attributes log, via smartmontools.
<paride> rafaeldtinoco, that's what I'd personally stick to, but I don't oppose adding wontfix to the list of statuses we watch, unless it adds too much noise
<bryce> rbasak, due to all these considerations, I've generally avoided applying wontfix to bugs except in extreme cases where I know there's going to be more feedback but the decision is final.  So I generally would agree with paride that it should be omitted.  It depends a lot though on the team's policy for when wontfix is applied; if it's done more liberally then revisiting may make sense
<bryce> and yes, people tend to be very reticent about changing bug states or tags, even when you invite them to
<coreycb> jamespage: any luck with oslo.log? i'm not clear on how they are wedged. looking now
<jamespage> coreycb: no been re-doing some upstream reviews for neutron
<jamespage> coreycb: python3-oslo.log in proposed fails to install; I tried to update to fix that but oslo.log->oslo.config->oslo.log (which fails to install from proposed)
<jamespage> coreycb: if we can quickest solution might be to get python-oslo.log removed from proposed
<coreycb> jamespage: ok i think i'll put that request in. and it seems like the new version with your updates should work.
<rbasak> bryce: I tend to Won't Fix more liberally, because I feel that anything else perpetuates the expectation that the work in in some queue somewhere waiting to be done, when in fact we have no intention of doing anything.
<rafaeldtinoco> Warning /!\ the following status changes are restricted to members of UbuntuBugControl or package maintainers:
<rafaeldtinoco> Moving from Won't Fix.
<rafaeldtinoco> does a regular user can change from won't fix ?
<rafaeldtinoco> (ubuntu wiki bugs/bug statuses)
<rbasak> rafaeldtinoco: good point. I thought they could because I've seen enough status fights over Won't Fix. But perhaps not everyone.
<rbasak> In that case perhaps we should add this status to the search list.
<rbasak> cpaelzer: you weren't hear earlier - please see above discussion
<rbasak> here
<rbasak> I swear I have a "typing part" of my brain now that hears words sans grammar.
<rbasak> Going back to the above discussion, I don't think bugs should ever be considered to be in a "terminal state" as it were.
<rbasak> It should always be possible for them to be "rescued" from that by an interested community member who can provide an appropriate justification
<rbasak> However the bug status does set expectations conclusively, and I'd like to retain the ability for us to do that.
<rbasak> (without eliminating the possibility of discussion of changing our minds)
<rafaeldtinoco> rbasak: like rescuing wont fix for newer releases (after years)
<rafaeldtinoco> instead of opening new ones (and having history)
<rbasak> Yes, if it's truly the same issue and not a new one.
<rafaeldtinoco> yep
<rbasak> (which is subjective of course)
<TJ-> ^^^ had one of those today from 2009 !
<rafaeldtinoco> TJ-: yep, i proposed a merge to CTDB (from 2011)
<rafaeldtinoco> i mean, can happen!
<TJ-> I asked the user to start a new bug but left a comment on the original
<rbasak> I think it's fine to leave that choice up to whoever is driving the bug.
<TJ-> rbasak: I think it's as you said; if W.F. is not used liberally to close off things prematurely, then additional comments (often arguments ad-nausium) don't need to be seen
<cpaelzer> yep, all is a case-by-case decision - but we should not filter them out in e.g. triage
<cpaelzer> rbasak: do we filter them atm?
<TJ-> Bug Squad can always change status if its glaringly wrong too
<rbasak> cpaelzer: accidentally we do, yes. I can provide a PR to fix easily - I just need to know which statuses we want to appear in triage. Am I right in thinking that you're advocating "all of them"?
<bryce> rbasak, part of my opinions were shaped working on X.org bugs, where a given bug could have scores or hundreds of commenters who think they have the same issue but aren't even on the same video driver ;-)  Setting a bug to wontfix could really bring the rats out of the woodwork sometimes.
<bryce> rbasak, long ago ctrl-alt-backspace used to be a shortcut to terminate the X session, and when I disabled it by default in the distro it generated a lot of discussion that ended with wontfixes.  ;-)
<rbasak> bryce: yeah - I call those "pileon" bugs. Where people think they have the same bug because they share some common symptom. Impossible to "fix" because the same symptoms can be caused by multiple root causes, and it is sometimes impossible to eliminate all of them (especially when some root causes are user misconfigurations rather than bugs, but others were actually bugs that got fixed)
<bryce> rbasak, yeah I called them me-too storms.  Got a lot of them for video driver bugs, where each was specific to a given piece of hw but had the same general symptoms (e.g. black screen of death) so whatever one got best billing in google got all the subscribers, regardless of drivers
<cpaelzer> rbasak: never the less I think for server bugs we better should see them (and quickly call them done) than missing them
<cpaelzer> we do not have a lot of those "me too" bugs
<bryce> yeah server is in a much better situation.  Reporters also seem to be more technically inclined which is nice.
<rafaeldtinoco> well, the burden of reading 1 or 2 last comments to figure out we should keep it as a wontfix, or call it done, is not big.. and possibly reporter would get very satisfied with one last comment or confirmation.. so +1 on what cpaelzer said
<hggdh> rbasak, rafaeldtinoco: you could get the server team added to BugControl -- this would give all in the team the ability to set/reset status
<cpaelzer> hggdh: youmean https://launchpad.net/~ubuntu-bugcontrol?
<hggdh> cpaelzer: yes
<cpaelzer> yeah rbasak, bryc, andreas and myself likely are in there by being core-dev's
<rafaeldtinoco> "The Bug Control team is a subset of the Bug Squad and has the ability to set the Importance of bug reports regarding Ubuntu."
<cpaelzer> thanks for the hint
<rafaeldtinoco> fits the description =)
<cpaelzer> https://launchpad.net/~canonical-server already is a member
<ahasenack> note that ubuntu-server is an open team iirc
<rbasak> hggdh: yes we already have that
<cpaelzer> yeah that would be open, but the one I posted is not
<cpaelzer> and it already is in there
<rbasak> via ~canonical-server
<ahasenack> is tinoco in there?
<cpaelzer> and rafaeldtinocois a member
<hggdh> so rafael is not a member of this team?
<rafaeldtinoco> ahasenack: im here
<hggdh> oops
<rafaeldtinoco> ah nm
<rafaeldtinoco> lol
<ahasenack> Â¯\_(ã)_/Â¯
<rbasak> hggdh: the question about not being able to change from Won't Fix to New is about community contributors, eg. if they want reconsideration of that status.
<hggdh> rbasak: oh, OK. Yes, only BugControl (and drivers) can move from terminal status.
<hggdh> our experience with having all changing status was... rather bad, with people randomly changing status
<ahasenack> rafaeldtinoco: ubuntu-fan is green, should migrate any moment
<rafaeldtinoco> \o/
<ahasenack> I'm not stalking it specifically, I'm looking for my munin retry ;)
<ahasenack> but you know, it's one big page
<rafaeldtinoco> O.o
<rafaeldtinoco> ahasenack: on the ctdb merge, ill go ahead and merge those 2 patches (non upstream)
<rafaeldtinoco> i think it will be better to maintain if needed, when you merge samba again
<ahasenack> yep
<ahasenack> and I also don't think we need that huge description about versions < 4.10, which doesn't matter for eoan
<ahasenack> the fix is simple, it's about using the correct service names
<ahasenack> when samba gets updated, the patch will be refreshed or removed, just business as usual
<rafaeldtinoco> k
<bryce> I'm noticing there are two "styles" of lxc, one provided by the lxd-client, another from lxc-utils.  I've got both installed (i.e. lxc list and sudo lxc-ls produce different container listings).  I prefer the former, but I've only gotten autopkgtest to work with the latter.
<bryce> I notice there's also an actual 'lxc' installable package from universe, although I haven't tried it
<bryce> `autopkgtest <whatever>.dsc -- lxc -sed <container>` seems to expect lxc-utils.  Is there a way to make it use lxd-client instead?
<bryce> ahasenack, are you using lxc with autopkgtest runs?  How are you doing it?
<ahasenack> bryce: so
<ahasenack> bryce: short answer: yes
<ahasenack> but let's qualify "lxc"
<ahasenack> there is old style lxc, the lxc-something commands (like lxc-ls), and that is the only one in debian afaik
<ahasenack> and there is lxd, where the daemon is lxd, but the command line is just lxc (no dash to a subcommand)
<ahasenack> I'm using lxd then
<ahasenack> and I also use qemu, depending on the test
<ahasenack> you should not use lxc-ls & friends, that is old and done
<ahasenack> you'll notice there is autopkgtest-build-lxc (don't use this)
<ahasenack> and autopkgtest-build-lxd (that's the one)
<bryce> ok
<ahasenack> likewise, there is autopkgtest-virt-lxc
<ahasenack> and autopkgtest-virt-lxd
<ahasenack> the latter is used when you specify autopkgtest .... -- lxd <imagename>
<ahasenack> bryce: lxd in later ubuntu releases (don't remember since when right now) is only available as a snap
<ahasenack> there is a wrapper deb package, but it will install the snap in postinst
<bryce> ahasenack, aha  autopkgtest .... -- lxd  seems to be working and looks like what I'm after, thanks!
<ahasenack> cool!
<bryce> ahasenack, zookeeper has the same problem with adduser as the other thing
<bryce> adduser: Warning: The home directory `/var/lib/zookeeper' does not belong to the user you are currently creating.
<bryce> --> https://bugs.launchpad.net/ubuntu/+source/zookeeper/+bug/1832400
<ubottu> Launchpad bug 1832400 in zookeeper (Ubuntu) "Warning on adduser that home dir doesn't belong to zookeeper user" [Undecided,New]
<sdeziel> cyphermox: I'm setting up a sit tunnel with HE using netplan and following https://netplan.io/examples#connecting-an-ip-tunnel. I tried to skip the 'local' param as I do on ifupdown setups but netplan doesn't let me. This can be annoying for setup where the IPv4 is dynamic in nature. Should I fill a bug or am I doing something stupid here?
<ahasenack> bryce: is it really just a warning, in terms of exit codes?
<cyphermox> sdeziel: please file a bug. AFAIK this is a limitation of networkd we need to deal with
<sdeziel> cyphermox: thx
<bryce> ahasenack, seems to be.  found there was another zookeeper bug reported years ago suggesting the same things we found
<sdeziel> cyphermox: https://bugs.launchpad.net/ubuntu/+source/plan/+bug/1832404
<ubottu> Launchpad bug 1832404 in plan (Ubuntu) "sit tunnel should not require the local param" [Undecided,New]
<ahasenack> bryce: did you get a set -x run yet in autopkgtest?
<bryce> ahasenack, I'm poking around inside the container trying to see how to trigger it to start building the .dsc
<ahasenack> bryce: which container? The one spawned by autopkgtest?
<bryce> yeah
<bryce> seems to not have javahelper installed
<ahasenack> it's in a stopped state because the test failed, and you logged in?
<bryce>  dpkg-source --before-build src
<bryce> dpkg-checkbuilddeps: error: Unmet build dependencies: javahelper
<bryce> dpkg-buildpackage: warning: build dependencies/conflicts unsatisfied; aborting
<bryce> dpkg-buildpackage: warning: (Use -d flag to override.)
<bryce> root@autopkgtest-lxd-zgynnm:/tmp/autopkgtest.5vcQz7/build.xKm/src# apt-get install javahelper
<bryce> + apt-get install javahelper
<ahasenack> (the test run is stopped, not the container)
<bryce> Reading package lists... Done
<bryce> Building dependency tree
<bryce> Reading state information... Done
<bryce> E: Unable to locate package javahelper
<bryce> r
<bryce> looks like it stopped before it got to the test, like around line 757 on http://paste.ubuntu.com/p/QJ92bP6Bn9/
<ahasenack> is it the right ubuntu relesae?
<ahasenack> I see the same error as before, the postinst failing at the bottom of the paste
<bryce> javahelper is a universe package so needed to enable that
<ahasenack> 757 says Setting up javahelper (0.72.1~18.04.1) ...
<ahasenack> I don't see an error around line 757
<ahasenack> I suggested the -x to see what exactly failed in the postinst in line 1718
<bryce> ahasenack, oh I meant, that's how far along it got before it logged me in
<Ussat> I present to you:  Linux Ubuntu-1804LE 4.15.0-45-generic #48-Ubuntu SMP Tue Jan 29 16:27:02 UTC 2019 ppc64le ppc64le ppc64le GNU/Linux
<Ussat> \o./
<ahasenack> Ussat: new box?
<Ussat> I am doing a POC with IBM......Thats a POwer8 box running Ubuntu
<Ussat> We are debating and testing, might move all our *nix off of esxi on to Power Hardware
<Ussat> I am running the POC
<Ussat> the test lab is in NY, I am in Iowa :)
<sarnold> Ussat: woo, shiny :)
<Ussat> Been struggling with rsct and dlparing, have an email to a IBM dev out
<Ussat> Have it working with RHEL and Cent...its close w/Ubunnntu...but just not there yet...we will see what tomorrow brings
<sarnold> "did you mean .. despairing .. ?"  :)
<Ussat> heh
<bjonnh> I'm trying to automate installs of ubuntu server using virt-install
<bjonnh> virt-install --name test_vm --vcpus 2 --ram 256 --location http://archive.ubuntu.com/ubuntu/dists/disco/main/installer-amd64/ --disk vm.qcow2,bus=virtio,cache=none,size=5 --graphics none --console pty,target_type=serial --extra-args 'console=ttyS0,115200n8 serial' --network user,model=virtio
<bjonnh> when I do that I get a --[ end Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0) ]--
<bjonnh> (tried without virtio as well)
<bjonnh> (my purpose here is to provision VMs on a libvirt enabled server)
<Ussat> \o/ dynamic LPARS workiong, was missing dynamicrm_2.0.1-3_ppc64el.deb
#ubuntu-server 2019-06-12
<cpaelzer> bjonnh: If you don't insist on custom install options and instead would be ok to customize an instance at deploy time then I'd recommend taking a look at either multipass (has a libvirt option that is not the deault) or uvtool
<cpaelzer> so much less complexity and much faster than virt-install
<lordievader> Good morning
<j_c> Hi anyone using , Ubuntu server 18 with more than 1 NIC cards? I am not able to bring network up on the second NIC. Same issue on Ubuntu server 16.04 as well
<cpaelzer> j_c: I have multiple nics, but they work for me
<cpaelzer> and with a VM guest with mutliple cards everyone can easily try, what happens on your system when you say "not able to bring network up on the second NIC" ?
<cpaelzer> by default the further devices are offline in my case
<cpaelzer> but you can follow e.g. https://netplan.io/examples#connecting-multiple-interfaces-with-dhcp (whatever matches your config needs)
<cpaelzer> with that I get all three devices up just fine, so please outline what your issue exactly is
<cpaelzer> maybe start with an output of "ip link" "ip addr" and your netplan config in  /etc/netplan/
<j_c> @cpaelzer: Ip link and ip addr everything works fine. I am not able to connect to the server using the second NIC
<cpaelzer> j_c: was so kind to keep the data to a query - thanks
<cpaelzer> j_c: so you have setup two distinct networks
<cpaelzer> 10.1.14.x which you can reach via the first NIC
<cpaelzer> and 10.2.14.x which is the second NIC
<j_c> Yes, two different networks. I am able to connect using 10.1.14.x, but not able to connect to 10.2.14.x
<cpaelzer> do I understand correctly that on the second NIC there is a network 10.2.14.x and you can't reach any of those 10.2.14.x systems?
<j_c> Yes, you are correct. I am not able to connect to the server using 10.2.14.x
<cpaelzer> can you send me (in the query) the output of "ip route"
<j_c> sent
<cpaelzer> ok, LGTM 10.2.14.x should go out of eno2 in your case
<cpaelzer> what command exactly does "try to connect" mean?
<lordievader> j_c: What do you see on a tcpdump on that interface? For example with a ping, do you see the host responding?
<j_c> I tried to ping , ssh
<cpaelzer> yep, good next questions lordievader
<cpaelzer> and to be sure on the routing
<cpaelzer> what does "ip route get <targetip>" give?
<cpaelzer> should be ... via eno2
<j_c> i don't see that, sent you the output
<cpaelzer> ok so the routing is broken
<cpaelzer> here a valid example:
<j_c> if add the routing manually, after the restart the routing information is lost.
<cpaelzer> 10.245.237.5 via 10.172.192.1 dev ens8 src 10.172.196.173 uid 1000
<cpaelzer> yeah, you want to find why it is broken
<cpaelzer> not manually add routes
<lordievader> Systemd-networkd, netplan, networkmanager adding routes?
<j_c> cpaelzer: Okey. I will check that.
<j_c> @<lordievader> : i sent tcpdump to you
<lordievader> You did? I'm on matrix, maybe the PM invite hasn't arrived yet.
<j_c> root@h019:~# tcpdump -i eno2
<j_c> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
<j_c> listening on eno2, link-type EN10MB (Ethernet), capture size 262144 bytes
<j_c> 10:00:21.615095 ARP, Request who-has 10.2.14.116 tell 10.2.14.111, length 46
<j_c> 10:00:22.072618 ARP, Request who-has 10.2.14.116 tell 10.2.14.115, length 46
<j_c> 10:00:22.134786 ARP, Request who-has 10.2.14.116 tell 10.2.14.113, length 46
<j_c> 10:00:22.351513 ARP, Request who-has 10.2.14.116 tell 10.2.14.117, length 46
<j_c> 10:00:22.615112 ARP, Request who-has 10.2.14.116 tell 10.2.14.111, length 46
<j_c> 10:00:23.072670 ARP, Request who-has 10.2.14.116 tell 10.2.14.115, length 46
<j_c> 10:00:23.134753 ARP, Request who-has 10.2.14.116 tell 10.2.14.113, length 46
<j_c> 10:00:23.351472 ARP, Request who-has 10.2.14.116 tell 10.2.14.117, length 46
<j_c> 10:00:23.615154 ARP, Request who-has 10.2.14.116 tell 10.2.14.111, length 46
<j_c> 10:00:24.073711 ARP, Request who-has 10.2.14.116 tell 10.2.14.115, length 46
<j_c> 10:00:24.178287 ARP, Request who-has 10.2.14.116 tell 10.2.14.113, length 46
<j_c> 10:00:24.354421 ARP, Request who-has 10.2.14.116 tell 10.2.14.117, length 46
<j_c> 10:00:24.371219 ARP, Request who-has 10.2.14.116 tell 10.2.14.112, length 46
<j_c> 10:00:24.615194 ARP, Request who-has 10.2.14.116 tell 10.2.14.111, length 46
<j_c> 10:00:25.076653 ARP, Request who-has 10.2.14.116 tell 10.2.14.115, length 46
<j_c> 10:00:25.174792 ARP, Request who-has 10.2.14.116 tell 10.2.14.113, length 46
<j_c> 10:00:25.351543 ARP, Request who-has 10.2.14.116 tell 10.2.14.117, length 46
<lordievader> !paste
<ubottu> For posting multi-line texts into the channel, please use https://paste.ubuntu.com | To post !screenshots use https://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<j_c> 10:00:25.367581 ARP, Request who-has 10.2.14.116 tell 10.2.14.112, length 46
<j_c> 10:00:25.614942 ARP, Request who-has 10.2.14.116 tell 10.2.14.111, length 46
<j_c> 10:00:26.076689 ARP, Request who-has 10.2.14.116 tell 10.2.14.115, length 46
<j_c> 10:00:26.174812 ARP, Request who-has 10.2.14.116 tell 10.2.14.113, length 46
<j_c> 10:00:26.351530 ARP, Request who-has 10.2.14.116 tell 10.2.14.117, length 46
<lordievader> Hrm, no bot?
<j_c> 10:00:26.367552 ARP, Request who-has 10.2.14.116 tell 10.2.14.112, length 46
<j_c> 10:00:26.614897 ARP, Request who-has 10.2.14.116 tell 10.2.14.111, length 46
<j_c> 10:00:27.096251 ARP, Request who-has 10.2.14.116 tell 10.2.14.115, length 46
<j_c> 10:00:27.176037 ARP, Request who-has 10.2.14.116 tell 10.2.14.113, length 46
<j_c> 10:00:27.368756 ARP, Request who-has 10.2.14.116 tell 10.2.14.112, length 46
<j_c> 10:00:27.622547 ARP, Request who-has 10.2.14.116 tell 10.2.14.117, length 46
<j_c> 10:00:27.631496 ARP, Request who-has 10.2.14.116 tell 10.2.14.111, length 46
<j_c> 10:00:28.092703 ARP, Request who-has 10.2.14.116 tell 10.2.14.115, length 46
<j_c> 10:00:28.174807 ARP, Request who-has 10.2.14.116 tell 10.2.14.113, length 46
<j_c> 10:00:28.367566 ARP, Request who-has 10.2.14.116 tell 10.2.14.112, length 46
<j_c> 10:00:28.619542 ARP, Request who-has 10.2.14.116 tell 10.2.14.117, length 46
<j_c> 10:00:28.630902 ARP, Request who-has 10.2.14.116 tell 10.2.14.111, length 46
<j_c> 10:00:29.043471 LLDP, length 46
<lordievader> Anyhow, you can use a pastebin service, rather than pasting directly into here.
<j_c> 10:00:29.092648 ARP, Request who-has 10.2.14.116 tell 10.2.14.115, length 46
<j_c> 10:00:29.174832 ARP, Request who-has 10.2.14.116 tell 10.2.14.113, length 46
<j_c> sorry, next time. I will not post
<lordievader> Is .116 localhost? If so, you are not responding to ARP it seems.
<j_c> sure, I will use it from next time.
<j_c> https://paste.ubuntu.com/p/m4dBNpNDkM/
<cpaelzer> lordievader: he is 10.2.14.119
<j_c> yes, my second NIC has 10.2.14.119
<cpaelzer> j_c: you checked the route for your own ip "ip route get 10.2.14.119"
<cpaelzer> what happens if you use the actual target IP
<j_c> I am not able to ping or ssh the server.
<j_c> root@h019:~# ip route get 10.2.14.119
<j_c> local 10.2.14.119 dev lo src 10.2.14.119 uid 0
<j_c>     cache <local>
<cpaelzer> but .119 is you
<cpaelzer> if you happen to try to reach .120 then use that in the "ip route get" command
<j_c> yes, .119 is the current server. I am able to ssh from 10.1.14.119 not using the 10.2.14.119
<j_c> even that server has same issue, I configured it. I will check some other server which is working
<j_c> root@h019:~# ip route get 10.2.14.117
<j_c> 10.2.14.117 dev eno2 src 10.2.14.119 uid 0
<j_c> .117 is another server which I am able to use with second NIC. above output is for that server
<cpaelzer> ok so it tries to leave on eno2
<cpaelzer> now as lordievader asked - when you try like ssh ubuntu@10.2.14.117 while being on 10.2.14.119 - what does tcpdump (just for eno2) show on both systems?
<TJ-> j_c: are these systems connected to a common switch or a router?
<j_c> Tj-: it is connected to a switch.
<TJ-> j_c: I've had recent exerperience of a switch that does offloading 'eating' ARP replies and the symptoms appear the same as yours
<j_c> <cpaelzer> and <lordievader> tcpdump while showd an extra message
<j_c> 10:53:16.488770 IP 192.168.0.103.32176 > h019.ssh: Flags [S], seq 3422299043, win 16384, options [mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,TS val 3662167688 ecr 0], length 0
<j_c> Tj-: I think , I need to learn many of basic things in networking. But I will find more details, about the switch first. Thanks for the info
<lordievader> On what side is that? Client or server?
<TJ-> j_c: a diagnostic method I used to determine that was to run tcpdump on both hosts; I then saw: trasmitter sends Who-Has, receiver receives Who-Has, sends I-Have, transmitter never sees the I-Have
<j_c> <TJ-> : are you talking about -- 10:00:28.092703 ARP, Request who-has 10.2.14.116 tell 10.2.14.115, length 46 --  These messages are due to the server which is done.
<TJ-> j_c: all done whilst ensuring neither host had any firewall rules in place and no weird routes
<j_c> .116 is down. I am more concern about .117, which is not able to connect to network
<j_c> sorry ... .119 ***
<TJ-> j_c: ahhh, I must have come in after you reported that, I arrived when you were flooding the channel!
<TJ-> j_c: you have local console access to .119 ?
<j_c> sorry for that--- yes, my second NIC has 10.2.14.119, which I am not able to ping or ssh
<TJ-> j_c: right, so, first prove that NIC can *receive* any packets at all (This is to prove the receivce side of the phy layer is not asleep/low-powered) "tpcdump -ni <ifname>" -- you ought to see IPv6 RAs, possible STP and other broadcasts from the network. If you see nothing after a minute or so its worth investigating if the NIC hardware is 'asleep'
<TJ-> j_c: secondly, are VLANs in use on the switch or this host?
<j_c> root@h019:~# tcpdump -ni eno2
<j_c> 11:12:08.808791 IP 192.168.0.103.17164 > 10.2.14.119.22: Flags [S], seq 1751977968, win 16384, options [mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,TS val 1629842332 ecr 0], length 0
<j_c> I am not sure , why length is 0 , which trying to ssh
<TJ-> j_c: you're listening on 10.2.14.119 ?
<j_c> No, there are no vlan.
<j_c> Yes, I am listening on  eno2 (10.2.14.119)
<j_c> If I change the netplan settings. second NIC is coming up, in that case first NIC is going down
<j_c> I think, this is more of a routing issue. But I am not able to find solution.
<TJ-> j_c: so you've got 2 NICs on the .119, both connected to the same switch?
<j_c> Yes. but they are in two different networks. 1 nic is 10.1.14.119. second nic is 10.2.14.119.
<TJ-> j_c: right, but they're connected to the same switch?
<j_c> Yes, they are connected to the same switch
<TJ-> j_c: I'm trying to build a picture of the layout. What is/are the issues? You've just said when 1 NIC is brought up the other goes down, but you've also been talking about a SSH packet being 0 length
<TJ-> j_c: can you show "pastebinit <( ip link; ip route; ip addr; sudo iptables -S )"
<j_c> Network is the main issue. <cpaelzer> and <lordievader> asked me to do tcpdump while connecting to the server using ssh. the above log shows, when I am trying to do ssh to the server using second NIC.
<TJ-> j_c: what is the IP address of the host you're SSH-ing from? is it 192.168.0.103 ?
<j_c> I am trying ssh from firewall. Firewall has public IP.
<j_c> ( ip link; ip route; ip addr; sudo iptables -S ) https://paste.ubuntu.com/p/4G5KyxJbBT/
<j_c> <lordievader> : that is on server side. I connected to server using first NIC card and running tcpdump on the second NIC. While trying to ssh using secind NIC ip, I am getting that line.
<TJ-> j_c: aha, the issue will be your default route is taking traffic for 192.168.0.103 which is going to have a src address of 10.1.14.119
<TJ-> j_c: if you want 192.168.0.183 to be using eno2 then you need an additional route of the form "ip route add 192.168.0.0/24 dev eno2 src 10.2.14.119"
<j_c> Tj- if add that, if it works. Does it work after reboot?
<TJ-> j_c: you'd have to add the route into your network configuration
<j_c> On ubuntu 16: it will be /etc/network/interfaces but on Ubuntu 18, should i add that to same path or netplan?
<TJ-> j_c: you can add additional routes in the netplan config
<j_c> Tj- same, after adding the command. Second NIC is working, but I am not able to ssh to server using first NIC
<TJ-> j_c: from 192.168.0.183?
<TJ-> j_c: that is expected - as I said earlier, you've connected both NICs to the same Ethernet switch, and you've got 192.168.0.182 connected to that switch, so unless you partition things with VLANs .119 is only reachable via one or the other NICS, not both
<j_c> Hoo ok. Thanks TJ-. I will check about more details. I don't have complete information about the switch.
<TJ-> j_c: if you have 192.168.0.183 another IP address, it would be possible on .119 to have two rules that route via .2 or .1 based on source IP from the remote SSH host. on the SSH remote host you'd have to ensure you could force the source-IP too, which may rquire policy routing table
<j_c> TJ-: I have one more question, but on other servers, where it is working. They have some different routing rules
<TJ-> j_c: do they have multiple NICs connected to the same switch in the same way?
<TJ-> j_c: maybe they also have some policy routing tables?
<j_c> yes. they are also connected to same switch. two NICs
<j_c> TJ- can i add something like this and make it work. https://paste.ubuntu.com/p/rqKvS6rzS4/
<TJ-> j_c: aha, see that has the default with "onlink"
<lordievader> j_c: Rather than testing ssh, I'd start with icmp. See if echo requests are coming in on the other point, replies going out and being received.
<lordievader> I.e. tcpdump with a filter on icmp on both ends.
<TJ-> j_c: "onlink pretend that the nexthop is directly attached to this link, even if it does not match any interface prefix"
<coreycb> jamespage: python-oslo.log was removed from proposed yesterday fyi
<coreycb> jamespage: nm i see you have your new version in proposed now
<coreycb> jamespage: seems your new upload is still picking up the bad proposed package that was removed
<jamespage> hmm
<coreycb> jamespage: probably can force oslo.config to depend on >= new oslo.log version
<jamespage> coreycb: not until its built...
<jamespage> I suspect the binary package needs removing as well
<coreycb> jamespage: yeah ok. let me ping in #ubuntu-release.
<Ussat> OK, so I now have DLPAR working w/Ubuntu on PPCLE :)
<Ussat> \o/
<jamespage> coreycb: sorry I'd not realized that we'd not rebuilt
<coreycb> jamespage: np i didn't realize the order of events
<coreycb> sahid: python-cinderclient merged/uploaded for eoan, thanks
<sahid> coreycb: thanks for the review and fixes you made
<bjonnh> hi cpaelzer I ended up doing a iso with cloud-init config and using the cloudimg. Works beautifuly.
<bjonnh> I'm going to try with minimal image now
<bjonnh> hmmm minimal doesn't autoload cloud-initâ¦
<bjonnh> too bad
<bjonnh> weird the minimal image doesn't seem to even have any network so I can't even debug itâ¦
<bryce> given an installed snap package, is there a way to get snap to tell me the git repo (if any) for that package?
<sdeziel> bryce: snap info $package might give you a link in the description
<coreycb> jamespage: sahid: nova snapshot is uploaded for train - note I had to deal with CRLFs with core.autocrlf before importing the tarball.
<bryce> sdeziel, thanks, but yeah that was first place I looked.  guessing it's not being tracked then
<sdeziel> bryce: I'd take a look at the web page on the snapstore then
<coreycb> jamespage: sahid: i think i have the current train backport issues sorted out too
<bryce> sdeziel, ok thanks
<bjonnh> finally
<bjonnh> so the minimal image didn't work with cloud-init data on ext4, didn't work on iso, but it works with vfatâ¦
#ubuntu-server 2019-06-13
<wings> Hopefully a silly question
<wings> How do I make my DNS server accessible outside of the host that it's on?
<wings> having issues hitting it from a different machine, and as far as I'm aware Ubuntu 18.04 doesn't have a firewall by default... or so I thought...
<wings> I've checked ufw is disabled
<sarnold> did you check what IP addresses your dns server is supposed to be listening on?
<sarnold> if you're running it on a cloud provider, did you let through both tcp and udp 53?
<wings> ...actually. I'm being stupid.
<wings> I'm trying to do this on an Ubuntu Desktop machine, and that is almost certainly causing a conflict.
<wings> I might try rebuilding on Ubuntu Server instead
<sarnold> why?
<wings> why was I building on Desktop?
<sarnold> no, why would it make a difference?
<wings> it's just more complicated I guess?
<wings> anyways. The box is running on my machine, in VirtualBox
<wings> has the IP 10.21.30.2, and other machines can ping it just fine. I can hit port 53 on the machine via telnet and get a response, but not from another machine
<sarnold> how about other services on the machine? sshd? web?
<patdk-lap> hmm, desktop and server are the exact same thing
<patdk-lap> define another machine
<patdk-lap> in virtualbox or actually a physical machine
<patdk-lap> and always try to test with ping also :)
<sarnold> well, server won't install with networkmanager as the default netplan renderer, but once you've got an ip address, they'll be pretty similar :)
<patdk-lap> I dunno why netplan was put into place, so many things it doesn't support, again
<wings> patdk-lap: I'm just trying it as a hunch... worst case I learn something
<wings> And I meant another VM on the same network, which can ping, SSH and otherwise contact the DNS server, just no DNS...
<wings> I should say DNS *host*
<jamespage> sahid: I'm going to start on neutron* and networking*
<sahid> jamespage: ack
<jamespage> sahid: making a fix to openstack-pkg-tools to restore the understanding of git snapshots when generated OSLO_VERSION
<jamespage> that was lost in the last sync from Debian
<sahid> jamespage: how i determine the next version?
<jamespage> sahid: I do previous release major version +1
<jamespage> so for neutron
<sahid> example for aodh, stein version is 8.* so i imagine for Train it's 9.
<jamespage> 14.0.x is stein; train is 15.0.0~b1 for snapshots (+ git references and date)
<jamespage> sahid: yep you got it
<sahid> jamespage: how do you handle (build-)depends?
<sahid> jamespage: if you have a moment at some point to validate https://code.launchpad.net/~sahid-ferdjaoui/ubuntu/+source/aodh/+git/aodh
<sahid> at least to ensure that i'm doing it in the right way
<jamespage> sahid: https://git.launchpad.net/~sahid-ferdjaoui/ubuntu/+source/aodh/commit/?id=a58ef18fd58dc74a67fc8cefc9d28e87fccdcaa5
<jamespage> when you version depends like this please add to both Build and Runtime Depends - the python3-aodh package should mirror the source package build depends versions
<jamespage> sahid: other than that LGTM - are you build testing? I generally use a PPA and throw stuff at it until it works
<jamespage> https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3690/+packages
<jamespage> example
<jamespage> sahid: https://launchpad.net/ubuntu/+source/openstack-pkg-tools/99ubuntu1 should re-enable the correct setting of OSLO_VERSION when using our git snapshot versioning semantics
<Ussat> Can someone comment on the accuracy of this statement, it is from IBM:  https://pastebin.com/VqHzmTYU
<tomreyn> Ussat: this may refer to https://wiki.ubuntu.com/BionicBeaver/ReleaseNotes#A32-bit_PowerPC_Support_Dropped - see https://ubuntu.com/download/server/power for supported POWER platforms.
<Ussat> OK...thats to bad
<tomreyn> 32-bit POWER has kind of reached the end of its lifespan in general, though.
<Ussat> Sure......I did not post the entire email......
<Ussat> this is referencing 64bit ppcle
<Ussat> specifically, bnot refering to the ppcle platform, but the PowerVM Hypervisor
<Ussat> PowerVM enables DLPAR and Logical Partition Mobility
<Ussat> Here is more detail:  https://paste.centos.org/view/bea75610
<Ussat> god dammit stripped the http
<Ussat> sigh
<Ussat> There:  https://pastebin.com/Tt3QZEET
<Ussat> Thats the entire email minus identifying info, like names :)
<Ussat> Note, PowerVM is different than PowerPCle
<Ussat> PowerVM is a hypervisor that runs on PowerPCle
<Ussat> and I have the 18.04ppcle iso
<tomreyn> PowerVM does not seem to be specific to 32-bit POWER platforms, support for which got removed between 16.04 LTS and 18.04 LTS. so i'm not sure what they're referring to.
<tomreyn> for all i can tell there was never direct "support for PowerVM" by Ubuntu
<Ussat> OK, I will try to clarify with IBM, thanks
<tomreyn> so i'm not sure what they're referring to by stating "Ubuntu effectively stopped support for Ununtu PowerVM's with Version 16"
<tomreyn> Ussat: Note that i'm just a volunteer, not a Cannical spokesperson nor Ubuntu developer.
<Ussat> I will try to get clarification from IBM on this, thanks
<Ussat> NP, all good and appreciate the info
<Ussat> I may call Canonical directly later, thanks again
<TJ-> They may be referring to the fact that there's no certification beyond 16.04 for PowerVM
<Ussat> Thats probably it, I have an email to my IBM rep
<Ussat> TJ-, if thats the case, its unfortunate
<Ussat> I also have an email to Canonical
<Ussat> It really limits my choice to RHEL or Cent on PowerVM
<cyphermox> patdk-lap: such as? (things that netplan does not support)
<patdk-lap> dummy interfaces
<patdk-lap> atleast that I ran across the first installed I did that had netplan
<jamespage> sahid: do we need a futurist version bump?
<jamespage> just looking at your build errors
<sahid> jamespage: the OSLO fix you did resolved an issue with oslo_upgradechck?
<sahid> jamespage: i need to check that, currently i just reported the issue
<sahid> jamespage: python3-futurist is in eoan-proposed
<sahid> i mean the 1.8.1 version needed
<sahid> perhaps the buildroot that i use in my ppa should be based on proposed?
<jamespage> sahid: yes - you can tweak that in the ppa configuration screen
<jc__> Hi @TJ-
<sahid> jamespage: the ppa is rejecting my new uploads, i guess is because the version does not change, any idea how i can force?
<jamespage> sahid: you can't
<jamespage> once a version is uploaded its burned
<jamespage> sahid: that's why I used a generated version ID - https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3690
<jamespage> sahid: its just a wrapper around backportpackage - https://paste.ubuntu.com/p/KrJrfpFTMx/
<jamespage> I build the source package with my intended upload to ubuntu version, and then backportppa -u <PPA> -d eoan -y <srcpackage>.dsc
<jamespage> the version has timestamp in it so always moves forward correctly
<jamespage> sahid: PPA's work just like the main archive does from this perspective
<sahid> ack, wil try to understand all of that, thanks a lot
<jamespage> sahid: you can delete the current set of packages from the PPA, and then use that script to upload new ones
<jamespage> that should work
<jerichowasahoax> I've got an apt-get upgrade process running that I don't recall starting myself. Is there some way I can check its current status, make sure it's actually doing something?
<jerichowasahoax> I imagine this is just some automagic security update request or something so as long as it's not a zombie process I'm okay with letting it finish first.
<jerichowasahoax> ps aux says "jun05" yeah it's probably a zombie nvm lol
<sudoISS> three cheers for openssl 1.1.1! hip hip, hooray! hip hip, hooray! hip hip, hooray!
<lordcirth> Ooh, TLS 1.3, 0-RTT, SHA3, nice!
<mason> Hrm. So, the topic links https://help.ubuntu.com/16.04/serverguide/, but https://help.ubuntu.com/18.04/serverguide/ is available.
<mason> Just saying.
<tomreyn> it should probably point to https://help.ubuntu.com/stable/serverguide/ instead
<mason> Even better.
<mason> So, I'm curious... Is there a trick to getting a VM to support S3/S4?
<mason> libvirt/virsh, I see: "error: internal error: S3 state is disabled for this domain"
<lordcirth> mason, what's S3 in this context?
<mason> lordcirth: Sleep state. As in, "virsh dompmsuspend --target mem foo"
<teward> anyone know anything about STunnel?
<TJ-> teward: yes :)
<TJ-> teward: I used to use about 20 years ago with Windows :p as well as on Linux
<teward> :P
<teward> trying to use it to get a secure tunnel to Redis but...
<teward> getting this on client side: SSL_connect: 14212044: error:14212044:SSL routines:tls_construct_ctos_early_data:internal error     and this server:  SSL_accept: 140940F4: error:140940F4:SSL routines:ssl3_read_bytes:unexpected message
<teward> makes me think TLS 1.3 is at fault
<teward> but this works between containers so IDK
<TJ-> different ssl libraries at either end?
<sdeziel> early_data sounds like 0-RTT
<teward> TJ-: 1.1.1 on both sides
<teward> unless stunnel4 needs a rebuild after the OpenSSL backport on 18.04
<teward> but the odd thing is this works FINE on stunnel4 between containers
<teward> and the WEIRD part is it's accepting the connection from remote THEN barfing
 * teward grumbles.
<tomreyn> is "ssl3_read_bytes" still used with TLS 1.3?
<teward> no idea, but this is the OpenSSL error it triggers
<TJ-> teward: have you done a test with openssl s_client ?
<mason> <suspend-to-mem enabled='yes'/> fwiw
<sarnold> mason: hah, thanks
<TJ-> teward: the failing connection is stunnel4<>stunnel4<>redis or stunnel4<>redis ?
<mason> Ah, didn't work. Still "S3 state is disabled"
<mason> sigh
<teward> TJ-: python Redis client (PLAIN) <> stunnel4 CLIENT <> stunnel4 SERVER <> redis SERVER
<sdeziel> mason: not sure that interests you but there is 'virsh suspend $VM' that pauses the VM
<teward> breaks between the two stunnels when actually going between networks
<teward> BUT
<mason> I'll figure it out anyway. Tracking a suspend/resume bug, and it'd be a happier picture if I can debug it on a VM
<teward> same setup worked FINE in same network between containers running the same OS (18.04)
<TJ-> teward: so in all cases we're dealing with 2 stunnel4 instances
<teward> TJ-: correct
<mason> sdeziel: It might help. Unsure. This manifests as an ACPI bug on real hardware.
<teward> but it doesn't work over the Internet but DOES through the local containers subnet without going to the Internet or passing between network layers like that
<teward> *shrugs*
<sdeziel> mason: if you want to debug a suspend/resume bug, I doubt cause 'virsh suspend' seems to just send a stop command to the QEMU
<mason> oh, it overwrote the change on shutdown :P me--
<sarnold> :(
<teward> oh hm hang on
<teward> i think i might've broke something here
<TJ-> teward: it can happen if the ports are being scanned
<teward> TJ-: this can also happen if it doesn't get a cert
<mason> \o/
<teward> ssl handshake failure sclient
<teward> 1 moment
<TJ-> teward: I thought you said it had connected?
<teward> TJ-: it had guess I did a stupid somewhere
<teward> hang on
<TJ-> mason: you changed a manual config which got replaced? I had that happen to me earlier
<mason> TJ-: My mistake was changing the config before killing the VM.
<TJ-> mason: yeah, annoying when it writes the existing in-memory config out after you've edited it :D
<mason> changing it afterwards worked
<mason> yeah
<TJ-> spend time wondering how it got unset :p
<mason> YEP
<mason> We can get a vagrant VM to sleep. Odd.
<sarnold> sing it a sweet little song, rock it back and forth..
<mason> heh
<teward> TJ-: i think i failed in cert config
<teward> but i will test at home :p
<Nikita790> hello
<Nikita790> Can someone help me with configureing ubuntu server with my network card? i am only familler with linux gui, im stuck at the installer becase its only looking on eathernet
<sarnold> Nikita790: what release of ubuntu? what are you trying to do? where are you stuck?
<Nikita790> sorry
<Nikita790> i am used to discords bleep msg sounds
<Nikita790> Basicly im trying to install 19.04 and i am stuck at the network connections setup, it will not see my network card, it only sees my eathernet
<Nikita790> How can i get it to see my network card?
<OerHeks> so, you want wireless networking?
<Nikita790> yes
<OerHeks> find out what adapter, lspci would tell
<OerHeks> and ifconfig would show more..
<Nikita790> one second
<OerHeks> btw one must have a reason not to use 18.04 LTS ..
<Nikita790> oh
<Nikita790> i just chose 19.04 becase i tought it would be fastest
<Nikita790> should i burn a 18.04 and use thatt instead?
<OerHeks> yes, preferrably
<Nikita790> ok i will do that right now
<OerHeks> stable and well tested. and lots of guides only handle 18.04
<Nikita790> the card is a linksys 2.4g wmp54G
<Nikita790> i know it works on lubuntu 19.04
<Nikita790> i am burning dvd now
<Nikita790> thank you so much
<sarnold> no usb memory sticks?
<Nikita790> no
<Nikita790> i do not have one
<Nikita790> sorry, i am not used to checking my irc becase im used to discords msg sounds, sorry
<sarnold> Nikita790: don't worry about it, people come and go all the time on irc
<Nikita790> ok the iso is almost done downloading
<Nikita790> then i can burn, hopefully it will recognize my linksys 2.4g wmp54G PCI wifi card
<Nikita790> ok its burning at 8x speed
<OerHeks> oke, after installing, use wired networking >>  To use wifi with netplan.io and systemd-networkd, you need to manually install the wpasupplicant package. It is not automatically installed as a dependency since wifi support is optional on servers.
<Nikita790> ok... thank you
<Nikita790> I will do my best
<Nikita790> ok
<Nikita790> so
<Nikita790> does usb eathernet work for the installer? thats all i have acces too
<patdk-lap> depends
<Nikita790> i am going to try to use the ios hotspot one
<Nikita790> thats all i have acces to other then wifi
<patdk-lap> if your usb network adapter has a linux driver in the kernel or not, likely does
<Nikita790> i will try
<patdk-lap> it just gets so iffy, as it can take a few years sometimes for new device chipsets to get drivers into the kernel
<Nikita790> ok i hope my iphone has it, im gonna use the hostspot
<Nikita790> im booting up server 18.04 now
<teward> TJ-: well it 'connects' but... this is now what s_client shows: SSL_accept: 14201076: error:14201076:SSL routines:tls_choose_sigalg:no suitable signature algorithm
<teward> :|
<TJ-> looks like the key exchange algo lists are different?
<teward> possibly
<TJ-> teward: or is it the certificate signing algo its on about?
<teward> but that's s_client -> the stunnel4 server where redis is
<teward> directly
<TJ-> can you tell from the debug point
<teward> TJ-: can't tell
<TJ-> s_client can have very very verbose debug logging, which might help figure out which stage it is at
<teward> well if i drop to TLS1.2
<teward> it says no shared cipher
<teward> which is a different error :|
<teward> this is annoying me
<Nikita790> i wish there was a version of ubuntu server with all the ubuntu desktop wifi drivers baked in
<TJ-> teward: bingo "DSA certificates are no longer allowed in TLSv1.3. "
<teward> i'm not using DSA
<teward> they're RSA
<teward> and i'm forcing 1.2 now
<teward> bleh might blast this config and start over
<teward> see if i did something wrong in the config
<TJ-> teward: hmmm, see https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/ where they show that exact error
<sarnold> Nikita790: if you've got monitor on the computer you could probably install the ubuntu desktop and just remove the packages you don't want
<teward> TJ-: going to blast the configs and start over
<teward> with something that 'just works' to start
<teward> then try and add auth, etc.
 * teward goes to copy directly the configs from the containers
<Nikita790> Sarnold i used to do that but i heard it was very bad for the preformace
<Nikita790> and i need max preformace becase this is a low end pc thats gonna host a game server
<sarnold> Nikita790: there's not much difference between the two, beside the desktop version installs a GUI and uses networkmanager to configure networking
<sarnold> you could easily uninstall both those if you wished
<Nikita790> wow, ok i might keep my lubuntu installation then
<Nikita790> i just cant get the bloody screensaver to be disabled lol. thank you so much for your wisdom
<Nikita790> thanks
<sarnold> heh if that's the problem with your existing system I'm sure there's a solution of some sort :) dpkg -l '*screen*' might be a good start
<Nikita790> oh yes i used screen :D i just heard that a entire gui killed the servers preformace
<sarnold> it depends what it's doing, how much GPU vs CPU vs memory it takes up, etc..
<sarnold> the dpkg -l '*screen*' is to try to figure out what screensaver lubuntu might be using. it might be as easy as apt-get purge :)
<teward> TJ-: huh, you know what..
<teward> this might mean the ssl-cert package that generates snakeoil certs needs updated
<teward> sarnold: ^
<TJ-> teward: DSA cert?
<teward> TJ-: not 100% sure but I'd like to FORCE it to use RSA
<teward> checking now
<TJ-> there's an openssl.cnf in stunnel's /usr/share/doc/stunnel4/examples/ too, which might need looking at (it's for generating certs)
<teward> huh nope it's an RSA cert
<teward> TJ-: i was just trying to PSK the thing
<teward> looks like the system is weird :|
<teward> works FINE now i think
<teward> but i'll have to add PSK stuff in again for testing
<Nikita790> OH i was told if i use the alternative iso i can use wifi
<teward> cert auth is even more painful
<Nikita790> im trying that
<teward> so PSK for now with LONG keystrings
<TJ-> I never had a problem with certs; I use a USB Armory for issuing/signing certs
<teward> TJ-: yep working now.
<teward> TJ-: I use XCA but it's unclear what certs go where, and /usr/share/doc/stunnel4/* doesn't seem to exist
<teward> or at least it DIDN'T
<teward> :|
<teward> now it's here
<teward> i can generate the cert inside XCA now though
<teward> now that i now what extensions it needs xD
<TJ-> :)
<teward> but what I really need is client cert auth working
<teward> and I can't find examples of that
<sarnold> teward: https://launchpad.net/ubuntu/+source/ssl-cert/+changelog .. most recent change from 2017 .. since 1.1.1 is in cosmic, disco, eoan, without trouble, I'm guessing it's probably not in immediate need of update..
<teward> sarnold: yeah i poked it's an RSA cert
<teward> i think SOMETHING was just fubar with the cert when being parsed, redid the cert by hand and made a selfsigned and it "just worked"
<teward> *shrugs*
<Selfsigned> :/
<sarnold> :D
<Eickmeyer> Selfsigned: Username checks out.
<teward> TJ-: OK so...
<teward> can't use SSL with PSK
<teward> so i'll have to just use a redis auth PW then
<teward> which i should do anyways lol
<teward> sarnold: is there any guide for converting a sysvinit into a SystemD unit?
<sarnold> teward: this is a nice overview https://wiki.ubuntu.com/SystemdForUpstartUsers
<sarnold> teward: (not of the exact sysv->systemd, but systemd in general)
<teward> yeah i'm going to futz with the stunnel4 package locally to see if I can't SystemD unit the entire thing
<teward> get it off the older methods
<teward> going to be an evil project but xD
<teward> tired of using sysvinit evil
<sarnold> yeah; I don't love systemd, but sysv-init isn't my idea of great either :)
<sarnold> teward: there's too much documenation for systemd unit files, and throwing you into the docs feels mean.. but if you've got a cause to run one stunnel4, you probably have cause to run several of them. and they might be similar enough to justify learning the 'template' support, mentioned on https://www.freedesktop.org/software/systemd/man/systemd.unit.html
<sarnold> (and the manpages, of course, but the hyperlinked ones are actually kind of nice)
<teward> sarnold: true.  but I'm curious why we don't unzip and copy the sample config into /etc/stunnel/
<teward> because it's weird, there's LITERALLY no config examples there by default
<teward> it's all dug deep in /usr/share/doc/...
<teward> maybe that's normal but eh
<sarnold> teward: yeah I always prefer having example configs in /etc .. but I can kind of understand the folks who want /etc to say what's *different* about the machine in question. it's weird.
<teward> i looked at the stunnel config example though
<teward> EVERY unit in its example is commented out
<teward> and /etc/default/stunnel4 has to have ENABLED=1 to actually start
<teward> so IDK
<teward> it'll be a long term project to SystemD-ify stunnel4
<sarnold> or ignore the configs / initscript shipped in the packages?
<teward> lol indeed
<teward> sarnold: well i would want to ship it as by default NOT enabled
<teward> is that even doable in the package policy to autodisable the service at install?
<teward> because it would NEED configured to even run
<teward> per my testing at least
<teward> no config, megaerror
<sarnold> teward: good question. it's my understanding that systemd comes from the land of 'installed packages don't automatically run anything'.. I'm not sure how well that'd fit in debian
<teward> well i an't touching Debian with a fifty foot pole
<teward> :p
<teward> which reminds me
<teward> I still need to distropatch NGINX Eoan
<teward> with that PIDfile handling thing
<Curtman> I'm trying to set up an iSCSI target with targetcli, I'm confused why various tutorials, and even the manpage refer to a systemd unit I don't have and cant find any info about how to install. Eg: "$ sudo systemctl enable target.service"
<Curtman> Does anyone know what package provides that?
<Curtman> http://manpages.ubuntu.com/manpages/bionic/man8/targetcli.8.html
<TJ-> teward: I can systemd-ify stunnel if you want the package updating; it doesn't require much at all
#ubuntu-server 2019-06-14
<TJ-> teward: It might need to be templated to allow stunnel4@XXXX.service for per-connection control
<teward> TJ-: actually fine with it being one entire service controlled by one master
<teward> like uwsgi is
<teward> at least for MY use case
<teward> but whichever, if you want to take a stab at it feel free
<teward> i'll even build and live-test it :)
<TJ-> teward: being ablr to bring up each tunnel separately would be better; rather like how I have the pppd@ service
<teward> true
<teward> TJ-: well, if you want to )
<teward> TJ-: well, if you want to :)
<TJ-> teward: I'll see if that is feasible since it also implies multiple processes
<teward> right
<teward> TJ-: hate putting more projects on you though xD
<teward> but i'd like it to be SystemDified instead of old xD
<TJ-> Curtman: the targetcli-fb package doesn't include any service files; the man-page is indicating that /some/ distro maintainers *may* add such service control files, but Debian/Ubuntu haven't so far as I can see in 18.04 at least
<TJ-> teward: It's fine; It's light entertainment for me
<sarnold> hah, on my unpacked archive sources, the only target.service file I have ... came from a centos srpm that I unpacked.
<teward> lol "light entertainment"
 * teward conscripts TJ- to do all the work*
 * TJ- is 4 hours past bed-time and running away fast :p
<sarnold> ha :)
<teward> heh
<Curtman> I wonder what use targetcli could possibly be without a service to actually make the thing available once you configure it.  :/
<Curtman> Oh well.. tgtd seems like the way to go anyway.  Seems strange though.
<cyberfingers> I am using a php app SEO Panel, which I want to connect to an external MySQL Server. What do I need to install so this will work? Thanks
<lordievader> Good morning
<jc__> <lordievader> good morning.
<lordievader> Morning
<jc__> Two days back we were discussing about 2 NIC on ubuntu 16 and 18.
<jc__> Anyone with insight in "systemd-resolve --status", I have configured two NIC on the ubuntu server 18. But I am noticing only one NIC details in the logs
<blackflow> !details
<ubottu> Please elaborate; your question or issue may not seem clear or detailed enough for people to help you. Please give more detailed information; for example, we might need errors, steps, relevant configuration files, Ubuntu version, and hardware information. Use a !pastebin to avoid flooding the channel.
<jc__> <blackflow> and <ubottu> I have posted logs here. https://paste.ubuntu.com/p/QdVZyz84bP/
<jc__> if you look at my configuration of netplan. I have configured the two interfaces , but "systemd-resolve --status" show only one of the configuration in the status. I am not able to use second NIC to ssh or ping from other servers
<jc__> similar issue , I am facing on ubuntu 16 also. I could not figure out the reason.
<jc__> these interfaces are connected to two vlans on the switch.
<blackflow> jc__: not sure I understand your problem. what does systemd-resolved have to do here?
<blackflow> looks like resolved is using eth0 to send out DNS requests. or more precisely, it's using the default gateway route for the configured lookup IPs. systemd-resolved is just a stub resolver, it requires an upstream recursive (caching) resolver
<jc__> My main issue is, I am not able to use second NIC. I am not sure, what is actual issue.
<blackflow> which one is "second".... eth1?
<jc__> eth1 is second NIC
<blackflow> can you ping 10.2.14.1 ?
<sahid> jamespage: cinder is needing ddt => 1.2.1 and we ship 1.1.1 with eoan
<jc__> yes, I can from the server
<jc__> root@h019:~# ping -c2  10.2.14.1
<jc__> PING 10.2.14.1 (10.2.14.1) 56(84) bytes of data.
<jc__> 64 bytes from 10.2.14.1: icmp_seq=1 ttl=255 time=6.47 ms
<blackflow> jc__: is that a "yes"?
<jc__> sorry. Yes. I can ping
<blackflow> jc__: right. can you ping any other IP in the 10.2.0.0/16 subnet?
<jc__> yes, I can ping all the ips which are configured in 10.2.0.0/16 subnet.
<blackflow> jc__: so what's the problem then?
<jc__> I am not able to connect to server IP: 10.2.14.119 using ssh or I can not ping the server
<jc__> I am able to connect to the server using  10.1.14.119 (eth0) first NIC
<blackflow> which means the server is configured for 10.1.14.119 and not 10.2.14.119?
<blackflow> are you connecting by hostname or by ip?
<jc__> I have connected using the IP, not using hostnamr
<jc__> So, I configure the server with more than 1 IP
<jc__> How can ***
<blackflow> Which one? The one you can connect to over 10.1.14.119 but not over 10.2.14.119 ?
<jc__> Yes, I can connect to server using  10.1.14.119 but not over 10.2.14.119. I want to use both, is it possible to configure the server.
<blackflow> jc__: so you have two cables going to that server? one for eth0 and one for eth1?
<jc__> Yes, I have connected two cables to eth0 and eth1. They are basically connected to same switch in different vlan.
<blackflow> and did you configure this other servers, for required IPs on specific NICs?
<blackflow> *server
<jc__> I did not configure other servers. Servers which I configured are not able to use more than 1 NIC.     On this server, I have configured the specific ips, during the installation of ubuntu 18.
<blackflow> jc__: oh also, some massive confusion here you caused, the pastebin you posted, is that THE server you can't access at 10.2.14.119 from some other machine in the network?
<jc__> <blackflow> : sorry for the confusion. All the logs , I have provided are from the same server, to which I am trying to connect.    I am able to connect to the server using  10.1.14.119 (eth0), but I am not able to connect to the server using ( 10.2.14.119).
<blackflow> jc__: can you pastebin the output of `ip a` ?
<jc__> From other servers, I can ping  10.1.14.119, 10.2.14.119. But I am not able to ping the configured server from firewall using  10.2.14.119 or ssh using  10.2.14.119.     From my firewall I can ssh and ping using  10.1.14.119
<jc__> `ip a`  -->  https://paste.ubuntu.com/p/SnQQzKFspX/
<blackflow> if you can ping 10.2.14.119 from other servers, then everything is fine on this server. you apparently have a problem elsewhere in your 10.2.0.0/16 network
<blackflow> unless that 10.2.14.119 is not _this_ 10.2.14.119 but some other machine in the network has it....
<jc__> No other machine in the network has this IP. But I will find out more about the network settings for 10.2.0.0/16. I didn't set it up. I am not completely sure, where to look for this configuration. By chance these details will be on the switch?
<blackflow> jc__: I have no idea how your network is laid out and what with.  Point is, if you can ping _this_ machine via 10.2.14.119 from another, then as far as _this_ machine config is considered, it's okay.
<jc__> what about the routes. something might be wrong with the routing?
<jc__> blackflow:
<blackflow> jc__: not if you can ping _this_ machine from any other and/or any other machine from _this_, in the 10.2.0.0/16 subnet
<jc__> blackflow: okey Thanks. I will more on other networking issues
<geodb27> People : hi ! What would be the best way to setup a floating ip on ubuntu 18.04 LTS server editions machines. I've got three of them and from what I've reat, the network config is handled by netplan now.
<blackflow> geodb27: what do you mean exactly by floating IP.
<geodb27> Hi blackflow and thanks for your concern. I've three servers. Each has a static IP and I don't want to change anything about that. Aside, I'd like to have an IP that would enable me to reach my cluster formed of these three machines. I know that it can be done under some other systems (like redhat) with pacemaker for example.
<geodb27> With such, a static ip address, the IP is assigned to one only of these servers and is automatically assigned to one of the alive servers of the cluster if the one that handles it goes down.
<blackflow> well the simplest solution is to setup this secondary IP as additional static IP, then the router is reponsible for proper routing
<blackflow> now if you don't have such a router with such capabilities (eg. by a hosting company offering floating IPs), you'd have to implement it yourself. pacemaker+corosync is one way, yes.
<geodb27> One "current" setup for this is when you want an apache server to never be down. The floating ip is assigned a dns name. An a service on the cluster is responsible to have the ip and the service (here apache) to be hosted on only one machine at a time.
<geodb27> So, well, if I read you, I'd have to go with pacemaker and corosync for this, right ?
<geodb27> Will it not conflict with netplan ?
<blackflow> wouldn't know, I'm not using neplan. but in this particular case you set up the floating IP as a static IP and then make it "floating" on the router side.
<geodb27> I can't do that on the router side.
<blackflow> so then you need the complex way, with a HA cluster setup like corosync+pacemaker
<geodb27> Thanks for your kind help blackflow. I'll head for this, then :-)
<ahasenack> good morning
<supaman> when ubuntu-server 18.04 starts up and iptables is activated (not ufw), from where does iptables get its rules?
<ahasenack> maybe you have iptables-restore being called from somewhere?
<ahasenack> but the package doesn't provide an initscript, or systemd service, for that
<sdeziel> supaman: I know that iptables-persistent does just that
<sdeziel> iptables-persitent stores rules under /etc/iptables/rules.v*
<supaman> hmm ... I do have a systemctl status iptables ...
<supaman> there is is this app, iredapd that is set up on this server which seems to be doing something with iptables
<jamespage> sahid: OK uploaded everything apart from barbican - see notes in tracking sheet
<sahid> jamespage: ACK, thanks a lot for your reviews
<jamespage> np
<nitzicuile> Hi ppl. I was here yesterday. I was having problems with do-release-upgrade (18.10 -> 19.04). I was using Dspace with Tomcat8. I already installed Tomcat9 and Dspace is working. The problem is SOLR, it seems that something is not right. The connection with postgresql is ok, but Dspace can't show data due to SOLR fail. Â¿Any idea? https://pastebin.com/pjTk9W4P
<nitzicuile> I am pretty sure that config files are ok. It works before the upgrade and Tomcat9 installation.
<lordcirth> nitzicuile, you might want to find a channel about that software.
<lordcirth> !alis | nitzicuile
<ubottu> nitzicuile: Alis is an IRC service to help you find channels. For help on using it, see "/msg Alis help list" or ask in #freenode. Example usage: "/msg Alis list http"
<ahasenack> ddstreet: around?
<slashd> ahasenack, ddstreet is on vacation
<ahasenack> ok
#ubuntu-server 2019-06-15
<snake-venom>  hi there i was adding crons in my ubuntu , i want to know  " wget -O - -q -t 0 " why  "0" in last and somewhere existing cron have "1" in last..
<ploxiln> if you run "man wget" it should tell you about all of the options, including the "-t" option, which is "number of tries", where 0 means infinite
<jafa> hi guys, I have a conf file to increase the nofiles limit in /etc/security/limits.d for all users and for root. ulimit reports the new limit when invoked from a shell but anything started from rc.local still has the default limit
<jafa> is the limit conf only applied after rc.local executes?
<jafa> tested a solution - sysctl write then ulimit set at the start of rc.local
<rbasak> jafa: IIRC, /etc/security/limits.d/ is read by a PAM module, so applies to logged in users.
<rbasak> rc.local is run without going through PAM, so won't apply.
<rbasak> jafa: I suggest you replace your use of rc.local with a systemd unit. Limits are tunable directly in systemd units
<rbasak> jafa: or alternatively, just use ulimit in rc.local?
<jafa> i should look at systemd units
<jafa> quick fix was to add "sysctl -w fs.file-max=1000000" and "ulimit -n 1000000" to the start of rc.local
#ubuntu-server 2019-06-16
<devIT> hi
<devIT> I ask again (posted this question in #ubuntu) "I've rebooted i) after 174 days uptime, and ii) after Ruby installation. The OS is Ubuntu Server 18. The reboot ends in "emergency mode""
<blackflow> devIT: I'd say that Ruby is irrelevant. There has been a number of kernel updates in the past 174 days. You'll have to check what the systemd output/logs are saying.
<devIT> what /var/log I have to look at?
<devIT> syslog ?
<blackflow> syslog, but you can also use the journal
<blackflow> infact, check teh journal as there's no guarantee anything has been forwarded and committed to disk, for syslog
<devIT> there is a way to quick search failures?
<blackflow> journalctl -p err
<blackflow> but important messages needn't be marked as errors. also check -k
<devIT> This sounds useful
<devIT> journalctl -p -k err ???
<blackflow> devIT: man journalctl
<devIT> Ok, -k to get kernel only messages
<devIT> There are a lot of them
<blackflow> devIT: a number of last lines are usually most relevant
<devIT> -p error show me 3 kernel errors: one about "tpm", one for "sd 2:0:0:0: [sdb] No Caching mode page found" and the last sd 2:0:0:0: [sdb] Assuming drive cache: write through"
<blackflow> doesn't look like an error. what about system services.... systemctl --failed
<devIT> I'll try
<blackflow> (btw -k doesn't show _errors_, it shows kernel messages from the dmesg ringbuffer)
<blackflow> also what filesystem is on root? emergency mode usually means failure to pivot to root
<devIT> --failed show "0 loaded units listed" (in red) then "Pass --all to see loaded but inactive units too"
<blackflow> can you somehow pastebin the output of `journalctl -xe` ? maybe take a screenshot and post to imgur
<blackflow> I am assuming no network there to use netcat
<devIT> I'll try with screenshot... back soon
<blackflow> preferably reboot again and give the fresh output immediately upon entering emergency mode
<devIT> ok, I'm rebooting, then I'll take the photo
<devIT> here is the screenshot
<devIT> https://imgur.com/STAOWPi
<blackflow> hrm yes that's for the emergency mode boot.... not showing the important bits. I guess you'll just have to go through the journal and locate anything that would explain failure to mount root or whatever the reason is for the emergency mode.
<blackflow> ordinarily I'd ask you to pastebin the entire log but without network, that's gonna be very difficult
<devIT> it was fstab!
<devIT> an entry to an USB external drive
<devIT> An external drive not present
<devIT> (and is supposed to be not present, I used it as a temporary drive)
<blackflow> devIT: temporary drives shouldn't be listed in fstab, but it you really want to, then add to the options section, something like this:  nofail,x-systemd.device-timeout=1s
<blackflow> without nofail, missing fstab mounts will block on boot
<devIT> thx blackflow , probably I'll add that option
<devIT> I' very appreciate your support, guys :-)
<devIT> ("I've very appreciated ...")
<devIT> I have to go now...
<devIT> thank you again!
<lotuspsychje> !cookie | blackflow
<ubottu> blackflow: Wow! You're such a great helper, you deserve a cookie!
<blackflow> !yum
<ubottu> Uh, don't you mean !apt ?
<lotuspsychje> lol
