#ubuntu-server 2006-07-03
<J_P> anyone here  can see this problem, I think is a big bug!
<J_P> after 35 seconds second <TAB> show root@concord:/usr/src# tar -xvf linux-source-2.6.15.tar  linux-source-2.6.15/ and cpu come back to normal use.
<J_P> this ocurred only with user jpsuser. User jpsuser is one user with root userid and gid : root@concord:~# cat /etc/passwd | grep -i jpsuser
<J_P> jpsuser:x:0:0:,,,:/home/jpsuser:/bin/bash.
<J_P> Using normal root user: sudo -i this problem I don't have!
<Jeeves__> Ok, don't know if this is a question for this channel but i am running Ubuntu server and am having problem using SSH to remote it
<Jeeves__> Once in it is ok but it takes an age to ask me for the password
<Jeeves__> and it sometimes times out so even if I enter the write password it closes he connection.
<Jeeves__> any ideas why this could be?
<dekopolis> howdy
<dekopolis> was hoping someone could help me uninstall a network adapter and reconfigure networking
<dekopolis> anyone..?
<stromham> hello
<mooseman447> hey
<mooseman447> whats up guys
<stromham> nm
<mooseman447> im considering setting up hosting for a couple ppl very simple and i wanted to give them ssh access is there any way i can log their ssh so i know if they are trying to mess with me?
<fowlduck> do you think it is reasonably possible to run DNS for one domain, Apache (running a rails app and a mono app), and one email server on a P3 933 MHz with 512 MB RAM?
<mikal-laptop> Yes
<avalente> hello
<avalente> If I install ubuntu-server and then apt-get install ubuntu-desktop, will I get the Server+GUI or will I get the same as Ubuntu Desktop?
<mooseman447> hey
<mooseman447> anybody here?
<A-Kaser> reuh
#ubuntu-server 2006-07-04
<J_P> hey all, I am compiling kernel, I compile the kernel and install ok, but I try install second compiled kernel but the new kernel try create same name in /lib/modules/... But In kernel package I specific diferent argument in --revision : root@concord:/usr/src# make-kpkg --revision=test.1.0 kernel-image.
<J_P> So, I have this kernel do install via dpkg -i : kernel-image-2.6.15.7-ubuntu1_normal.kernel.conf.p4.6.7.3_i386.deb and kernel-image-2.6.15.7-ubuntu1_p4.6.7.3_i386.deb. But first kernel create dir /lib/modules/2.6.15.7-ubuntu1/ and when i try install second kernel ubuntu show error for me that dir /lib/modules/2.6.15.7-ubuntu1/ already exist. Why if my argumtn in --revision when compile is diferent ?
<nnonix> anyone have any idea why postfix would respond 502 for a single computer on another network when it issues EHLO whatever?
<nnonix> This is nuts, it only happens on a single machine.
<mikal-laptop> Anything in the logs at that time?
<nnonix> just connect / disconnect
<mikal-laptop> 502 == command not implemented
<nnonix> yep
<mikal-laptop> I'd run ethereal and see what's happening
<nnonix> I'm considering it
<mikal-laptop> It's prolly your best bet
<nnonix> nothing on the net I can find
<nnonix> tnx
<thefish> i have made a xen dom0 kernel for ubuntu, (enabled MD support), made a new partition (type 8e), but now i cant create a lvm pv: "Can't open /dev/hdb1 exclusively.  Mounted filesystem?", I also cant format it. I tried lsof | grep hdb1, but that didnt return anything. Any idea what i could look for?
#ubuntu-server 2006-07-05
<ball> hello ivoks
<ivoks> hi
<ball> hello stomham
<ball> stromham*
<stromham> ?
<stromham> hello
<ball> Does #ubuntu work well with dual-core or dual-processor PCs?
<stromham> do what/
<ball> (I'm pondering edubuntu and I think all the apps would run on one box, so it would have to be fairly beefy)
<ball> (or as beefy as PCs get anyway)
<ball> Something I said?
<ivoks> it works wll with dual processors
<ivoks> i didn't try it on dual-core :)
<ball> ivoks: thanks, that gives me a clue at least.  Does it balance the load across the two chips?
<ivoks> ball: like any other linux distribution
<ball> I'm new to Linux
<maswan> it works fine on dual core too, but this is fairly off-topic fo server development discussion
<ivoks> agree. :)
<ball> Sorry.
<A-Kaser> poy poy
<Jeeves_> Ola!
<Jeeves_> Are there known issues with Ubuntu Server 6.06 on a Dual Xeon?
<Jeeves_> I have some 'non responding' CPU's...
<A-Kaser> no
<Jeeves_> Hmm
<Jeeves_> It's funny, the installer kernel boots, but the installed kernel reboots half way
<RShadow> I current have a remote ubuntu server, that I like to monitor remotely.. currenty I have a bunch of terms sshed into the machine to view various things.. however this eats up alot of the server resources.. any ideas for a better way?
<A-Kaser> snmp + cacti
<RShadow> can you elaborate a little bit (or possible point me in the direction of a decent HOWTO)
<A-Kaser> hum
<A-Kaser> generally
<A-Kaser> the server are monitored by snmp
<A-Kaser> it's a protocol and a daemon
<A-Kaser> after you can check the data over network and archvied
<A-Kaser> cacti http://www.cacti.net/
<A-Kaser> can display information and history
<RShadow> cool.  I'll check it out
<lionelp> RShadow: there is a page on help.ubuntu.com/community on cacti (probably h.u.c/community/cacti)
<RShadow> awsome... Thanks for the info
<Kamion> Would someone who's experienced in writing specifications mind writing some use cases for https://wiki.ubuntu.com/UbuntuServerTasks? I've done the rest of the specification, but I couldn't quite face the use cases ...
<Kamion> some way to make them not just effectively a copy of the design would be nice
* Kamion tries prodding neuralis too
<A-Kaser> ?
<Kamion> A-Kaser: was that directed at me?
<A-Kaser> yes :)
<Kamion> A-Kaser: if you have no idea what I'm talking about, please ignore it
<A-Kaser> ok if you want
<Kamion> ah, good, neuralis has volunteered
<A-Kaser> I never use a "specified" server install, because we don't know which packages will be installed
<A-Kaser> so we make all the servers install manually
<FunnyLookinHat> I'm setting up a very basic X server on my ubuntu server install and did an install xserver-xorg and configured it but it's telling me:
<FunnyLookinHat> Fatal server error:
<FunnyLookinHat> could not open default font 'fixed'
<FunnyLookinHat> What package do I have to install to get that error fixed??
<FunnyLookinHat> Ahh, found it... x-window-system-core
<terje> hi, I'd like to configure my freshly installed ubuntu-server as a nat-gateway for a subnet I'm working.
<terje> err.. working on.
<terje> any pointers?
<A-Kaser> terje, nop
<lionelp> terje: https://help.ubuntu.com/community/IptablesHowTo
#ubuntu-server 2006-07-06
<terje> cool, I'll get it worked out, thanks.
<terje> I figured there might be some nifty tool I could use.
<andyp> hi Toadstool!
<andyp> is this the right place to ask/talk about getting an alien 'server' package included, possibly...??? or is alien good enough for server?
<andyp> i'm asking about 'samba-vscan', i think I used an RPM
<andyp> any server dudes hereabouts? ;-)
<andyp> hi fabbione!
<fabbione> hello
<andyp> do the server guys (n gals) meet up anytime?
<andyp> do you know>
<andyp> opps, do you know?
<andyp> i had question about an alien server package
<fabbione> andyp: alien server package?
<andyp> getting it included, that is
<andyp> the 'samba-vscan' package, i used an RPM i think
<fabbione> meh no
<fabbione> it needs to be done properly
<grenegar> thanks for sparc port fabbione
<fabbione> grenegar: welcome :)
<fabbione> grenegar: i hope it works for you
<grenegar> very well! running on 2 ultra 10s at the moment
<fabbione> nice
<fabbione> grenegar: are you using them as workstation with X?
<grenegar> try a SS20 soon when I have (lots of) time.
<fabbione> we don't support 32 bit.. only UltraSparc
<grenegar> I had loaded the dapper beta with gnome and it worked well (very minor glitches)
<fabbione> and iirc the SS20 is 32
<grenegar> oh ya. doh!
<fabbione> grenegar: great.. do you think you can collect gfx hw info for me and send me the generated xorg.conf and how it should have been done? includeing a prtconf -p -v would help too
<grenegar> now I have loaded dapper release 'server' install - no gui. very good so far
<grenegar> slick - no glitches yet
<fabbione> nice
<grenegar> k. i will reload reload 'desktop' install and do that
<fabbione> grenegar: well don't feel forced to. if you can it would be handy
<grenegar> it's ok - i love to experiment with this
<grenegar> i recall using generic ati driver - worked fine.
<fabbione> ok :)
<grenegar> xorg.conf was very basic. no treaks. 1024x768x24 @85Hz
<grenegar> i recall having to fix the apt headers file so i could be parsed, but it was fine when i did the latest 'server' install.
<grenegar> 'it' could be parsed :)
<grenegar> i also recall that when loading gnome desktop all gnome panel apps crash and prompt for restart.once restarted, it was fine
<grenegar> hope this helps...
<fabbione> grenegar: ok thanks!
#ubuntu-server 2006-07-07
<thefish> anyone know if there are plans on getting a xen ubuntu kernel into any apt repos?
<lionelp> thefish: it is forseen for Edgy
<lionelp> See https://launchpad.net/distros/ubuntu/+spec/xen-edgy
<thefish> ooh nice
<thefish> thank lionelp
<thefish> when is the planned release for it, 6.10?
<lionelp> yes, Edgy is 6.10
<lionelp> release is planned for 26 of october
<thefish> cool
* thefish dribbles
<thefish> ive got some domUs running dapper now, but it was not quick and easy
<thefish> would be really nice to apt-get a xen kernel
<Shere`Khan> can i manage an local network with ubuntu server ? (can i see the bandwith, traffic metter for each IP, traffic limiter for each IP, port locker.....)
<lionelp> Shere`Khan: yes you can, but you have to install specific tool
<lionelp> there is no out-of-the-box interface to do so
<thefish> Shere`Khan: sounds like you want a firewall/router distro instead
<thefish> but ubuntu can do that
<thefish> if you dont want to get your hands dirty, try ipcop - it does a lot of that stuff and has plugins that can do more
<Shere`Khan> and .. where can i get the tools?
<thefish> apt
<Shere`Khan> and where do i get that ?>:)
<Shere`Khan> and.. another question .. i have 4 lines of adsl .. can i put them all in one server ??
<Shere`Khan> ?
<thefish> yes you can, but be prepared for a lot of reading
<Shere`Khan> ..
<Shere`Khan> :D
<Shere`Khan> i`m here
<Shere`Khan> :P
<Shere`Khan> ......
<Shere`Khan> where can i find the documentation ?
<lionelp> I thinks this one is a good starting point : http://lartc.org/
<lionelp> It is not Ubuntu specific but it is very complete
<Shere`Khan> it says and how i put 4 lines into a server ?
<thefish> apparently ubuntu can set up a certified lamp server with a single command. Google is full of this claim, but does anyone have any idea what this magic command is?
<fabbione> thefish: at install time
<fabbione> select lamp
<J_P> hi all
<thefish> fabbione: no way after install?
<fabbione> manullu
<fabbione> manually
<fabbione> apt-get install packanges...
<fabbione> the packages do work out of the box no matter how you install them
<goldrake> someone has yet installed ubuntu on openpower server?
<aurelyano_18> can i open an http site on ubuntu server ???????
<lionelp> aurelyano_18: yes !!!!!!!
<aurelyano_18> how?????
<spike> I guess that 18 is a typo, the one you wanted is just 2 keys on the right
<aurelyano_18> >:)
<lionelp> aurelyano_18: what do you mean by " open an http site on ubuntu server" ?
<aurelyano_18> never mind
<aurelyano_18> how do i change the resolution from terminal??????
<aurelyano_18> how do i change the resolution from terminal??????
<lionelp> aurelyano_18: I think thath your "?" key is blocked :)
<lionelp> this is not relative to server by the way :)
<aurelyano_18> i just instaled the desktop
<lionelp> for desktop questions, #ubuntu is the good channel
<aurelyano_18> oo tnx
<mneisen> Hello!
<mneisen> Is there a way to install ubuntu on a remote server where I have access to a rescue system (i.e., I have no way to insert an installation CD into the machine)?
<lionelp> mneisen: you can use a debootstrap
<mneisen> lionelp: do you have some pointer or URL to a tutorial/howto?
<lionelp> no, but I am sure that you will find good examples on google
<lionelp> it is really an easy tool to use
<lionelp> something like debootstrap --arch i386 dapper /dapper/ http://fr.archive.ubuntu.com
<mneisen> ok, thanks a lot!
<dan__> where can i find some tools for router for ubuntu server
<dan__> ?
<dan__> where can i find some tools for router for ubuntu server??
<A-Kaser> as ?
<A-Kaser> what do you want to make ?
#ubuntu-server 2006-07-08
<J_P> hi all
<nictuku> J_P, jo
<nictuku> ops
<nictuku> hi
<J_P> :-)
<J_P> hey, I ompile my new kernel using kernel-package, and create one kernel.deb, I install that kernel using dpkg -i new_kernel.deb, but in grub not create initrd, so how I create new initrd.img for my my new kernel ?
<RShadow> when you login to ubuntu (CLI) it gives you this disclaimer.. were is it pulling that from? I thought /etc/issue but that is not the case.  I need to modify this because when ppl ssh to my box they don't need to know I'm running ubuntu or what kernel I"m running
<A-Kaser> motd may be
<A-Kaser> #Banner /etc/issue.net
<A-Kaser> in /etc/ssh/sshd_config
<RShadow> Its not in issue.net either
<RShadow> it is in motd however (not very convientinal.. but) so my question would be what updates this?  How can I prevent this file being overwritten if I say upgrade my kernel or such?
<uniq>  /etc/default/rcS
<uniq> EDITMOTD=yes
<uniq> change that.
<RShadow> uniq, thnx
<gapz> hello
<gapz> the kernel with install-server is optimise for server ? (sorry for my language i am french)
<lionelp> gapz: yes, it is
<gapz> merci, :-O great :p
<lionelp> de rien :)
<spike> first time I see a french apologizing for his englih ;)
<spike> english*
<lionelp> spike: french are not the best for speeking english
<gapz> sur ^^
<gapz> sure*
<spike> french are not the best for any language besides french :)
<lionelp> that's right
* spike still remembers Chirac intervention during one of the recent EU parliament meeting
<gapz> spike :-D
<lionelp> the system should realy be improved for learning languages
<lionelp> spike: we are far much better at football ;)
<spike> Chirac's*, meetings*, damn, need more sleep and less boze
<spike> lionelp: eheh
* spike has watched only few half matches and it happened by accident
<lionelp> so you are not going to cry tomoroow night :)
<spike> actually I'll be fairly happy to see italy losing :)
* lionelp too
<spike> O_o
<spike> there's no way to fly from england to bruxelles with a lowcost company... that's amazing
<J_P> hi all
#ubuntu-server 2006-07-09
<Jeeves___> Having a problem with mounted drives,
<Jeeves___> on a server version
<Jeeves___> should I be in general support or here?
<Fjodor> Hi. Has anyone had a machine rebooting after grub, thus entering a cycle of reboots?
<Fjodor> Anyone?
<infamy> is there any plans to make a webbased admin tool?
<spike> ther are already loads, why another?
<sharms> spike: how about list them for him rather than an unproductive response?
<harry666> i have troubles installing 6.06 server with a compaq smartarray controller, install works but after reboot the kernel cannot boot from the smartarray
<DJ_Mirage> spike. only good one I know which is open source is webmin, which is bloated
<spike> sharms: how about different POV? to me, anybody saying "why not making a webbased admin tool", like any other tool, must have done researches andd know about others and their weaknesses
<tsume> a webbased tool also opens up more insecurities
<spike> FUD
<spike> a webbased tool doesnt open anything is it's well done
<spike> or rather, it opens sec probs as any other service
<tsume> you're increasing vulnerability level by opening a server(http) and having a third party script run
<tsume> right, well webmin is full of holes lie swiss cheese
<spike> tou're incresing vulnerrabilities any time you dd anything to your system. sowhat?
<spike> yes, it's known, and so what? there are many others besides webmin
<tsume> a remote server tool(perhaps based on a RPC service) only opens up a server, less can go wrong.
<tsume> spike: the only reason to go web based is convienence
<spike> an admin panel hidden behind an htaccess is harmless
<spike> and how convenience is a bad thing?
<spike> and why convenience necessarily must be unsecure?
<tsume> spike: its not a bad thing, it depends on the person
<spike> 21:09:34 < tsume> a webbased tool also opens up more insecurities
<tsume> I can out admin anyone stright from the command line however
<spike> where's the person mentioned there?
<spike> there you say that webbased tools adds insecurities
<spike> now you say it depends on the person... and so what? a bad admin will make mistakes, a good one less.
<spike> nothing to do with webbased applications
<tsume> spike: its adding more which could go wrong, and you dono't know a web admin tool does everything correct.
<spike> again, anything you add is something that can go wrong, and so what?
<spike> and you dont know cause you dont know the app or the app is poorly written. a good app does everything correct
<spike> again, FUD
<spike> and even generic
<spike> it's not at all related to webbased tools, just any app
<spike> there's ebox as well, new product, very interesting
<tsume> heh. my apps are perfect ;) :P
<tsume> j/k :)
<sharms> spike: it is quite apparent infamy did not do research
<sharms> spike: and since the spirit of ubuntu is helping others, why not recommend a few you have found interesting
<spike> sharms: if is indeed a lot of infamy not to do research. spirit of helping others has nothing to do with lazyness
<spike> sharms: besides, I alredy did, named 3 already
<tsume> hmm
<tsume> has anyone started converting their products to use on ubuntu?
<tsume> like DirectAdmin, etc..
<tsume> I know some of them are very proprietary to certain distros/OSes.
<sharms>  I was testing a hostname bug, and was able to confirm it, and now I cant change my hostname back.  You guys know another way to use sudo? all I get is: sudo: unable to lookup bobvila via gethostbyname()
<tsume> hmm
<tsume> sudo works for me even if I didn't set my hostname correctly..
<tsume> hehe, I usually have two sudo bash shells open anyway :)
<infamy> sorry was away. and why i was asking if there was plans to make one just for ubuntu server, is that most of them out there lack polish and ease of use..
<infamy> and from what i know of using ubuntu it is all about ease of use
<infamy> and sharm left.. i have done my research i use webadmin right now, tried and use linuxconf on another machine. also have a clarkconnect box that has a closed source admin panel that is really good..
<infamy> and i would NEVER put a box with a web admin panel on the net.. i use a vpn to get into my network. i just would rather it not take 10min to add a user to my server and create a share for them
#ubuntu-server 2007-07-02
* Starting logfile irclogs/ubuntu-server.log
<mh_le> what would be the reason that apache is shutting down all the time by itself?
<Kamping_Kaiser> mh_le, any logs you can check?
<Kamping_Kaiser> hm. afk sorry
<mh_le> Kamping_Kaiser: no prob
<stonekeeper> hi guys. I just installed ubuntu-server on a machine here with a celeron d. cpuinfo reports 2 cpus. how do i determine if it's dual-core or HT? thanks
<stonekeeper> ah nm. i found it
<Oggu> Is it possible to use Ubuntu server for router(with web-interface), network storing, web and ftp server and a running torrent program at the same time same computer?
<mathiaz> Oggu: yes.
<mathiaz> Oggu: but it needs some integration work.
<Oggu> With other words I cont configure it mysqlf?
<Oggu> myself*
<mathiaz> Oggu: you can configure yourself.
<stonekeeper> hi. what is the best way to set a default network proxy on ubuntu server? thanks
<nealmcb> proxy for what protocol - http?  dhcp?  socks?
<nealmcb> stonekeeper: ^
<stonekeeper> http
<stonekeeper> should i just add the http_proxy var to root's .bashrc ?
<nealmcb> stonekeeper: do you want the server to be able to tell firefox on clientes where the http proxy is?
<nealmcb> stonekeeper: what application would pick up http_proxy from root's environment?
<stonekeeper> it's only for apt-get
<stonekeeper> although wget would be nice too i guess
<lcdd> /etc/environment
<nealmcb> yeah - that sounds much better, since you don't want to log in as root to run things 
<stonekeeper> ah great, that's exactly what i want. thank you
<incorrect> which is the best vpn app for linux, openvpn, openswan etc?
<mathiaz> incorrect: openswan is an ipsec implementation
<incorrect> i don't really know which is my best option
<mathiaz> incorrect: so it's usefull for interaction withother OS/ipsec implementation
<mathiaz> incorrect: openvpn will only run with openvpn clients.
<incorrect> ok, i guess openswan it is
<mathiaz> incorrect: ipsec is needed if you want interoprebality
<incorrect> i think ill go for ipsec
<mathiaz> incorrect: with other clients.
<incorrect> so is it openswan or strongswan?
<mathiaz> incorrect: I don't know the specific status of these two projects.
<incorrect> fair enough
<mathiaz> incorrect: I think there is also a ipsec stack in the kernel.
<shawarma> incorrect: What are you trying to connect exactly?
<incorrect> well, right now it would just be two sites, neither have a vpn
<incorrect> and i will then want to connect in clients
<shawarma> incorrect: Then why did you conclude that ipsec was the way to go?
<incorrect> well, i don't know what might be thrown my way
<incorrect> so i would conclude that the best way is to be compatible
<shawarma> incorrect: openvpn has windows clients, too..
<incorrect> what about cisco
<shawarma> incorrect: they do ipsec and their own stuff.
<incorrect> ok so ipsec would be the most sensible option
<shawarma> incorrect: Be sure to stock up on aspirin before you start.
<shawarma> incorrect: !
<incorrect> i've setup ipsec before, it wasn't too hard, 
<incorrect> i've done openvpn too, back in version 1
<incorrect> what would be really good is if i could create an install app that configures my windows boxes for my users
<incorrect> now that would make them :D
#ubuntu-server 2007-07-03
<cheeseboy> im trying to compile mysql i get these errors http://pastebin.ca/600579 how do i fix?
<nealmcb> cheeseboy: you might ask mysql folks in their own chat room.  why do you want to recompile rather than installing the package via apt-get?
<cheeseboy> no root privliges
<nealmcb> cheeseboy: you'll probably have better luck with the mysql folks then - looks like your source package is missing something
<redline6561> i'm having a lot of trouble uploading files with vsftpd. can anyone help me figure out what I'm doing wrong?
<redline6561> i've tried uploading with filezilla and gftp. i'm uploading from my local machine to a machine in the basement. i've set write_enable and local_enable and local_umask to 022.
<redline6561> whenever i try to upload a directory (say with music in it) it creates the top directory with permissions d------------ and fails to create anything beneath it.
<redline6561> help?
<redline6561> aww hell with it. i just got it to work with SFTP. forget regular ftp. thanks anyway everybody
<Yahooadam> hey guys, 2 quick questions
<Yahooadam> how do i find the stauts of samba (i thought it would be somthing like /etc/init.d/samba status)
<Yahooadam> and my samba does not seem to load on bootup, whats goin on ?
<J-_> I'm currently trying to get PHPmailer working in a LAMP install. libphp phpmailer  uses php4 along with some other dependencies. I'm just wonder if that'll affect or work with php5, etc?
<stonekeeper> hi guys, how can i find out if a package has been backported to dapper LTS? thanks.
<mathiaz> stonekeeper: you can have a look at http://packages.ubuntu.com/
<stonekeeper> thanks
<mathiaz> stonekeeper: you can search for packages in the dapper-backports distribution.
<stonekeeper> yeah, thanks. openldap still at 2.2. How could i get 2.3 for dapper?
<mathiaz> stonekeeper: you can try to file a bug in ubuntu-backports.
<mathiaz> stonekeeper: See [WWW]  https://help.ubuntu.com/community/UbuntuBackports for more information.
<stonekeeper> thanks
<stonekeeper> ok, i guess I'll have to use feisty server. How long will that have updates for?
<mathiaz> stonekeeper: feisty is supported until October 2008.
<mathiaz> stonekeeper: you can have the list of releases and their end of support date on http://wiki.ubuntu.com
<stonekeeper> but there will be upgrade options right? It's not like the box will be dead in the water right?
<mathiaz> stonekeeper: yes. You'll be able to upgrade to Gutsy Gibbons, the next version that will be released in October.
<stonekeeper> thanks. I'll do that.
<JackC> does the ubuntu-server default kernel have ntfs write support built in?
<shawarma> no
<shawarma> And you wouldn't want it to. :)
<JackC> does ubuntu server use xinetd or inetd?
<ivoks> none
<ivoks> by default none
<JackC> ah i see, so if i have installed the samba SWAT daemon, how would i go about enabling it? normally i would just add it to the inetd :s
<ivoks> install inetd and add it
<JackC> ok thanks alot
<ivoks> np
<ivoks> package is called netkit-inetd
<jdstrand> dendrobates: can you look at my updated comments on https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/123782
<JackC> which is the correct config file for apache? there is both /etc/apache2/apache2.conf and /etc/apache2/httpd.conf
<mathiaz> JackC: /etc/apache2/apache2.conf
<JackC> thanks
<mathiaz> JackC: /etc/apache2/httpd.conf should be empty
<JackC> it is, i was just trying to change the documentroot, but it seems adding it to apache2.conf didnt change it, and that i need to edit sites-available instead, is it configured to use virtual hosts or something? Last time i used apache2 i just chanced the DocumentRoot in apache2.conf
<mathiaz> JackC: yes. You should change it in site-available/default
<JackC> ok thanks alot
<Shane-S> how do I check my version from the CL?
<nealmcb> Shane-S: version of what?
<Shane-S> Ubuntu, not sure of it is 6.0.6 or 6.10
<nealmcb> command --version often works, or command --help
<nealmcb> ahh -
<Shane-S> tried version :P
<nealmcb> more /etc/lsb-release
<nealmcb> the official standard for finding linux versions :-)
<Shane-S> ok 6.10, just want to know for my questions
<nealmcb> thanks!
<nealmcb> version info really helps when you ask questions
<Shane-S> I am running in a virtual testing enviroment, and I know I can set the IP, but in doing so I can't see it on the network of course. So, is there a way to "spoof" and IP address to trick software to think the machine is another IP...
<nealmcb> by the way, there is no 6.0.6,  - you probably mean  version 6.06 
<Shane-S> specifically, it is web-based running Apache/PHP so maybe it would be a #apache question, just not sure
<Shane-S> yeah, 6.06 :D I have like every version from 6.06 to 6.10 from U,K,X, and the server editions :P
<nealmcb> you can serve multiple IP addresses from a single interface 
<nealmcb> and there are tools to send arbitrary packets.  what do you want to do?
<Shane-S> well here is probably the kicker, if I serve multiple IP, that is fine, but the software checks the IP and I am not sure if I can see it on the network or if it respond to a local IP
<Shane-S> well the damn vendor keeps releasing new software packages, which is great, but everytime my templates break and I have to pay a coder to "fix" them...so this time I want to test it before taking my site down
<nealmcb> what software?
<Shane-S> however, the key for the software is some hash that includes my host's IP address, so installing it localy doesn't work
<Shane-S> indexu by nicecoder
<nealmcb> can you run it on a different port?
<nealmcb> is there a free software alternative?
<Shane-S> well it doesn't care about the port, as apache processing it with PHP, so I am sure just adjusting Apache's port will change that
<nealmcb> sounds like a problem for nicecoder's support folks :-)
<Shane-S> lol no in my case, I like the software and paid for it, just need a test enviroment, and it doesn't work without the key code. I will just try it and complain to them :P
<Shane-S> well if I could just make it think the IP was the internet one that would be fine, which I know I can do. I will just have to harass them to remove the IP portion, cause that also limits me to switching hosting account, which I have done
<Shane-S> this is a case I can't have my cake and eat it too
<Shane-S> I guess I could if I used the desktop versio
<Shane-S> then I would have Firefox
<Shane-S> lol...so many "methods" :P
<Shane-S> perhaps Desktop is the best overall, then I can make it have the same IP as the internet one, test it, get it working, and then upload it to the production server
<r00tintheb0x> if i were to "dd if=/dev/rdsk/c0t1d0s2 of=/dev/rdsk/c0t4d0s2 bs=128" would the two partitions have to be the same size or would it just use the free space on /dev/rdsk/c0t4d0s2?
<jetole> hey guys
<jetole> I have a server that I just replaced then NIC  cards in today, I installed two identical belkin gigabit ethernet cards, they both show up under ifconfig -a but the second card gives me IRQ handler type mismatch for IRQ 0, and on the second line it says IRQ handler: timer, but the first card seems to work perfectly, does anyone know what I do other then throw this server through a window? 
<lcdd> jetole: i'm just guessing, but does the second card share interrupts with some other device?
<jetole> I don't know, how would I check?
<jetole> I am looking over dmesg atm but not sure what I am looking for
<lcdd> cat /proc/interrupts
<jetole> I guess it does, it only shows one ethernet on /proc/interupts and it shows "timer" on :0
<jetole> is there a way to fix this that you know of?
<lcdd> if there is a way to allocate IRQs in bios setup, i would try to force one for the card
<jetole> I didn't see one
<lcdd> switching the card physically to another slot might work. other than that, i don't really know
<jetole> Right, I am just reading something at the moment on APIC but switching it may be easier
* jetole tries that
<jetole> another thing I am gonna toss fourth before I try switching it, is they are identical cards, if one gets the first interupt they request maybe the second one defaults to 0, but yeah I am not sure so I am gonna walk over and reboot and switch
<nealmcb> r00tintheb0x: /dev/rdsk/c0t4d0s2 has a fixed size and no notion of space allocation when you write to it that way.  if it is a smaller size than the one you copy from, you'll  not get it all, and if it is bigger, you'll waste space
<jetole> ok, it is booting now, lets hope it works so I can go home for the day
<nealmcb> of course the file system inside the partition has a notion of free space, but the dd command to copy to another partition doesn't know that
<jetole> oh also, these two new cards started at eth2 and eth3, is there somewhere that eth0 and eth1 are saved?
<jetole> nevermind, found it
<jetole> /etc/iftab
* jetole is away: I'm busy
#ubuntu-server 2007-07-04
<nealmcb> dpaste.com looks like a good pastebin to use for a site like this.  I'm nervous about pastebins that publish a list of previous pastes, especially given that folks might unknowingly paste passwords and the like
<nealmcb> the dpaste posts are still easy to enumerate - hopefully he'll use a random URL in the future
<nealmcb> not that it would be good for secrets, but less risk than the other common pastebins
<J-_> I'm currently having a problem with drupal hanging when I click on administer? do you know if that's a common problem with memeory_limit?
<shawarma> J-_: If you're hitting memory_limit, I believe there should be some mention of it in the apache error log.
<KennyTheGeek> hmm... i accidently sat a wrong name of my server when installing... now i want to change it to "ceres", i managed to change the hostname permanently, but i still have to access the server through kenny-server.local, and the users are user@kenny-server
<KennyTheGeek> how do i change that?
<coNP> KennyTheGeek: do the /etc/hosts entries of 127.0.0.1 and 127.0.1.1 refer to "kenny-server" or to "ceres"?
<KennyTheGeek> ah
<KennyTheGeek> :P
<KennyTheGeek> is a reboot required?
<KennyTheGeek> Now they do
<KennyTheGeek> before 127.0.1.1 refer to kenny-server
<KennyTheGeek> 127.0.0.1 refered to localhost
<KennyTheGeek> well, i added another 127.0.0.1 entry, so localhosts still there :P
<KennyTheGeek> coNP: I just changed them, do i have to reboot?
<coNP> that is not good
<coNP> you should replace kenny-server to ceres but localhost should stay
<KennyTheGeek> i added another 127.0.0.1 entry
<KennyTheGeek> didn't replace localhost
<KennyTheGeek> im not THAT dumb
<coNP> I don't want to say that you are dump
<coNP> just that maybe it is better to leave that to localhost
<coNP> and only replace kenny-server with ceres
<KennyTheGeek> no, but it would be a liiitle dumb to change localhost to ceres...
<KennyTheGeek> i also just removed my added entry
<coNP> I guess a sudo /etc/init.d/networking restart is enough
<coNP> i.e., no system restart is needed
<KennyTheGeek> k
<KennyTheGeek> next question... i need to download a bunch of directories to the server... i can do it by x-forwarding nautilus and then drag-n-drop, but i couldn't figure out how to do it with wget... i don't want to rely it on an ssh session
<KennyTheGeek> hmm... the server STILL only responds to kenny-server
<coNP> hmm, do you try from the server or from another machine
<KennyTheGeek> another machine
<KennyTheGeek> i'm controlling the server with ssh
<coNP> then maybe the DNS and/or /etc/hosts should be changed at the machine you try to connect the server from
<KennyTheGeek> when typing kenny-server.local? hmm
<KennyTheGeek> It isn't in the hosts file...
<lcdd> it's using a local service discovery mechanism
<lcdd> i think you at least need to restart avahi-daemon on the server
<KennyTheGeek> yeah... but how do i update the servers service name?
<KennyTheGeek> ah
<lcdd> might require something else as well. i've never used that stuff
<KennyTheGeek> YaY :P it works
<lcdd> great
<KennyTheGeek> thanks
<KennyTheGeek> now, my other problem... never used wget other than for single file downloads... i need to download i ~13GiB directory structure over ftp... i want all the directories in "dir", but wget won't do it...
<coNP> KennyTheGeek: use tar & gzip :)
<KennyTheGeek> the computer i want to get it from is a windows machine
<KennyTheGeek> and it's my sisters, and she is using it
<KennyTheGeek> :P
<KennyTheGeek> i made the machine run WarFTPD, and it is working
<coNP> then use ftp
<coNP> or use zip / rar whatever
<KennyTheGeek> can i tell ftp just to download anything in a folder?
<lcdd> mget *
<KennyTheGeek> mget?
<KennyTheGeek> what is mget?
<lcdd> oh, it's a ftp command that works in text based ftp clients
<KennyTheGeek> ah
<KennyTheGeek> can i make ftp overwrite anything in the existing directory of my server?
<KennyTheGeek> cause many of the files i already got is corrupted
<lcdd> it really depends on the program you're using
<coNP> remove all the files that might be corrupted first
<KennyTheGeek> well, if it's commandbased, and i can set the server to do it itself...
<KennyTheGeek> :S
<KennyTheGeek> theres 3 GiB of files
<KennyTheGeek> and i have no clue which it is
<lcdd> ftp cannot tell if they are corrupted anyway
<KennyTheGeek> i just know that ~half of them are corrupted
<KennyTheGeek> no, i mean, can i make ftp overwrite all of it?
<lcdd> that's the same as removing them first, isn't it? :)
<KennyTheGeek> well, not quite... i got 1,2,3,7, the other comp got 1,2,3,4,5,6, i don't want to loose 7, and the other 6 are corrupted
<KennyTheGeek> (just to show you what i mean)
<KennyTheGeek> i mean, 1,2,3 on my server is dead
<KennyTheGeek> so i want to overwrite it ith 1 2 and 3 from the other comp, wjile adding 4,5 and 6 to the catalogs
<KennyTheGeek> but if i delete it first, i will lose 7
<KennyTheGeek> and it will be an awfull lot of sorting files it i whould remove 1 2 and 3 first
<KennyTheGeek> so what i want to do: if the other computer got the file, overwrite it on my server.
<coNP> use mc and FTP
<coNP> you can say "overwrite all" there
<KennyTheGeek> but, the problem i had all the time is: it cannot be interactive, as i need to shut this pc down im controlling it from
<KennyTheGeek> so i need to be able to ask cron to do it or something
<KennyTheGeek> thats why i couldn't just use nautilus
<KennyTheGeek> and the server has no screen/keyboard/mouse
<lcdd> you can run console programs inside screen
<KennyTheGeek> ?
<KennyTheGeek> *monitor 
<KennyTheGeek> but... well, i can't make it automaticly use midnight commander, can i?
<coNP> what do you mean by automatically
<lcdd> screen is basically a terminal emulator you can detach from and continue using elsewhere
<KennyTheGeek> making the server do it by itself
<coNP> you have to start it 
<KennyTheGeek> lcdd: cool
<KennyTheGeek> coNP: exactly, and if i do that through ssh, and then closes ssh... well, all the other times, my apps stopped running on the server
<ci_omegadog> anyone here use lighttpd on Ubuntu server?  Is it pretty solid, or are there some "gotchas" that i should look out for
<ci_omegadog> ?
<shawarma> ci_omegadog: No Ubuntu specific ones. :)
<ci_omegadog> shawarma, ty
<zul> morning
<mathiaz> zul: hi
<bje> The following packages have unmet dependencies: expect: Depends: tcl8.4 (>= 8.4.5) but it is not going to be installed libnet-ssh-perl: Depends: ssh libpcap0.8: Depends: libc6 (>= 2.4-1) but 2.3.5-1ubuntu12.5.10.1 is to be installed
<bje> E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify a solution).
<bje> Hey. I'm trying to install expect, but it bitches about libc6 that I need to upgrade.
<bje> I don't want to :) because I installed libpcap0.8 from feisty (manually) because the Breezy version contains a bug, which is only fixed in this version (0.8)
<bje> How do I get apt to ignore the dependancies?
<ci_omegadog> I am trying to download activetcl using lynx.  It says it downloads the file, but i cannot find it anywhere.  
<ci_omegadog> anyone have any ideas as to where its downloading it to?
<resident_moron> anyone ever done a remote install with Ubuntu Server Edition??
<jdstrand> dendrobates: could you look at my added comments in https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/123782
<jdstrand> bug #123782
<dendrobates> jdstrand: I was not able to reproduce your bug.  I'll look at it again though.
<dendrobates> Depends: libasn1-6-heimdal, libc6 (>= 2.5-0ubuntu1), libdb4.2, libhdb7-heimdal, libkadm5srv7-heimdal, libkrb5-17-heimdal, libldap2 (>= 2.1.17-1), libroken16-heimdal, libssl0.9.8 (>= 0.9.8c-1), heimdal-clients, logrotate, debconf (>= 0.5.00) | debconf-2.0, krb5-config, netbase, update-inetd
<dendrobates> it seems to already depend on inetd.
<jdstrand> it depends on update-inetd-- that doesn't provide inetd.  And neither does netbase in feisty
<jdstrand> apt-cache search -f netbase
<jdstrand> Package: netbase
<jdstrand> Priority: important
<jdstrand> Section: base
<jdstrand> Installed-Size: 156
<jdstrand> Maintainer: Ubuntu Core Developers <ubuntu-devel@lists.ubuntu.com>
<jdstrand> Original-Maintainer: Marco d'Itri <md@linux.it>
<jdstrand> Architecture: all
<jdstrand> Version: 4.27ubuntu2
<jdstrand> Depends: ifupdown (>= 0.6.4-4.9), iputils-ping | ping, lsb-base (>= 3.0-6), debconf (>= 0.5) | debconf-2.0, update-inetd
<jdstrand> Conflicts: openbsd-inetd (<< 0.20050402-3), inetutils-inetd (<< 2:1.4.3+20060719-3), xinetd (<= 2.2.1-8), netstd (<< 3.00), nfs-common (<< 1:0.3.2-1), nfs-user-server (<< 2.2beta47-9), nis (<= 3.6-2), rstatd (<= 3.03-3), rwalld (<= 0.16-1), rusersd (<= 0.17-1), ugidd (<< 2.2beta47-9)
<dendrobates> Sorry, i know that.  let me try to reproduce it in a clean vmware session
<jdstrand> netbase (4.27ubuntu1) feisty; urgency=low
<jdstrand>   * Merge from debian unstable, remaining changes:
<jdstrand>     - drop dependency on inet superserver
<jdstrand>     - drop /etc/network/options, migrate to sysctl
<jdstrand>     - start networking only once
<jdstrand> I just saw that last one
<jdstrand> apparently that is no longer a remaining change...
<ci_omegadog> does anyone know if there is a deb for the 3.4 version of SQLite?
<ci_omegadog> I fear compiling tar balls- its not like i'm using Slack :"
<mathiaz> ci_omegadog: the latest version in gutsy is 3.4
<mathiaz> ci_omegadog: libsqlite3-0 (3.4.0-0ubuntu1)
<ci_omegadog> mathiaz: how can i get that deb if i am running Dapper?
<ci_omegadog> so sorry about this- i am a tcl dev, not a sys admin
<coNP> ci_omegadog: try to get the dapper sources and compile it for yourself
<ci_omegadog> but dapper doesn't use 3.4
<dendrobates> jdstrand:  I verified it in feisty now.  Something else provided inetd on my previous test.  Let me check gutsy.
<jdstrand> dendrobates: thanks
<coNP> sorry, ci_omegadog I mean get the gutsy sources
<ci_omegadog> ioic
<nealmcb> could one of you packaging gurus look at my problem installing kerberos on dapper? https://bugs.launchpad.net/bugs/121923
<nealmcb> it works on feisty.
<ci_omegadog> in trying to compile the gutsy sqlite3 3.4 sources, i just keep hitting dependancy after dependancy
<ci_omegadog> just like the bad old days
<shawarma> ci_omegadog: apt-get build-dep sqlite3
<shawarma> ci_omegadog: ftw!
<ci_omegadog> cool
<ci_omegadog> i'm on a vps 
<ci_omegadog> i can start from scratch in lterally 2 mins :)
<ci_omegadog> i'm going to have to change my /etc/apt/sources.list to all gutsy
<ci_omegadog> what could possibly go wrong :)
<ci_omegadog> hmmm- i already have deb-src http://archive.ubuntu.com/ubuntu/ gutsy main restricted
<ci_omegadog> how do apt-get build-dep from sources only?
<ci_omegadog> does that make sense?
<dthacker> [Wed Jul 04 11:27:13 2007]  [error]  VirtualHost www.bluestrain.net:80 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
<ci_omegadog> dthacker
<dthacker> there are no * ports in the virtual host file, so what is it complaining about. 
<ci_omegadog> dthacker: i've run into this before
<ci_omegadog> hmmm
<ci_omegadog> its not in the Virtual host file that the * is located
<ci_omegadog> darn
<ci_omegadog> if i had a memory, i could help you :)
<ci_omegadog> ask in #apache
<dthacker> agrees with ci_omegadog :)
<ci_omegadog> its a faq
<dthacker> I shall google the error...
<ci_omegadog> whoo-hoo- here we go
<ci_omegadog> okay, its done i have the debs
<ci_omegadog> now how do i apt-get update to include the current debs in the ./ directory?
<ci_omegadog> does anyone know?
<mathiaz> ci_omegadog: I can install the new deb with dpkg -i ./packge.deb
<dthacker> ci_omegadog: can't you just use dpkg?
<dthacker> hehe
<ci_omegadog> that is what i'm doing 
<ci_omegadog> and its got the dependency debs in the dir with it
<ci_omegadog> but i think since apt-get doesn't know to look in the PWD for the dependency debs
<ci_omegadog> it fails
<ci_omegadog> ei
<ci_omegadog> err ie
<ci_omegadog> dpkg: dependency problems prevent configuration of sqlite3:
<ci_omegadog>  sqlite3 depends on libsqlite3-0 (>= 3.4.0); however:
<ci_omegadog>   Package libsqlite3-0 is not installed.
<shawarma> ci_omegadog: It can't.
<ci_omegadog> libsqlite3-0 is in fact in the pwd
<shawarma> You can install multiple packages at a time with dpkg, though.
<ci_omegadog> hmm
<ci_omegadog> k
<ci_omegadog> COOL
<shawarma> :)
<ci_omegadog> i'm sure my system is somehow hosed
<ci_omegadog> but
<ci_omegadog> root@slice1:/tcl# sqlite3
<ci_omegadog> Loading resources from /root/.
<ci_omegadog> SQLite version 3.4.0
<ci_omegadog> Enter ".help" for instructions
<ci_omegadog> sqlite>
<ci_omegadog> ty everyone
<ci_omegadog> now for more fun
<ci_omegadog> i'm gonna update :)
<ci_omegadog> err upgrade
<dendrobates> jdstrand: I uploaded a fix for gutsy.  Thanks, for staying on top of this one.  In Debian, netbase depends on inetd, but we have changed that in Ubuntu.  I was confused. 
<ci_omegadog> wow- i can still log in to my vps
<ci_omegadog> very nice
<jdstrand> dendrobates: np.  so the fix is in heimdal-kdc?
<ci_omegadog> the only problem seems to be with fdutils
<ci_omegadog> which on a VPS is moot, i imagine
<zul> has anyone tried vserver in gutsy?
<ci_omegadog> COOL
<ci_omegadog> root@slice1:/tcl# tclsh
<ci_omegadog> % package require sqlite3
<ci_omegadog> 3.4.0
<ci_omegadog> i cannot believe it
<ci_omegadog> i did a dist-upgrade on my VPS, rebooted, and its still running fine
<ci_omegadog> amazing
<ci_omegadog> super cow powers indeed!
<dendrobates> jdstrand:  Yes in gutsy.  It won't show up yet though.  The problem was caused by a difference in the dependencies for netbase in Debian and Ubuntu.   I fixed it by adding the dependencies to heimdal-kdc.
<jdstrand> dendrobates: thanks
#ubuntu-server 2007-07-05
<MenZa> win move down
<ci_omegadog> God i've tried everything
<ci_omegadog> everything to get sqlite3.4 installed on dapper in a sane fashion
<ci_omegadog> all day
<ci_omegadog> MY WHOLE DAY GONE!
<ci_omegadog> i never understood the point of a 6 month release cycle
<ci_omegadog> just upgrade what you want when you want
<ci_omegadog> NOW I GET IT
<leonel> I think there are newer things  that must be used   as  antivirus  antispam  and thinks like that 
<leonel> and  stable ( unchanged ) things  as  databases that  must remain  for  years 
<AlexC_> Hey guys,
<AlexC_> Is anyone interested in helping out an open-source project that is to be shortly released, basically the project is hosted on Dreamhost but I'm wanting to move over to a VPS account - I know how to setup a server, however I simply don't have the time and also I don't truely know how to secure one
<AlexC_> I should be able to pay (but not much) for things that need doing if you're interested
<shawarma> -win 21
<shawarma> ffs
<mralphabet> 21! sheesh, I thought 15 was a lot
<TeTeT> is there any good tool to replicate an Ubuntu production environment on a development environment? Let's say I deploy 5 servers and I want to create a test environment to make sure the next upgrade works fine. What are my options?
<TeTeT> I can think of ghosting with g4l, using systemimager or rsync plain to replicate it. Any other recommendation?
<shawarma> Test: Bug 12345
<shawarma> Hmm...
<Seveas> @config channel plugins.bugtracker.bugsnarfer.enabled True
<ubotu> An error has occurred and has been logged.
<Seveas> @config channel plugins.bugtracker.bugsnarfer True
<ubotu> OK
<Seveas> there we go
<shawarma> testing again.... bug 12345
<ubotu> Launchpad bug 12345 in isdnutils "isdn does not work, fritz avm (pnp?)" [Medium,Fix released]  https://launchpad.net/bugs/12345
<shawarma> \o/
<shawarma> yay
<shawarma> Seveas: Thanks!
<shawarma> mralphabet: Kidding? I usually have up to about 90.
<mralphabet> shawarma: crimeny
<nealmcb> ubotu, info krb5-kdc
<ubotu> krb5-kdc: MIT Kerberos key server (KDC). In component universe, is optional. Version 1.4.4-5ubuntu3.1 (feisty), package size 128 kB, installed size 392 kB
<nealmcb> !lamp
<ubotu> LAMP is an acronym for Linux-Apache-MySQL-PHP. However, the term is often used for setups using alternative but different software, such as Perl or Python instead of PHP, and Postgres instead of MySQL. For help with setting up LAMP on Ubuntu, see  https://help.ubuntu.com/community/ApacheMySQLPHP - See also the Server CD installation process (different in Edgy+)
<nealmcb> Seveas: yes - ubotu is sweet!
<nealmcb> !ubotu
<ubotu> I am ubotu, all-knowing infobot. You can browse my brain at http://bots.ubuntulinux.nl - Usage info: http://wiki.ubuntu.com/UbuntuBots
<highX|Humpy> Hi
<cchance> I have a little problem here while trying to install the alternet CD version of Ubuntu 7.04 server. For some reason while installing (in low memory mode) It stops and loops its self at the detecting Network hardware box, sits for 2-5 seconds and then displays "killeding hardware, please wait" apart from "detecting Hardware, Please wait"   Anyone else have this problem, is there a fix for it?
<highX|Humpy> I have an extremely stupid question, is there a GUI you can turn on for Ubuntu Server 6.06 LTS
<cchance> yes
<cchance> install Gnome
<highX|Humpy> really?
<highX|Humpy> gnome>
<cchance> or what ever Gui you like
<peanutb> or theres alwayse webmin, but its not the most secure of things
<cchance> does no one know any answer to my question?
<highX|Humpy> sorry I do not know
<highX|Humpy> is this something I have to install or is it already a part of my server edition?
<cchance> i really dont want to use DSL on my box
<cchance> its not suported anywhere except for #dsl and no one there is any help at all
<cchance> are you guy going to force me to do it?
<mralphabet> sudo apt-get install ubuntu-desktop
<mralphabet> sudo apt-get install xubuntu-desktop
<mralphabet> ^^ xfce
<cchance> ok, dsl here i come
<mralphabet> cchance: look in launchpad for bugs relating
<cchance> i know thers not
<Humpy> hrmnm
<Humpy> so I ran run sudo apt-get update 
<Humpy> and then sudo apt-get install ubuntu-desktop
<Humpy> but get package not found
<Humpy> so obviosuly I need to get the package
<Humpy> so to get the package is this what I want?
<Humpy> sudo apt-get install ubuntu-base ubuntu-desktop
<Humpy> no one is still alive
<Humpy> ?
<mralphabet> Humpy: hrm, let's look at packages.ubuntu.com to see what valid packages there are
<mralphabet> Humpy: http://packages.ubuntu.com/breezy/virtual/gnome-desktop
<Humpy> okay
<mralphabet> whoops, that's breezy
<mralphabet> you need dapper, right?
<Humpy> Maybe/
<Humpy> I am brand new
<Humpy> like I jsut installed the LTS version and am trying to learn it
<mralphabet> http://packages.ubuntu.com/dapper/virtual/gnome-desktop
<Humpy> never used a linus server before
<mralphabet> so that would be sudo apt get install gnome-desktop
<mralphabet> using the gui is a poor way to learn
<mralphabet> that's my personal opinion
<Humpy> I agree, but I have others that will be using the server as well that would like the GUI
<Humpy> slow to learn using the GUI
<Humpy> I am still getting the package not found
<perrygovier> hey! someone else having apt-get issues?
<Humpy> mine might be user error?
<perrygovier> i see, i'm trying to install a desktop but i keep getting a not found error for ubuntu-desktop
<Humpy> sudo get-apt update works
<Humpy> yeah I am trying to install desktop as well
<perrygovier> mine completes but it gives me an error that not everything was downloaded
<perrygovier> at least i'm not alone, just spent two hours on google
<Humpy> haha I've been using google coupled with the forums
<Humpy> and then some help on IRC as well
<mralphabet> Humpy: do you have universe enabled?
<perrygovier> should I for the desktop? thought that was main/
<Humpy> I think not?
<perrygovier> then again, this is a server install... maybe it's worth a shot
<mralphabet> Humpy: gnome-desktop is available in universe, you need universe enabled to use apt-get to use it
<mralphabet> Humpy: gnome-desktop is available in universe, you need universe enabled to use apt-get to _get_ it
<mralphabet> fixed
<Humpy> hrmm okay
<perrygovier> i have universe "unpounded"
<perrygovier> it always was
<mralphabet> perrygovier: I haven't been following your problem, what are you trying to fix?
<perrygovier> apparently the same as humpy. fresh install of 7.04 apt-get is saying ubuntu-desktop can't be found
<nealmcb> !source | Humpy
<ubotu> Humpy: You can easily fetch a package's source with apt-get. See: http://www.debian.org/doc/manuals/apt-howto/ch-sourcehandling.en.html
<nealmcb> Humpy: scratch that...
<mralphabet> perrygovier: then no, that would not be the same problem as Humpy 
<mralphabet> perrygovier: sudo apt-get install ubuntu-desktop does what
<nealmcb> !easysources
<ubotu> source-o-matic is a webpage where you can (re)generate your sources.list - http://www.ubuntu-nl.org/source-o-matic
<perrygovier> mralphabet: "E: couldn't find package ubuntu-desktop"
<perrygovier> after, reading package list...done
<Humpy> yeah I get the same
<perrygovier> building dependency tree>reading state information...done>
<nealmcb> after setting sources.list properly and doing apt-get update?
<perrygovier> fresh install, haven't chagned sources.list but everything looks right, and yes to the update
<Humpy> hehe I am so lost... 
<nealmcb> :-)
<nealmcb> Humpy: yeah - any system is confusing in the beginning
<Humpy> yeah I know so little about it
<nealmcb> !info ubuntu-desktop
<ubotu> ubuntu-desktop: The Ubuntu desktop system. In component main, is optional. Version 1.43 (feisty), package size 17 kB, installed size 44 kB
<Humpy> wow cool
<nealmcb> !info ubuntu-desktop dapper
<Humpy> so from what I do understand, with my fresh install my source list only allows me to download things from ubuntu?
<ubotu> ubuntu-desktop: The Ubuntu desktop system. In component main, is optional. Version 0.120 (dapper), package size 13 kB, installed size 40 kB
<perrygovier> i'm pretty weak at command line stuff, i just use this compy to run my web sever. in earlier versions all I had to was type apt-get update apt-get install ubunt-desktop and i was good from there
<nealmcb> Humpy: ubuntu and kubuntu and ubuntu server all share the same package repositories, so no - you should be able to get them all
<Humpy> hrmm
<Humpy> so I don't really understand then.. is my source list just jacked up?
<perrygovier> i tried kubuntu, same error. but vim install fine...
<Humpy> or am I missing updates after fresh install?
<nealmcb> perrygovier: yeah - I'm very puzzled as to why it isn't working fo ryou
<nealmcb> !aptitude
<ubotu> aptitude is another terminal-based front-end to APT, like apt-get. However, aptitude can remember the dependencies installed with a package and remove them if you uninstall. See https://help.ubuntu.com/community/AptitudeSurvivalGuide
<nealmcb> a terminal-based gui....
<perrygovier> i tried aptitude same basic error
<nealmcb> abit confusing to get used to, but might make things clearer
<nealmcb> perhaps the mirror you are using is having trouble?
<perrygovier> how do i switch?
<nealmcb> !easysources | perrygovier
<ubotu> perrygovier: source-o-matic is a webpage where you can (re)generate your sources.list - http://www.ubuntu-nl.org/source-o-matic
<Humpy> in general running sudo apt-get update, do I need to reboot the system?
<nealmcb> no
<mralphabet> Humpy: no
<Humpy> kk
<mralphabet> Humpy: the only reason to reboot a machine is to add new hardware ;)
<nealmcb> except with fundamental updates like the kernel
<perrygovier> ubotu: i looked at what source-o-matic gave me and it matched my source.list minus the comments
<nealmcb> ubotu is a robot :-)
<ubotu> Sorry, I don't know anything about is a robot :-) - try searching on http://bots.ubuntulinux.nl/factoids.cgi
<nealmcb> !ubotu
<ubotu> I am ubotu, all-knowing infobot. You can browse my brain at http://bots.ubuntulinux.nl - Usage info: http://wiki.ubuntu.com/UbuntuBots
<Humpy> nice
<nealmcb> perrygovier: odd
<perrygovier> i have one idea... perhaps it's my router. i get pings back from google but perhaps i trying bypassing it. any reason that would work?
<nealmcb> if you can browse http://us.archive.ubuntu.com/ubuntu/ then you should be able to install from it
<nealmcb> with apt-get
<nealmcb> anyway - gotta run - good luck!
<perrygovier> i can from this machine. but i'm chatting on my mac. i've only pinged on my server
<Humpy> hrmm
<perrygovier> k, thanks
<nealmcb> try elinks or links for browsing from a server
<nealmcb> without a gui
<perrygovier> browsing w/ out gui... scary
<nealmcb> s/links/lynx
<Humpy> so to look at my source.list I would use like gedit?
<Humpy> but it tells me that cmd is not known
<perrygovier> try vim
<perrygovier> gedit didn't work for me either
<nealmcb> or more
<nealmcb> gedit is a gui
<Humpy> kk that works
<nealmcb> that is the "more" command
<Humpy> so according to source o matic I should only use the defaults?
<perrygovier> yup what source-o-matic gives you should match what you're given by default except the "pounded" comments will look different
<Humpy> right
<Humpy> mine is different
<Humpy> lol
<Humpy> I think
<perrygovier> that'd do it
<perrygovier> sheesh, i'm getting frustrated. does anyone know if i download the regular ubuntu and use apt-get while the cd is in if it will search the cd for the desktop?
<nealmcb> perrygovier: you might look for debugging info in apt-get or apt-cache
<nealmcb> man apt-get
<Humpy> so I enabled the universe lines
<nealmcb> and you can paste what you have not to http://dpaste.org/
<nealmcb> "not" => "now"
<nealmcb> perrygovier: or find folks in #ubuntu who might have more experience with apt-get problems
<perrygovier> i'm gonna try apt-get clean
<perrygovier> if i can exit this manual..
<nealmcb> "q"?
<perrygovier> what i thought, but for some reason it didn't work until i hit scroll lock...
<perrygovier> perhaps i have greater issues
<perrygovier> nope, same problem. off to the main ubuntu page. wish me luck. thanks
<DarkWizzard> hello all
<DarkWizzard> does ubuntu server edition come with mod_security installed ?
<ivoks_> no
<ivoks_> if by that you mean apache's module
<Humpy> damn it at this rate it's going to take me a life time to learn this shit...
#ubuntu-server 2007-07-06
<Innatech> someone remind me what I'm supposed to be using instead of traceroute?
<lcdd> mtr?
<Innatech> thx. 
<Nafallo> tracepath :-)
<leonel> maps.google.com ?
<Nafallo> haha
<Nafallo> good one :-)
<ex-parrot> hey all
<ex-parrot> I'm having trouble with the e1000 module under x64
<ex-parrot> it tells me it can't allocate an MSI interrupt
<ex-parrot> then doesn't work.
<ex-parrot> any one got a fix?
<ex-parrot> ah no, it seems to work after all
<ex-parrot> my mistake :)
<AlexC_> bje: hey there,
<bje> Hey.
<AlexC_> ah, there you are =D
<AlexC_> bje: I've got the VPS setup and have made an account for you,
<AlexC_> bje: there was an option when I got the VPS to automagically install LAMP which is good, I've setup a few things like PHP settings in php.ini
<AlexC_> though I've no idea how to do Mail and DNS(do I even need dns?)
<Burn> hello, when I'm installing ubuntu dapper on a dell poweredge 820, he doesn't find any raidcontroller/harddisks
<Burn> somebody with experience who knows what's happening?
<bje> Burn: Try Feisty :)
<bje> Burn: Dapper probably do not have the RAID controller module compiled into the Dapper kernel.
<Burn> bje: yes, but aren't there workaround?
<bje> Burn: Yup, buy support from Canonical, and ask them to do it. :^)
<bje> Burn: but otherwise, build a custom kernel
<Burn> bje: ;)
<Burn> bje: in fact in need an "out of the box working" installation
<bje> Burn: Been trying to do it myself (got issues with HP DL320's)
<bje> Burn: Rumour has it that there'll be a new Dapper LTS (6.06.2) released in 2 months time or so
<Burn> bje: 2 months, hm can't wait
<Burn> :p
<Burn> bje: till when are there updates for Edgy?
<bje> Burn: no idea
<Burn> can't find the page on the internet
<shawarma> Burn: Edgy is supported until April 2008.
<shawarma> Burn: http://wiki.ubuntu.com/ at the very bottom.
<cchance> is anyone alive here
<sahafeez> no
<cchance> well i need some one to help me out here
<cchance> thats why i asked
<sahafeez> post and if someone knows they will answer. may take some time
<cchance> Ok, when installing the alternet cd version of the server (7.04) the setup starts looping and killing its self at the detecting netowork hardware box, it eventuly after about 20 minutes stops all togeater and goes to a black screen with a flashing cursor and does nothing else  
<dthacker> a) Have you verified the checksum on the CD?  b)  Have you tried the CD in another computer?  
<cchance> the cd was verified, and no i never checked it in another computer
<cchance> i didnt want to install in another pc
<dthacker> fair enough.  Have you put in a live CD and run memtest?
<cchance> have not ran the mem test, but i dont have a live cd
<cchance> its the alternate
<dthacker> you may want to get a live cd and check that.  Why the alternate cd instead of the server CD?
<cchance> its doing it again
<cchance> low mem
<dthacker> How much memory is in this computer?
<cchance> 64 mb but im too upgrade it soon
<dthacker> cchance: I don't have the specs for the alternate CD available, but I'
<dthacker> d say you are on the bare minimum of RAM, and that may be causing your problem.
<cchance> what about the card? its realtek Fastethernet
<dthacker> When I have a question about compatibiltiy with a specific piece of hardware, I google. 
<cchance> im not so good with google
<lcdd> alternate desktop and server CDs have the same installer. i don't think their memory requirements differ
<sahafeez> realtek should just work.
<sahafeez> the ram is the issue
#ubuntu-server 2007-07-07
<BFTD> hi, I'm installing ubuntu server, and its at 85% and downloading something, how big is this download?
<bje> how long is a piece of string?
<BFTD> pretty
<BFTD> long
<Nafallo> 1mm - unlimited
<BFTD> I figured it out
<BFTD> ctrl+F2
<BFTD> ps | more
<BFTD> kill apt-get update
<resident_moron> I lease a dedicated mach running fedora 3 and would like to install Ubuntu Server edition remotely
<resident_moron> any pointers?
<BFTD> yeah, how d oyou do it?
<resident_moron> I am looking for instruction on how to remotely install Ubuntu Server Edition
<lcdd> i don't know any guides, but debootstrap is what you will need
<BFTD> ok so....how do I tell if apache is running?
<VikJES> BFTD: you could check if there is a process "httpd" running
<BFTD> yeah there isn't so...
<BFTD> I guess not
<Nafallo> I haven't either, since it's not named that way :-)
<Nafallo> pgrep apache2
<BFTD> how does one manually start apache2?
<leonel>  /etc/init.d/apache2 start
<keescook> BFTD: (i have to go afk, so this is a quick answer...)  make sure that /etc/default/apache2 has "NO_START=0" and then ... leonel is faster, yes, type that, prefixed with "sudo"
<BFTD> ok
<leonel> plop    I forgot  sudo  :)
<UbuntuRocks> good day to you all - may i ask a question on automounting a usb drive on ubuntu server edgy?
<UbuntuRocks> anyone here?
* Starting logfile irclogs/ubuntu-server.log
<disposable> i've installed feisty-server on a computer with intel ICH7 controller and a sata harddrive running in native mode. grub-install went without error, yet now i get 'no bootable device'. any hints?
<disposable> if i try to boot from an ubuntu cd and choose 'boot from first hard disk', then grub suddenly works
<kupesoft> Does Ubuntu server have alsa?
<kupesoft> I want to install ubuntu server + xubuntu
<Nafallo> yes
<brightedge> afternoon :)
<brightedge> I'm hoping someone may be able to help.  I'm a linux b00n, have installed Kubuntu 7.04, and would like to run Zenoss.  The Zenoss site states that it runs on the Server version.  Is there a way to upgrade Kubuntu to Server?
<brightedge> anyone?  :)
<lcdd> i'm not sure what that upgrade would consist of. all ubuntu editions run the same software from the the same repository
<lcdd> brightedge: i'd say go ahead and try it on your current installation
<brightedge> lcdd:  thanks, that's what I've decided to do.  I've got most everything installed now.
<brightedge> later :)
<AlexC_> bje: hey, you here?
<AlexC_> hey,
* ..[topic/#ubuntu-server:nealmcb] : Ubuntu Server discussion and support | for general (not server specific) support visit #ubuntu
* ..[topic/#ubuntu-server:nealmcb] : Ubuntu Server discussion and support | for general (not server specific) support visit #ubuntu | Seriously good guide to asking questions on IRC: http://www.sabi.co.uk/Notes/linuxHelpAsk.html
<rev0> would anyone like to help with TLS on proftpd ?
#ubuntu-server 2007-07-08
<AlexC_> hey,
<AlexC_> bje: when do you think you'll be able to help set the server up?
<nyarla> hello there! I have a vicious problem with apache2 on my dapper. I'm unable to stop it or restart it correctly anymore. http://paste.ubuntu-nl.org/29075/ Can''t find why... 
<nyarla> this cause serious trouble with logrotate
<nyarla> i tried to decipher the init.d script... how can i debug it and check which are the 6 files it tries to find?
<Kamping_Kaiser> nyarla, what does this say? : Aucun fichier ou rpertoire de ce type
<nyarla> probably PIDs?
<Kamping_Kaiser> nyarla, does stop work cleanly? does start work cleanly? (run them seperate)
<nyarla> hi Kamping_Kaiser : this means no file or directory of that type
<nyarla> start and reload is ok. stop and restart fail.
<Kamping_Kaiser> nyarla, have you installed something recently that may be causding problems?
<nyarla> it used to work nicely, until I installed ssl
<Kamping_Kaiser> hm. not done that myself. perhaps someone else will be abler to help you
<nyarla> thanx anyway
<nyarla> what are the risks if i modify the logrotate script to killall apache2 instances?
<Kamping_Kaiser> you may kill sites you dont want to go down?
<Kamping_Kaiser> theres probably other more suble ones too
<nyarla> that's what i thought
<pecisk> hello here, I try to use Postfix with Cyrus SASL on Dapper, however I can't find LDAP module for SASL. It is aviable for Dapper or I should look for later versions?
* AlexC_ prods bje
<nyarla> could anybody send me an original /etc/init.d/apache2 script? sthing wrong here...
<lionel> nyarla: www.porcheron.info/tmp/apache2
<nyarla> merci lionel
<lionel> :)
<nyarla> lionel, youre using dapper, arent u?
<lionel> on several servers yes
<nyarla> just noticed sthing weird : are u able to restart apache with the init.d script on an up-to-date dapper?
<lionel> yes, no problem here (I have seen your problem)
<lionel> did you try to diff your init script and the one I gave you?
<nyarla> i'm running dapper and my script was broken. Somebody just sent me a feisty script and it is working fine
<lionel> the one I gave you is from Dapper. And is works fine here :)
<nyarla> weird weird... anyway the new script is working, lets move ahead :) thanks again
<Tuxist> hi
<Tuxist> i have a question about openldap
<Tuxist> is build openldap in ubuntu with sql support ?
<pecisk> hmmm
<pecisk> what it's a point of that?
<PanzerMKZ> I was wondering if anyone has 7.04 running on a compaq dl360
<mralphabet> #ubuntu-server freenode0705.log:07:35 < \sh> jronnblom, 6 minutes for a plain ubuntu server on a dl360
<mralphabet> #ubuntu-server freenode0706.log:15:24 < qhartman> Anyone here have experience with the Proliant DL360s?
<PanzerMKZ> ok
<PanzerMKZ> how did the install go then
<Innatech> is there a live cd of dapper-server? Or, can I make one w/o too much trouble? 
<Nafallo> there is a server iso
<Innatech> Yeah, I have it. 
<Innatech> It's install only. 
<PanzerMKZ> so why the need for a live cd of the server?
<Innatech> diskless router. 
<Innatech> At least, no disks yet. I'll have CF drives for it eventually, but I'd like to test the hardware that has arrived. ;) 
<PanzerMKZ> why not then PXE boot?
<Innatech> Suppose I could. I'd have to set up a PXE server and image, tho. And I'll need to do something similar to a live-CD style setup when I do install so as to avoid writing to the CF too often, so it'd be nice if it was available. Oh well, so it goes. 
<PanzerMKZ> tftp server
<Innatech> oh yeah? That simple, eh? I'll have a look. 
<PanzerMKZ> and it you do it right then you should not have to write to the cf at all
<Innatech> yeah, that's the idea. I was going to copy the mechanisms the live-CD uses for that, so I was hoping to have a live version of the server to work from. I'm sure I'll figure it out, though, using either the standard server install or the custom installer. 
<PanzerMKZ> custom installer?
<Innatech> aka alternate installer. 
<PanzerMKZ> ok I don't know of a alt installer for ubuntu server
<Innatech> http://releases.ubuntu.com/6.06/ubuntu-6.06.1-alternate-i386.iso
<PanzerMKZ> there is a live desktop cd and then the alt installer for the desktop version
<PanzerMKZ> yea that is the desktop version with a text installer
<Innatech> It's the alternate installer for Dapper--either way. 
<PanzerMKZ> Dapper Desktop
<Innatech> >shrug< considering you specify what packages to install, the distinction is mooted. 
<PanzerMKZ> the server install is already using that text based installer
<PanzerMKZ> and more of the packages are not in the install. You ahve to get them after the server is up and running
<Innatech> My understanding was that the alternate install didn't have a preconceived notion of what to install. I suppose I'll just burn it and see if it's better for my purposes or not. 
<PanzerMKZ> you do that
<Innatech> good deal. 
#ubuntu-server 2008-06-30
<ScottK> belgacem23: One person has joined since the last time you asked that.  The answer likely hasn't changed.
<sommer> ScottK: I uploaded a new version of php5-clamavlib to the clamav ppa... for intrepid
<sommer> ScottK: it builds fine, but I haven't actually tested it yest
<sommer> err yet
<ScottK> sommer: Great.  I'll try to have a look at it once you've tested it.
<sommer> ScottK: I'm working on an updated hardy package, but how do you add backports to pbuilder?
<ScottK> Same way you add universe, just add backports.
<sommer> ah, I added hardy-backports
<sommer> sigh
<ScottK> Did you want to add hardy-backports or the clamav PPA?
<sommer> hardy-backports, isn't that as up-to-date as the PPA at this point?
<ScottK> No.  No 0.93 there because we don't have the rdepends all working yet.
<ScottK> No clamav at all in *-backports right now.
<sommer> ScottK: ah, gotcha
<sommer> how do you enable the ppa in pbuilder again?  :)... is it --other-mirror?
<sommer> oh ya, --override-config
<tharis20> I need to take an internal HDD into a HDD Enclosure and I want to connect it to my lappy that that has WinXP and Ubuntu HH.
<tharis20> Then, I want to install ubuntu-server in it
<tharis20> *external HDD
<tharis20> and then put the HDD back into the Desktop
<tharis20> from where I took it
<tharis20> how can I do it without screwing my Lappy's GRUB?
<stiv2k> Hey how come this ssl-cert package has been being kept back on my server for like a really long time?
<ScottK> stiv2k: Because you need to install the new openssl blacklist tool with it.
<ScottK> stiv2k: sudo apt-get dist-upgrade.
<stiv2k> ScottK: ok
<stiv2k> ScottK: thank you!
<ScottK> stiv2k: Any time a package gets held back, you should investigate it immediately.
<stiv2k> ScottK: okay
<jussi01> Ok, we have a shared folder on our fileserver(via samba), when people fom windowws write  to it the permissions are set to their own and nobody else can read it.
<jussi01> how does one make it so when users write everyone can read?
<hads> jussi01: I don't use samba but you'll want to look into umask
<jussi01> hads: ok, thanks. googling now :D
<hads> jussi01: NP, just saw this http://lists.samba.org/archive/samba/2002-August/050432.html
<jussi01> hads: ahh, that explains t well! thanks
<hads> No worries
<kraut> moin
<celephais> Ciao, stÃ² cercando di installare la versione server utilizzando PXE, fino ad ora sono riuscito a configurare il server dhcp e tftp, provando il boot da PXE tutto funziona. Ma la cosa che non riesco a capire Ã¨ stÃ² installando la versione serve o quella desktop. Ho usato la cartella netboot trovata su archive.ubuntu.com di hardy
<trentster> hey all, need some advice, I want to setup a freenx deb machine at our datacentre for technicians to log into, One of the things they will be able to do from there is use tsclient or rdesktop to login to fix problems at our clients windows servers, I want the session to automatically loin to the server and supply the password, but I dont want the password to be in plain text in the .rdp conf file for them to read....any ideas
<nocturn> I ï»¿ tried to put Xen on my Ubuntu 8.04 server, but it seems to have broken the install.
<nocturn> After aptitude install ubuntu-server-xen, the system barely boots
<hads> nocturn: Xen isn't as supported on Hardy as KVM.
<nocturn> logging in takes ages
<nocturn> hads: I would use kvm if I could
<nocturn> but the machine does not have VT
<nocturn> I only need virtualisation to run Zimbra, because it conflicts with Apache and ldap on the real server
<hads> Bummer. I don't know a lot about Xen so probably can't help.
<nocturn> I think I'll have to move the server to CentOS :-(  Rather than run Vmware on Linux
<Dark_Shadow> greetings, how can i use a command promt from netboot without needing to "setup" the rescue system, i need some minimal system which boots over pxe from where i can chroot to my "normal" enviroment
<ikonia> Dark_Shadow: thats going to be tricky as yoru netboot image would have to be a system that was designed to boot/access as shell
<Dark_Shadow> agreed, however the rescue system from the netboot should be able to, but i did not figure out how to skil the questions yet
<ikonia> you wo'nt be able to interact with the install from the boot options
<ikonia> you'll need to boot it then interact with it on the client to drop it in to rescue shell
<ikonia> you may want to consider using an image thats specificlly designed for local interaction, eg: the Fedora rescue image, the LFS live cd, something that does a dhcp by default then drops into a shell on that system
<Dark_Shadow> if i understand you right i got the prob that i do not have any local media there
<ikonia> doesn't have to be local media "there", local media on the install / pxe server
<Dark_Shadow> so the fed rescue image is able to boot from "netboot" and therefor i can get it a script to execute where i do chroot and "start" my normal enviroment right?
<ikonia> no
<ikonia> the fedora rescue image will netboot for you
<ikonia> it will then present you with either a shell or a ncruses interface (dependong on your choice)
<ikonia> from there you can manually mount your ubuntu environment
<Dark_Shadow> hmm, guess i did not make myself clear enought, the last step should be a diskless ubuntu system booting through network without need a nfs server. therefor i do not "have" the option to manually set up the chroot
<ikonia> then surly you can just telnet to the network where the "disksless" disks are stored
<ikonia> I'm not quite sure I'm getting you
<Dark_Shadow> k ill try to explain a bit brighter :) one sec
<ikonia> you want to use a netboot image to chroot into a diskless box....that not using an NFS mount, so must only be running that in RAM  ?
<Dark_Shadow> yes
<Dark_Shadow> ideally i do not want to chroot
<ikonia> well, that doesn't make any sense as by default if it's running the OS in ram, then the netboot must provide the image to load into ram
<ikonia> so why do you need to "start it" as the netboot should start it as there is nothing to "start" without that image
<Dark_Shadow> well ill explain
<Dark_Shadow> i got the image/kernel +initramfs/tar whatever, it transfers to the client fine, extracting, booting till it wants to mount the root fs, at the point i get a kernelpanic
<ikonia> ok.....
<ikonia> ......and ?
<Dark_Shadow> i cant seem to get it working after that point
<Dark_Shadow> fstab mtab and kernel options seems to be fine
<ikonia> ok - so what's all this stuff your trying to do then with netbooting other stuff
<ikonia> Dark_Shadow: mtab can't be fine as it's not booted the OS - so how can you have an mtab
<Dark_Shadow> let me explain further
<Dark_Shadow> the diskless client i got a "working" image on hdd from, i boot this one, all fine, this image needs to be transportet through pxe to the client as its just temporary that the client has a hdd.
<ikonia> thats not how it works
<Dark_Shadow> as for the mtab, there was a howto i followed which created automatically an initram which i just needed to copy
<ikonia> you can't take a working OS and make it into a pxe image
<ikonia> well, not as easy as that
<Dark_Shadow> thats where i would try the "netboot" and chroot method
<ikonia> there is going to be references to physical disks which just won't exist on the netboot disksless system
<Dark_Shadow> netboot, get a command prompt, cp the files to ram, and chroot
<Dark_Shadow> yeah exactly
<ikonia> Dark_Shadow: you can't netboot and chroot - there is nothing to chroot to
<ikonia> "copy the files to ram" ???
<ikonia> it's held in ram, so when you power of - it will go
<ikonia> you need to edit the "image" before it boots
<Dark_Shadow> yes
<Dark_Shadow> but i can get it from the image
<Dark_Shadow> this part should work in theory
<Dark_Shadow> cp it from the server into the ramdisk
<Dark_Shadow> then mount the ramdisk
<Dark_Shadow> and chroot to it
<Dark_Shadow> but i guess theres more references to hdds then fstab, kernel parameters and such
<Dark_Shadow> yes its k that way
<Dark_Shadow> its intendet
<ikonia> I think your approaching this all wrong, especially for a diskless client
<Dark_Shadow> hmm, i cant think of another solution without optical, hdd and without nfs
<ikonia> not taking an image of a disk based system is a good start
<ikonia> take apart the livecd and look how that works
<ikonia> thats aimed at running in ram
<Dark_Shadow> so i should try to install directly into the ram? then copy it to the server (when it works) and cp after the reboot again , did i get you right there?
<Dark_Shadow> 32
<Dark_Shadow> never mind that number >(
<ikonia> not a case of "install into ram" as ram dissapears
<ikonia> but "run" from or "uncompress working image into" ram
<ikonia> again, look at how the livecd works, thats basiclly a working image
<Dark_Shadow> hmm, guess i need to make my own live^cd^ after all, thanks for the help
<ikonia> not quite your own livecd - but certainly the techinque the livecd uses to open into ram
<jdstrand> zul: I have a patch for bug #241448
<uvirtbot> Launchpad bug 241448 in samba "Playing from Samba SMB shared folder now is not possible (it could be done until last upgrade)." [Undecided,In progress] https://launchpad.net/bugs/241448
<jdstrand> zul: it was an upstream bug introduced in the patch for CVE-2008-1105
<uvirtbot> jdstrand: Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105)
<jdstrand> zul: I'll be pushing that out today
<jdstrand> zul: seb128 was able to reproduce it and verify the patch fixes it
<zul> jdstrand: cool good to hear that it wasnt one of my patches that broke things ;)
<jdstrand> zul: nope, it was mine
<zul> jdstrand: it was a regression introduced by the cve intresting
<jdstrand> zul: upstream's patch didn't deal with large files properly
<lukehasnoname> soren: pwned me on that GUI ML entry
<zul> jdstrand ahhh...I was thinking about that this weekend and we should probably enable the testsuite for samba as well
<jdstrand> zul: https://bugzilla.samba.org/show_bug.cgi?id=5517
<uvirtbot> bugzilla.samba.org bug 5517 in smbclient "Make Test Failure for RW1" [Major,Resolved: fixed]
<zul> yeah I saw that this weekend
<jdstrand> zul: well, the test suite requires --enable-socket-wrapper, I am not sure if that is desired in a regular build. however, you do a 'fake build' with that enabled, then throw it away and build it for real
<zul> jdstrand: yeah if you build it fakeroot debian/rules build it fails as well besides smbclient -L needs to be run as root
<jdstrand> zul: oh that's right too-- 'sudo make test' in the qa-regression-testing notes
<zul> it would have been a good though to enable it when it was building but it looks like it cant be done easily
<zul> jdstrand: oh btw slangasek enabled the make test in the openldap debian packge's svn repo
<jdstrand> cool
<zul> one less thing we have to do for 2.4.10
<jdstrand> ls
<melter> is there a server build of intrepid alpha?
<melter> nm, found it
<brewmaster_> what do i need to do to refresh my ssl certificates?
<brewmaster_> when i view from cpanel, it says it expires 2010
<brewmaster_> but when i browse the site with FF / konqi, the info says expires in 2008
<brewmaster_> (yesterday)
<brewmaster_> restarting apache did nothing btw
<croessner> Hi, is there somebody knowing on how to install Hardy on an Intel Apple Xserve?
<croessner> Oh please, not all at once :-)
<Birthday_Kaiser> patience :)
<croessner> Birthday_Kaiser, just joking a bit.
<Kamping_Kaiser> croessner, :)
<croessner> Kamping_Kaiser, it's really hard to get answers on my topic. So I really do not believe in getting any help anywhere.
<Kamping_Kaiser> i've got no idea. dont play with intel apples :)
<Kamping_Kaiser> anyway, catch you later
<uvirtbot> New bug: #244265 in samba (main) "winbindd internal error" [Undecided,New] https://launchpad.net/bugs/244265
<Dark_Shadow_2> greetings, if one would create a netboot initram, does one have to alter the inittab/ or the /etc/event.d script files? If not, where do i have to put a script which runs before mounting root?
<ScottK> mathiaz: I added my usual spec item to the agenda.  I think I added it in the wrong place though, so feel free to move it around.
<celephais> i, is there a way with dpkg to save the installed program's list to a file and then install the same package on another machine?
<maswan> --get-selections
<celephais> uh thanks
<celephais> and is there a way to copy configuration files too?
<zul> mathiaz: I think jcastro mentioned that you should be able to link php and mysql bugs to launchpad soon
<zul> jdstrand: ping, do you want me to do the samba fix for intrepid?
<jdstrand> zul: no, I already did
<zul> jdstrand: cool
<jdstrand> zul finally realizes the benefits of jdstrand's core-dev membership
<zul> jdstrand: heh I knew but you got to fix everything else so I thought you might need some help ;)
<jdstrand> zul: I appreciate it :)
<zul> jdstrand: np
<melter> how do i replace dhcp3-client with dhcpcd?
<lukehasnoname> mathiaz and mathiaz_ are both on
<lukehasnoname> zomg
<kylebrown> Hi
<kylebrown> Can anyone help me set up my first linux server?
<ScottK> kylebrown: It generally works better when you've tried yourself and then ask specific questions about problems you're having.
<kylebrown> Well I have it installed. Can you help me from there? I am linux dumb, lol. I can use things with a GUI for general usage, but never anything like this
<kylebrown> ScottK: Would you be able to help me set my frist file server up?
<ScottK> I'm probably not the best person to ask for that use case.
<kylebrown> Well the only thing that I know how to do is log in, lol. I just need something. I'm horrable at this. I mean if you don't mind helping that is.
<duiu> kylebrown: If you don't mind spending $40 on a book, there's a very good one called "Begging Ubuntu Server Administration" by Sander van Vugt that I came across last week. It explains EVERYTHING.
<duiu> *Beginning
<kylebrown> I might have to check that out some time. I don't have much use for a server for real intense things. Just simple access on a rare occasion and for storage at home.
<ScottK> kylebrown: Have you looked at the Ubuntu server guide?
<kylebrown> I honestly had no idea there was one
<kylebrown> i google'd for hours
<kylebrown> I havn't slepet for like 24 hours.
<lukehasnoname> duiu: I recommend that book as well
<lukehasnoname> help.ubuntu.com kylebrown check for the server guide
<ScottK> kylebrown: There is also https://help.ubuntu.com/8.04/serverguide/C/index.html
<ScottK> ^^ server guide.
<uvirtbot> ScottK: Error: "^" is not a valid command.
<ScottK>  ^^ server guide.
<kylebrown> I'm usually mostly on my mac (as I am now), windows sometimes to program, and linux for other general things
<duiu> kylebrown: advice, write this down even if you don't understand it. Create users for everyone that will access your server, put the users in a group, make a directory like /srv/fileserver, make the group the group owner, and a member of the group the file owner. And set SUID. Then conifgure samba for that folder (there's guides for that)
<kylebrown> Thanks so much for the guide
<kylebrown> what if I give out an access name and password and make only one?
<duiu> if everyone uses that and doesn't access at the same time, that'll work too.
<kylebrown> So multi users are for multi access is all?
<duiu> and for keeping track of who does what
<duiu> also, if you employ the sticky bit as well as SUID, it's keeps people from deleting each other's files
<ScottK> kylebrown: If you only have one username for everyone the first time someone does something they are supposed to you will deeply regret the decision.
<kylebrown> Why?
<duiu> You won't know who did it, when, and won't be able to fix it.
<duiu> kylebrown: I assume this is just for your house?
<duiu> so there isn't more than 6 people, I'd guess?
<kylebrown> Pretty much. And for distrubuting small games that I make
<kylebrown> Not at a time. One or 2 at a time most
<duiu> well, for your local users do "useradd (insertusernamehere)" then "passwd (useryoujustmade)" to set a password for them.
<duiu> oh and you'll have to use sudo when you do that
<lukehasnoname> kylebrown: with " -m" after useradd
<duiu> yes, sorry about that, your user probably wants a home directory
<lukehasnoname> seriously, get the book duiu recommened, it won't solve every problem, but it sure will help
<duiu> yeah, I learned all this last weekend. I'm just waiting for all the parts to arrive to do the same thing you are :)
<kylebrown> I have no idea what I am doing in here....................
<kylebrown> I will never get this working because I don't know linux
<duiu> kylebrown: if all you want is a file server you could use FreeNAS. It's easier, but you can't do as much.
<duiu> I think it'll do an FTP server as well.
<kylebrown> I'm cool with that as long as I can store and get files
<kylebrown> Can I get them strieght from browser to download?
<duiu> ?
<duiu> www.freenas.org
<duiu> en.wikipedia.org/wiki/freenas
<kylebrown> I'll brb, sorro
<kylebrown> back
<kylebrown> I think that is what I want
<duiu> The guide's a little tricky, it's not written well, but it explains everything.
<kylebrown> Ok. I am on my server and at the logged in command line
<kylebrown> I am really bad with guides, because it never works right. I tried videos, and written guides and failed
<kylebrown> What's my first step? I assume download, and if so, how
<duiu> download FreeNAS? That's a whole nother operating system. Download it and burn it to a cd using a different computer.
<kylebrown> oh, lmao
<duiu> check out #freenas for help
<kylebrown> Like the one I'm on?
<duiu> yeah
<kylebrown> You guys rocl
<duiu> can't help you anymore
<kylebrown> alright. I'll try that
<mathiaz> kees: how do you feel about bug 243810 ?
<uvirtbot> Launchpad bug 243810 in apparmor "AppArmor Isnt Implemented on Intrepid Alpha 1" [Undecided,New] https://launchpad.net/bugs/243810
<kees> mathiaz: I feel like I wish there was time to get the AA code ported to the intrepid kernel.  ;)
<kees> mathiaz: in theory, jjohansen has been working on the next cycle up for-mainline patches, so I was waiting on that.
<kees> mathiaz: if much more time goes by, I'll do it myself, but I've been busy with other stuff
<mathiaz> kees: ok - That's what I thought
<mathiaz> kees: user space is up-to-date, but kernel is not ready yet
<kees> mathiaz: right.
<kees> mathiaz: I just uploaded the userspace bits over the weekend (though I botched and didn't include your changes)
<kees> I'm sure there will be more uploads, so it'll get in.
<mathiaz> kees: I'll milestone this bug for intrepid-beta ok ?
<kees> mathiaz: yeah, that should certainly be done by then.  :)
<mathiaz> kees: hm - I'd put beta4 instead, which is just before FF
<kees> okay, sounds right. (you mean alpha4?)
<mathiaz> kees: yes :D
<sommer> ScottK: I've created an updated php5-clamavlib debian package, should I just attach it to debian bug #479885 ?
<uvirtbot> Debian bug 479885 in php-clamavlib "php-clamavlib: FTBFS: clamav.c:164: error: 'struct cl_limits' has no member named 'maxratio'" [Serious,Open] http://bugs.debian.org/479885
<ScottK> sommer: Did you make it proper NMU?
<sommer> ScottK: I think so :)... read through the developers reference sections concerning nmus
<sommer> want to have a look at it first?
<ScottK> sommer: Can you put a debdiff somewhere and link me?
<ScottK> Yes.
<sommer> only 4.5k want me to just email it?
<ScottK> That's fine.
<ScottK> scott .at. kitterman.com
<sommer> cool, on the way
<ScottK> sommer: Do you have any interest in maintaining the package in Debian?
<sommer> ScottK: since upstream is dead, it doesn't seem like the greatest of candidates
<ScottK> I don't do PHP, so I have no opinion, but do you think it's useful?
<sommer> ScottK: I guess I don't really see the benefit of it... the only real use I can see for it is to scan uploaded files, but you could just as easily call clamdscan, or another utility
<ScottK> Right.
<ScottK> I guess if you were scanning a lot of files the direct libclamav integration would be faster, but that's a detail.
<sommer> I've also noticed the php5-clamavlib performance hit when starting apache, so for me the project seems redundant
<sommer> anyway, gotta run bbl
<ScottK> OK.
<ScottK> See you.
#ubuntu-server 2008-07-01
<chmac> I can't resolve www.smile.co.uk through `getent hosts www.smile.co.uk` but it resolves fine through `dig www.smile.co.uk`
<chmac> nsswitch.conf reads "hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4"
<chmac> resolv.conf lists 127.0.0.1 then my ISP's nameservers
<chmac> dig @127.0.0.1 works fine, as does dig @ispnameserver
<chmac> I'm not running nscd, I haven't installed it
<chmac> Any suggestions other than rebooting?
<kgoetz> hi all. has anyone here had systems where the installer gets an IP address, but your still told that network dhcp autoconfig failed and you hae to reconfigure?
<uvirtbot> New bug: #244406 in mysql-dfsg-5.0 (main) "File load data infile'file-name' fails" [Undecided,New] https://launchpad.net/bugs/244406
<cxo> anyone know if i can have ubuntu server install on < 512mb flash?
<hessml> good evening
<hessml> anyone here have experience with ipmi serial over lan?
<cxo> ipmi serial over lan, thats intense
<hessml> i sort of have it working
<hessml> i get all the boot messages
<hessml> i get the login prompt
<hessml> i can login
<hessml> i get a login message
<hessml> then the console locks up
<hessml> its driving me nuts
<cxo> are you pxe booting?
<hessml> no
<cxo> which version are you running?
<hessml> i followed the  instructions on this page which seemed pretty good execpt for the locking me out https://help.ubuntu.com/community/IPMI
<hessml> 8,0.4 server
<hessml> intel/amd 64bit
<cxo> i honestly dont think anyone in here has the expertise
<cxo> ipmi is kinda something only enterprise worries about
<cxo> and for very specific tasks
<hessml> enterprise? how about us poor people with large clusters of very cheap computers?
<cxo> haha
<cxo> openmosix, be happy
<hessml> openmosix doesn't have ufw
<cxo> i heard there is work on shared memory, but havent heard much of it
<ScottK> I thought openmosix was shut down.
<cxo> kinda
<cxo> there is still one or two hackers on it
<hessml> anyway, ipmi is available on just about any computer you buy for a CO-LO. It adds about $50-100. It is better than a remote PDU because it gives you more functionality.
<hessml> my servers all cost less than a $1000 and they all have IPMI
<emgent> Pseudo clustering project --> https://launchpad.net/herd
<hessml> so which chat has the IPMI people?
<uvirtbot> New bug: #244420 in openssh (main) "open ssh in Intrepid will not connect to my hardy ssh server." [Undecided,New] https://launchpad.net/bugs/244420
<kraut> moin
<cxo> moin
<cxo> how do you tell gcc which linker to use, and not default to "ld" ?
 * kgoetz looks at ebox and wonders what he thinks
<kgoetz>   An internal error has ocurred. This is most probably a bug, relevant information can be found in the logs.  An internal error related to a template has occurred. This is a bug, relevant information can be found in the logs.
<kgoetz> :| not a lot is the answer
 * \sh is stupid somehow
<\sh> did anyone has a running config for moinmoin on hardy?
<\sh> s/did/does/
<\sh> damn..solved
<mouser25>  I have setup openvpn and it woks fine,  Im useing it now.  I was wondering if there was a way I could send port specific data across a tun connection insted of static routes for things like irc, aim, msn exct
<mouser25>  I dont want to make a static route for every irc server that I would like to connect to
<Kamping_Kaiser> perhaps by port
<Kamping_Kaiser> use iptables on your gateway to point it over the vpn
<mouser25> how will the client know to route the port to the vpn device and not the inet device
<Kamping_Kaiser> is vpn running on your local machine?
<Deeps> iptables mangle rules?
<Deeps> apply a fwmark
<Deeps> and then use ip rule to match the fw mark and lookup a different routing table (e.g. vpn table, where the default gw is via your vpn)
<Deeps> iirc, -t mangle -I PREROUTING -p tcp --dport 6667 -j fwmark --fwmark 2, would add fwmark #2 to any data going over port 6667
<Deeps> s/over/to/
<Deeps> google knows better
<mouser25> dont know what to look for
<Deeps> see the first three things i said
<Deeps> iptables, mangle, fwmark, ip rule (part of the iproute package)
<Deeps> hell, first hit on google for iptables fwmark looks relevant, bon appetit :)
<mouser25> Thanks for pointing me in the right direction
<mouser25> now just to find iptables for windows :(
<Deeps> heh, windows, forget about it
<Deeps> you're also asking the wrong channel too
<Deeps> this is #ubuntu-server, not #openvpn or #windows
<mouser25> the server is ubuntu
<Deeps> and openvpn is running on there?
<mouser25> the server side
<Deeps> your client side needs to be ubuntu too
<Deeps> or at least, linux
<mouser25> I know
<mouser25> My work computer cant be linux they wont let me
<Deeps> as your client side needs to know where to route the packets, and afaik windows doesn't have any tools that can do that
<mouser25> bummer
<Deeps> then i guess you're SOL for now then
<mouser25> well thanks for the help
<Deeps> if you're trying to get around work firewalls, my suggestion would be to use putty + dynamic ssh tunnel
<Deeps> which creates a local SOCKS proxy for you running on localhost:<whateverport you define in putty>
<Deeps> and then tell whichever apps you wanna route around the firewall to use that socks proxy
<mouser25> I started out with that, the connection here is so poor that it drops out alot
<mouser25> my server is in Iowa and im in Romania
<Deeps> if you dont wanna route per ip, ssh tunnel over the pn
<Deeps> vpn
<mouser25> ok,  That is a good thought
<Deeps> it's absolutely horrid and will lead to all sorts of nasties when dealing with dropped tcp packets if your vpn is tcp rather than udp
<mouser25> will give that a try
<Deeps> but then your vpn shouldn't be any more reliable than your ssh connection if it's tcp anyway
<mouser25> it seems to be
<Deeps> alternatively, cygwin + autossh could probably serve your needs too
<mouser25> it might have more to do with me changing to port 443 and the firewall is leaving my trafic alone now
<Kamping_Kaiser> tbh, this is now a ##windows problem.
<mouser25> with a posible linux solution :P
<Deeps> kaiser's right, but heh, gl finding someone in there with a clue of anything linux related. windows fanboys hate linux much like linux fanboys hate windows
<mouser25> Thanks for the help i have to get back to work
<Kamping_Kaiser> corp firewalls suck :| glad i dont have one at my current work
<Deeps> hehe i love them, the more restrictive the better
<Deeps> learn loads trying to break around them
<Kamping_Kaiser> there is that, but i learned heaps about windows, and i didnt really want to ;) [i also learned a lot about novell and braindead network design]
<Deeps> i still maintain that the ideal desktop is windows xp
<Deeps> with a ubuntu vm running in the second screen
<Deeps> or vice versa
<Kamping_Kaiser> it seems we disagree on that point
<Deeps> but i cant work without both
<hads> Each to their own
<Deeps> one key sticking point i remember from my last job was the complete fail of DFS under samba
<Deeps> but yeah, i wouldn't want many windows servers ;)
<Kamping_Kaiser> DFS?
<Deeps> distributed file system
<Deeps> raid over samba, i guess
<Kamping_Kaiser> ah, i see
<Deeps> remarkably easy to setup
<Deeps> many of the windows services are, and work surprisingly well on a small scale
<Deeps> if you can get them for free (or close to), it's ideal, as pretty much any numpty can come along and set up all sorts with a few button clicks
<Deeps> it's when you try to scale up and start having to pay MS's regular pricing that it stops being particularly useful
<Deeps> and/or want internet facing services i guess
<lukehasnoname> Happy Canada Day!
<nxvl> good morning!
<lukehasnoname> Happy Canada Day!
<shingalate1> Any reason an ftp user would be able to log in with /bin/bash as their shell but not /bin/false ?
<Kamping_Kaiser> yes there is
<shingalate1> I'm using vsftpd
<shingalate1> oh okay
<shingalate1> figured it out /bin/false wasn't listed in /etc/shells
<lukehasnoname> I like /bin/stfu better
<Ballena> Hi. Does anyone know where I can find a help channel for BitlBee?
<mm_202> Hey guys, how would I empty the 'Trash' via the shell?
<mm_202> Meh rm -rf .Trash-1000 works.
<melter> why don't i get postfix's default /etc/aliases file when i install it?
<lamont> did the file already exist?  it won't create one
<melter> who owns that file?
<melter> if i remove it and reinstall postfix, it creates it
<lamont> "the admin" :-(
<melter> what package?
<lamont> $MTA sort of owns it... I don't know of a single MTA that purges it on --purge
<lamont> more to the point, exim4 doesn't
<melter> postfix doesn't either
<lamont> and it's not attached to any package as a conffile
<lamont> melter: right.  I copied the behavior of exim4
<melter> postfix has a nice default file containing aliases for abuse, operator, etc., but none of that gets put into the /etc/aliases file
<lamont> ah, you mean upstream postfix?
<melter> yes
<melter> and that's the way it works in gentoo, too
<lamont> yeah - I've never grabbed that..  maybe I should
<melter> also, the main.cf file is misconfigured by default because if dhclient bugs
<melter> *because of
<lamont> could you smack a bug into either launchpad or debian's bts asking that the upstream aliases file be delivered on virgin install (or at least something based on it)
<lamont> misconfigured in what way?
<melter> there's a bug in dhclient that causes it to sometimes not set the hostname provided by the dhcp server
<lamont> sounds like a dhcp bug, not a postfix bug... :(
<melter> so if i set my hostname to "foo" when i installed, it should be overwritten when i boot, but it doesn't
<melter> by default, postfix uses gethostname to get the hostname
<melter> but ubuntu re-configures it to foo.example.com, which doesn't exist
<lamont> except that the postfix postinst sets myhostname == fqdn
<nxvl> nealmcb: about the oscon question, i have just checked my dates and i will be on the states just after the oscon :(
<nxvl> so i can't make it
<lamont> since historically asking glibc for fqdn got you just the first component..  thanks glibc
<nealmcb> nxvl: too bad - looks like a good one
<nxvl> yes
<nxvl> but i have already ask for my vacations, and have the flight tickets and all
<melter> does anyone know how to turn off dhclient? would uninstalling it work?
<lamont> network managler kind of likes dhclient
<lamont> OTOH, just configuring the interface in /etc/network/interfaces would do that
<melter> also, why does hardy ship with such an old version of dhcpcd?
<lamont> as in telling it 'inet static' with the right stuff, instead of 'inet dhcp'
<lamont> I don't even have a dhcpcd on my machine that I can find...
<melter> it's not installed by default, but 3.0.18 has a bug fix i need
<melter> and ubuntu ships with 3.0.17
<lamont> that would be because 3.0.17 was the current (debian) version at the time that the freeze for hardy hit
<lamont> intrepid has 3.2.3-1.1
<melter> i know, i already tried it :)
<melter> i wish i could put it on production machines right now :)
<lamont> "old" equates to < 3 months old at release date, which by most schedules is still pretty shiny-new
<lamont> most commercial schedules, that is
<lamont> afk for a nit
<lamont> bit, even
<melter> i'm pretty sure 3.0.18 was out more than just 3 months ago
 * delcoyote hi
<melter> what's ubuntu-minimal? is it ok to remove it?
<nijaba> melter: if you wan't to wipe your install, sure
<nijaba> melter: minimal is the smallest set of packages to have ubuntu boot...
<melter> so if i let apt-get remove it when i uninstall dhcp3-client, that would be a bad thing
<nxvl> ScottK: i find my descriptions very clear
<nxvl> ScottK: don't you?
<ScottK> nxvl: I'd have to look again.
 * ScottK is in a phone meeting right now.
<kirkland__> buenos tardes
<lukehasnoname> hola
<nxvl> kirkland__: buenAs tardes
<nxvl> :D
<kirkland__> nxvl: :-)
 * kirkland__ votes for a UDS on the Mayan Riviera
 * lukehasnoname Houston, Texas
<nxvl> kirkland__: i'm trying to make all of you come to peru
<lukehasnoname> Great... smog and.... green water
<nxvl> kirkland__: to see how it is like in the reality
<nxvl> :P
<kirkland__> *lukehasnoname couldn't be more wrong
<lukehasnoname> how so
<kirkland__> nxvl: peru sounds great
 * ogra still waits for the iceland UDS ... free natural hot tubs everywhere and good beer
<lukehasnoname> kirkland__: Have y'all ever thought about how awesome technology is that there are undersea cables connecting us?
<kirkland__> lukehasnoname: agreed.  Neal Stephenson's Cryptonomicon has an interesting storyline about undersea cables
<lukehasnoname> how am I wrong about Houston?
<kirkland__> lukehasnoname: no, you're right, Houston's coastline sucks
<lukehasnoname> heh
<kirkland__> lukehasnoname: I'm talking about the Yucatan Pennisula, Carribean side
<kirkland__> Houston != Mayan Riviera, not sure where you got that from
<lukehasnoname> I like Houston, and I love the coast, but our water isn't the clearest
<lukehasnoname> as in, it's opaque
<lukehasnoname> but I still play in it
<nxvl> Lima is in the coast
<nxvl> :D
<melter> what's the proper way to remove dhcp3-client? "apt-get remove dhcp3-client" will also remove ubuntu-minimal
<nxvl> ubuntu-minimal is just a metapackage
<nxvl> to install more other packages
<nxvl> so it doesn't hurt to remove ir
<nxvl> it
<melter> nxvl, that's not what nijaba said earlier
<melter> "if you wan't to wipe your install, sure"
<melter> "minimal is the smallest set of packages to have ubuntu boot..."
<nxvl> yes
<nxvl> but ubuntu-minimal is just a metapackage
<nxvl> the rationale is:
<nxvl> if some package tries to remove ubuntu-minimal it is needed
<nxvl> but if you want to remove it for some reason
<lukehasnoname> Meaning it's likea shopping cart of packages. Once you put the packages in the pantry (your computer) you dont' need the cart
<nxvl> is up to you
<nxvl> the problem here is dhcp3-client not ubuntu-minimal
<nxvl> :D
<melter> nxvl, YES
<nxvl> i mean
<nxvl> the one who will break you system
<nxvl> lukehasnoname: exactly
<lukehasnoname> must... learn... LDAP...
<lukehasnoname> l33t
<jpds> So... find a book on it.
<lukehasnoname> I know
<lukehasnoname> don't hate, jpds
<RoAkSoAx> lol
<mathiaz> kees: jdstrand: what would you answer to bug 244406 ?
<uvirtbot`> Launchpad bug 244406 in mysql-dfsg-5.0 "File load data infile'file-name' fails" [Undecided,Won't fix] https://launchpad.net/bugs/244406
<jdstrand> mathiaz: I agree with the "Won't Fix", but might guide him on how to add /var/www to the profile rather than just going with complain mode
<jdstrand> mathiaz: this statement is false: "mysqld already applies the necessary restriction and that the apparmor restriction is redundant"
<jdstrand> mathiaz: in the very limited scope of what he is trying to do, that is correct, but considering mysqld as a whole, it is not accurate
<kees> mathiaz: I've got nothing to add.  :)  jdstrand covered it with the "add what you need" part.  People will slowly get used to the extra MAC systems, and they just need to add more perms.
<[diablo]> evening #ubuntu-server
<[diablo]> guys, xen / ubuntu 8.04 related q's
<[diablo]> ?
<[diablo]> #?
<jpds> !ask | [diablo]
<ubottu> [diablo]: Please don't ask to ask a question, ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely answer. :-)
<[diablo]> !ask sarcasm
<ubottu> Sorry, I don't know anything about ask sarcasm
<[diablo]> ;)
<[diablo]> ok.. well, I've been using KVM for quiet some time, maybe near 1 year... Today I started with new company, and their very into Xen ... I had a proper headache with 8.04 (x64) and xen
<[diablo]> broken packages
<[diablo]> no intel graphics support
<[diablo]> when booting xen kernel
<[diablo]> now I know (and I completely agree with) that Ubuntu is geared towards KVM
<VilasBoas> hey i need a litle help
<VilasBoas> I'm installing on my ubuntu hasrdy a Lamp server but the phpmyadmin isn't working it can't find it :(
<[diablo]> but should I drop for the moment even the idea of getting Xen running nicely in Ubuntu?
<[diablo]> I'm assuming less attention is going to be paid to the fixes and patches than KVM
<[diablo]> here @ home.. I installed xen on my Q6600 box  ....  the nvidia drivers seem not to have been built around the xen kernel...
<[diablo]> it's a touch frustrating to use nv
<[diablo]> VilasBoas, you 'cant find it'
<[diablo]> ?
 * [diablo] advises VilasBoas to look under his bed
<VilasBoas> Diablo: do you whant to go .........
<[diablo]> VilasBoas, you've installed it right?
<VilasBoas> yes i have but when i go to http://localhost/phpmyadmin it appears black
<[diablo]> black?
<VilasBoas> yes black
<[diablo]> you checked the apache logs?
<VilasBoas> if it is working
<VilasBoas> the apache logs
<[diablo]> any messages
<VilasBoas> it's working
<[diablo]> but look in the logs
<[diablo]> it must say something
<VilasBoas> how can i do that?
<[diablo]> erm
<[diablo]> in the /var/logs/apache
<VilasBoas> i was folling the instrutions in http://www.guiaubuntupt.org/wiki/index.php?title=Ubuntu_hardy
<[diablo]> no idea, i don't follow tutorials to do things like that
<VilasBoas> of how to install a lamp server
<VilasBoas> :(
<[diablo]> VilasBoas, I assume there is some documentation on the ubuntu site
<[diablo]> a LAMP is more than common
<VilasBoas> ok thank you
<VilasBoas> :(
<[diablo]> VilasBoas, https://help.ubuntu.com/8.04/serverguide/C/index.html
<[diablo]> a start?
<[diablo]> http://www.ubuntugeek.com/ubuntu-804-hardy-heron-lamp-server-setup.html
<[diablo]> maybe too
<[diablo]> VilasBoas, tengo que pasar mi perro... adios
<VilasBoas> adios diablo and thanks
<sourcemaker> how can I log the access.log from apache to mysql database?
<LMJ> hello
<LMJ> sourcemaker : why you wanna explode your mysql database? ;)
<sourcemaker> LMJ: that's right :-)
<LMJ> sorry, gtg
<LMJ> CU
<nxvl> soren: did you have a amd64 machine near you?
<nxvl> or does anyone has a amd64 machine on hands and wants to build and run lintian on a package for me
<zul> nxvl: sure put it somewhere I can get it
<nxvl> zul: http://revu.ubuntuwire.com/revu1-incoming/augeas-0807012110/augeas_0.2.0-0ubuntu1.dsc
<soren> nxvl: I have nothing but amd64 machines anymore.
 * soren builds
<nxvl> soren: my brain is in reverse mode and english not my native lenaguaje, have you just said that you only have amd64 machines or that you don't have them anymore?
<soren> I only have amd64 machines.
<nxvl> \o/
<zul> nxvl: host not found
<nxvl> what?
<nxvl> http://revu.ubuntuwire.com/details.py?package=augeas
<soren> Worked for me..
<nxvl> for me to
<nxvl> zul: check you dns
<zul> nxvl: nm it hicked up
<soren> Weird, my intrepid schroot is b0rken.
<nxvl> need to go to the classroom, be back in 10 minutes
<VilasBoas> i have a big problem i was trying to install a LAmp server but when i try to open a php file the firefox ask me if i what to save or to open the script
<VilasBoas> can anyone please help me
<nxvl> ok back
<nxvl> any results?
<joebob777as7> I set up a hardy server and install gnome. I want to add a printer to be able to share it and printers doesn't show up under the control panel...
<joebob777as7> can someone point me in the right direction?
<soren> nxvl: Worked for zul.
<soren> nxvl: I'm building on intrepid now. I failed on hardy.
<soren> joebob777as7: #ubuntu
<soren> VilasBoas: Your apache server isn't interpreting your php files. Restart apache, and try again after you've completely restarted your web browser.
<soren> They have an annoying tendency to cache mimetypes.
<soren> nxvl: zul didn't have any lintian warnings either, by the way.
<nxvl> \o/
<soren> nxvl: By the way: I know that norsetto found some mistakes in your copyright file, but I have to say I was impresed at the copyright file that was already there.
 * nxvl HUGS soren and zul 
<nxvl> yeah, i fixed thos warning already
<nxvl> soren: thanks! i was trying to have it really explicit
<soren> Yeah. Good job.
<soren> Sometimes I think getting the copyright file right is the hardest part of packaging. :)
<nxvl> yes
<nxvl> not the hardest, but the teduis
<ScottK> It's the area where I most often find problems in a package after another MOTU has given it a +1.
<nxvl> yeah, we are developers, not lawyers, so most people focus more on techical things
<ScottK> OTOH, it's a wonderland for the pedantic.  I've found debian/copyright problems in packages put up for review by an archive admin.
<soren> ScottK: Heheh :)
 * soren wanders off
<nxvl> soren: http://revu.ubuntuwire.com/details.py?package=augeas <- 0.2.1 is out
<joebob777as7> i'm trying to tunnel to my cups shared printer at my office. Here is the command i'm running, ssh -L 1234:localhost:631 joe@myoffice.com when i go add the printer it doesn't show up anywhere how can i figure out the device uri to tupe in cups?
#ubuntu-server 2008-07-02
<joebob777as7> ok i figured out my printer tunneling and I can now see it on my ubuntu-server in my lan. I now need some help figuring out how to share it with my lan...
<mm_202> Hey guys, can someone help me with a question about /proc/[pid]/stat ?
<mm_202> Im trying to get the user & system time that the process has consumed.  But /proc/[pid]/stat seems to provide the information in 'jiffies'.
<mm_202> I want something more like what getrusage() returns.
<lukehasnoname> My god, the w3m debate is still raging
<nxvl> yes, i'm just ignoring those messages
<nxvl> it will never end
<nxvl> as the GUI one
<lukehasnoname> No one replied when I brought up the fact that it's 3MB installed
<nxvl> i'm ignoring them before it
<nxvl> :D
<ScottK> lukehasnoname: We need to get it easier to have different variants so that all parties can be satisfied.  Both the minimalists and the generalists have good point.
<ScottK> point/points
<lukehasnoname> I understand that we want to make everyone happy
<lukehasnoname> but... damn
<lukehasnoname> 72 posts on it
<lukehasnoname> when do you hit the sack, ScottK
<ScottK> Not for a while yet.  Several hours at least.
<lukehasnoname> ... when do you get up?
<lukehasnoname> I mean
<lukehasnoname> it's what, 2:30?
<ScottK> One (or very few) sizes will never satisfy everyone, so there's no point in arguing much over specifics.  We need more sizes.
<ScottK> lukehasnoname: What timezone?
<lukehasnoname> 2:29am Wednesday (BST) - Time in London, United Kingdom
<ScottK> Right.  I get up about 11AM your time.
<lukehasnoname> so you sleep from 5am-5pm ... awesome. I envy you. BTW, what's your take on NetDirector, did you look at it? I might finally have a friend with good internet to host my server so I can play with software.
<ScottK> I didn't look at it yet.
<ScottK> From the one technical answer I got about config files it sounds to me like they punted to the admin all the tricky stuff.
<lukehasnoname> it looks worth checking
<lukehasnoname> to me, anyway. Create users with unique roles based on services, and be able to manage large numbers of servers at once, as well as other functions
<ScottK> I agree it's worth looking into.
<lukehasnoname> Can I add newer release repos to older installs, and things function?
<lukehasnoname> such as adding hardy repos to a feisty or gutsy install
<ScottK> No.
<ScottK> Some packages will work, some won't.  If you want a newer package in a release, backports is the usual method.
<ScottK> !backports | lukehasnoname
<ubottu> lukehasnoname: If new updated Ubuntu packages are built for an application, then they may go into Ubuntu Backports. See https://help.ubuntu.com/community/UbuntuBackports - See also !packaging
<lukehasnoname> boosh
<lukehasnoname> k
<Jberg88> Hi I am trying to add a folder to my drupal install in the /sites/all diretory but I don't have to right permission to do so via FTP
<lukehasnoname> sudo chmod 777 /sites/all/
<lukehasnoname> or chown /sites/all/ to you
<rodneyk> whats the best monitoring packages in the ubuntu repository besides nagios
<Kamping_Kaiser> not sure we should be encouraging chmod 777
<ScottK> Agreed.
<LMJ> rodneyk : I have to admit I really love Hobbit to monitor all my company servers & Network
<ScottK> sommer: Are you around?
<ScottK> sommer: php-clamavlib is uploaded to Debian.
<kraut> moin
<uvirtbot`> New bug: #242846 in openldap2.3 (main) "update-manager could not update otrs. " [High,Triaged] https://launchpad.net/bugs/242846
<sommer> ScottK: that's awesome :-)
<ScottK> Congratulations.
 * sommer reading the email reply
<ScottK> sommer: PTS hasn't fully updated, but see the first item in News http://packages.qa.debian.org/p/php-clamavlib.html
<hubuntu> is there a deb for a newer version of mediawiki than the one in the repositories? Etch has 1.7 but we have 1.1 ??!!
<ScottK> No.  We have 1.11 in Hardy.
<sommer> ScottK: heh, cool
<hubuntu> oh... sorry saw 1.1.11 not 1:1.11
<hubuntu> hope that doesn't end in ubuntubash.org
<Deeps> it's about as funny as everything else on there, so it could well do
<nandersson> Where looks Mac OS X for the Bzr plugin-directory?
<ogra> nandersson, did you ask in #bzr ?
 * ogra doubts many people in #ubuntu-server use OS X
<nandersson> ogra, sorry :) I was in the wrong channel
<ogra> :)
<Blinny> I have a cron script (named 'backup') in /etc/cron.daily. Although I have 3:25AM for the runtime in /etc/crontab, it doesn't get around to running until 7:30AM. What could be causing this, other than the 'a' named scripts (0anacron, apache2, apport, apt, aptitude) somehow taking four hours to run?
<Shanix> hi all, would anyone know how to setup a floating IP between 2 servers? not DHCP nor dynDNS.org
<_ruben> Shanix: "a floating ip" ??
<uvirtbot> New bug: #225229 in net-snmp (main) "agentXPerms configuration directive is ignored" [Undecided,Confirmed] https://launchpad.net/bugs/225229
<Shanix> _ruben, yeah, the redhat clustering suite
<ScottK> Anyone around that uses amavisd-new that could install a new version for testing in the next few days?
<mindframe-> what version of ubuntu does this belong to? SSH-2.0-OpenSSH_4.2p1 Debian-7ubuntu3
<mindframe-> I'm thinking Dapper... is this correct?
<lukehasnoname_> looks like it
<lukehasnoname_> http://ubuntuforums.org/archive/index.php/t-227539.html
<soren> Yes.
<soren> https://edge.launchpad.net/ubuntu/+source/openssh
<ScottK> lukehasnoname_: Yesterday you recommended someone might chmod a file to 777 to solve a problem.  Please don't do that.
 * soren concurs
<lukehasnoname_> I concur since I didn't ask him how secure/important that dir was
<lukehasnoname_> soren: cool link, I didn't know you could track like that in LP. I admit I haven't explored it much.
<soren> Regardless... "chmod 777" is never a good solution. At the very least, don't provide it as a default solution unless explicitly told that the server is not networked and physically locked up in a box somewhere out of reach of children and such.
<mindframe-> how can i get a list of security vulnerabilities associated with  	OpenSSH 4.2p1-7ubuntu3 ... obviously fixes were backported
<lukehasnoname_> soren: ok
<soren> mindframe-: Look at the changelog. Same page.
<ScottK> mindframe-: http://changelogs.ubuntu.com/changelogs/pool/main/o/openssh/openssh_4.2p1-7ubuntu3.4/changelog
<ScottK> soren: The Launchpad 'changelogs' aren't really changelogs at all, but an incomplete amalgamation of some of the things mentioned in .changes files for the release.  To get the full debian/changelog you need to go to p.u.c.
<soren> True.
<ScottK> There are open bugs on this in Launchpad, but it's not a high priority.
<ScottK> It seems odd to me that data correctness and completeness don't rate highly for them, but there is obviously a lot I don't understand about Launchpad development.
<sommer> jdstrand: I sent a patch to the ldapscripts author that allows them to work from a non-configured workstation... just fyi
<sommer> also sent one allowing some more functionality to the template system
<sommer> jdstrand: for reference it came up a week or more ago that ldapscripts needed to be run from a workstation configured for ldap authentication
<_ruben> Shanix: never used RHCS, but do use linux-ha's heartbeat app in production failover setups
<jdstrand> sommer: nice
<Shanix> _ruben, thx
<hubuntu> once the drupal package in installed under hardy where can I add the www path for it? DO I have to add a "sites-available" file and create a database for drupal or is there a path for me to start the installation?
<arakthor> anyone know where to find good documentation on snmp and mib?
<lukehasnoname_> Does anyone have personal recommendations on books covering LDAP, SANs, or Linux VM?
<sommer> lukehasnoname_: this one's dated but pretty good: http://oreilly.com/catalog/9781565924918/
<sommer> lukehasnoname_: there's also mastering openldap by packt publishing... don't have a url
<lukehasnoname_> I see it on amazon
<lukehasnoname_> there are several there, I was seeing if y'all had used any of them
<sommer> I've used both the ones I recommended :-)
<lukehasnoname_> cool
<lukehasnoname_> I'll check those out, esp. the Packt one since it's Open specific. If anyone asks, "Beginning Ubuntu Server Administration" and "Linux Networking Cookbook" are both really terrific
<lukehasnoname_> In fact, the LNC has a really good chapter on OpenLDAP that I had forgotten about... I tell you, that book is very good.
<heno> Hi nijaba, are you able to do a JeOS test install?
<heno> we also need the default + crypted LVM server case covered
<uvirtbot> New bug: #244925 in openldap2.3 (main) "slapd reports wrong ssf using gnutls" [Undecided,New] https://launchpad.net/bugs/244925
<ScottK> mathiaz: All the MIR for the Amavisd-new/DKIM spec are approved, so you can mark that off your list.
<mathiaz> ScottK: awesome :)
<mathiaz> ScottK: what's the next step then ?
<ScottK> The next step is for me to add configuration changes to the default config for amavisd-new.  I'm trying to get an NMU sponsored in Debian first so that we don't have two uploads.
<ScottK> Then it's testing.
<ScottK> Since libmilter got approved today too, I'll also unsplit amavisd-new-milter at the same time.
<HomeSickA> hello all, wanted to set up a private network with a private domain. network will have about 30 or so computers both ubuntu and windows. i woud like to run a 'central' server on ubuntu server 8.04. the network has 10 computers on a lan router, we would like to bridge that to a wireless router so ppl can also connect wirelessly. i would like the server to have a domain called server.lan.com so that ppl can jsut put that in their i
<ivoks> so, where's the problem?
<luke_has_no_name> ivoks: I think he wants to know how to
<HomeSickA> yes lol
<HomeSickA> how to ;p
<ivoks> so, that server should be dhcp server
<HomeSickA> yes
<HomeSickA> that server should 'run' the network
<HomeSickA> wil the wireless users get affected? i mean doesnt the wireless router tend to do all the work?
<ivoks> and wifi router should have dhcp service disabled, and only pass packages
<ivoks> it should work if you disable dhcp service on it, and set an IP that would be in the same range as server
<HomeSickA> ok, does ubuntu ship with that as a standard?
<ivoks> with dhcp server?
<HomeSickA> yes
<ivoks> yes, it's on CD
<HomeSickA> ubuntu server edition that is
<HomeSickA> ok sweet
<HomeSickA> im not getting 'and set an IP that would be in the same range as server'
<HomeSickA> where do i set that
<ivoks> dhcp3-server is the name of the package
<ivoks> on the wifi router
<ivoks> example:
<HomeSickA> ok, so i set the wifi router to have an ip address?
<ivoks> ubuntu server has an IP 192.168.0.1, it offers over dhcp 192.168.0.100-192.168.0.200
<ivoks> then your wifi router should have 192.168.0.2
<HomeSickA> ok im getting that
<ivoks> having a caching DNS server would be cool, too
<HomeSickA> caching DNS server?
<HomeSickA> pls explain :D
<ivoks> DNS server which doesn't have local domain, it just stores queries from other domains
<HomeSickA> what domains are u talking about ;/ im lost. im just creating a private network, no internet
<ajsharp> This isn't really an ubuntu specific question, it's more of a dns question but....is creating an A record for every subdomain (www.example.com) equivalent of creating cname records to the servers main A record (example.com)?
<HomeSickA> i see i see
<HomeSickA> i see i see: By default, BIND installs on Ubuntu configured to act as a caching DNS server
<HomeSickA> i read a guide on bind9
<HomeSickA> i read a guide on bind9?
<HomeSickA> is that the way to go?
<ivoks_> uf...
<ivoks> where were we?
<ivoks> last i said was caching DNS and i got lost after that
<HomeSickA> <HomeSickA> i see i see: By default, BIND installs on Ubuntu configured to act as a caching DNS server
<HomeSickA> <HomeSickA> i read a guide on bind9
<HomeSickA> <HomeSickA> i read a guide on bind9?
<HomeSickA> <HomeSickA> is that the way to go?
<ivoks> it's been a while i configured my last dns, so i don't remember how it works out of the box
<HomeSickA> thinnk i need to get the bind package
<ivoks> but, i guess you'll need jus couple of configuration lines in named.conf.local
<uvirtbot> New bug: #244968 in likewise-open (main) "Upgrade likewise-open to 4.1.0" [Wishlist,In progress] https://launchpad.net/bugs/244968
<ivoks> to allow wueries from other machines
<ivoks> right, bind9
<HomeSickA> http://www.howtoforge.com/perfect-server-ubuntu8.04-lts
<HomeSickA> saw it there, think thats the solution hey
<ivoks> i'm afraid of those 'perfect setups' :/
<HomeSickA> lol thing is, im not too familiar with the server commands hey
<HomeSickA> and thats prob all that i can find for now
<RoAkSoAx> HomeSickA, https://help.ubuntu.com/8.04/serverguide/C/dns.html
<ivoks> you could try ebox...
<HomeSickA> ebox?
<ivoks> http://ebox-platform.com/
<ivoks> it's kind of a gui and easy linux server for begginers
<RoAkSoAx> HomeSickA, this might help ya too: https://help.ubuntu.com/8.04/serverguide/C/ebox.html
<Luke_L> or NetDirector (try it and tell me how it works) haha
<HomeSickA> thank you ivoks and RoAkSoAx :]
<HomeSickA> lol Luke_L im scare ;p
<ivoks> HomeSickA: i would suggest newer ebox packages; it has great file sharing module
<HomeSickA> what does ebox do actually, should i use it as an alternative to ubuntu server?
<RoAkSoAx> HomeSickA, ebox its for Ubuntu Server administration through http
<HomeSickA> aahh, does it manage packages already installed on the ubuntu system, like bind or an ircd?
<Luke_L> HomeSickA: ya
<HomeSickA> think that will usefull
<zul> ivoks: it has a file sharing module?
<ivoks> zul: samba
<HomeSickA> im so excited
<ivoks> zul: really cool new module; with detailed permissions
<HomeSickA> need to wait for my friend to bring the server edition cd this weekend so we can try al this
<zul> ivoks: coolio
<ivoks> i have one great movie for all sys admins:
<ivoks> http://blip.tv/file/1015028
<HomeSickA> ivoks any other helpful hints?
<ivoks> HomeSickA: i don't know... :)
<HomeSickA> :]
<HomeSickA> oh yes
<Luke_L> where are the IRC logs?
<HomeSickA> i have one more q, i set up dancer-ircd. ppl can connect fine to it, but why does it take so long to connect - there is like a 10 second pause
<HomeSickA> it has something to do with IdentLookups im sure
<ivoks> HomeSickA: right, that's normal
<HomeSickA> know how to fix it though?
<HomeSickA> can't seem to find the appropriate command to slot into ircd.conf
<ivoks> by enabling ident service, which isn't something you want
<ivoks> or disabling it at irc server, right
<HomeSickA> yea, how on earth do i do that mate? ;[
<ivoks> don't know; i've never set up an irc server
<luke_l> I just thought about the fact that FreeBSD's package selection at install time is a pretty good example of what people want in Ubuntu
<luke_l> It's not as detailed as the FAI or the more specific "flavor" spec that ScottK wants but it's the same in principle
<ScottK> The hard part isn't the package selection, but the integrated configuration that goes with it.
<luke_l> right I was tihnking initally about the "minimal vs. full" debate that was going on
<ScottK> Yes.
<luke_l> you mean like what qualifies for each?
<luke_l> like does w3m stay in minimal, haha
<ScottK> For that, you're right, package selection is sufficient.
<ScottK> For what I'm trying to do in the flavor spec is get a set of packages with a set integrated configuration.  That's a harder bit.
<luke_l> right.
<colin_> hello
<luke_l> yo
<colin_> I'm trying to install Ubuntu server on my Compaq Proliant DL380 G1, but it does not reconizes my raid controller correctly
<colin_> does anyone know a solution for this?
<HomeSickA> hello, should i install the lamp bundle during the server installation or should i install each part separately?
<hads> 6 of one half a dozen of the other :)
<ScottK> It depends on if you want to do more work or less.  If you want less, just install the LAMP stack.
<HomeSickA> what about the configuration?
<HomeSickA> can i install the lamp bundle, then just configure it the way http://tinyurl.com/65jzxw states
<luke_l> yes
<luke_l> but LAMP install is just as easy and probably does what you need
<HomeSickA> great
<HomeSickA> :)
<uvirtbot> New bug: #245015 in php5 (main) "php5 install does not work" [Undecided,New] https://launchpad.net/bugs/245015
#ubuntu-server 2008-07-03
<uvirtbot> New bug: #245031 in munin (universe) "apt_all doesn't grok Ubuntu" [Undecided,New] https://launchpad.net/bugs/245031
<axisys> !raid
<ubottu> Tips and tricks for RAID and LVM can be found on https://help.ubuntu.com/community/RaidConfigurationHowto and http://www.tldp.org/HOWTO/LVM-HOWTO - For software RAID, see https://help.ubuntu.com/community/FakeRaidHowto
<axisys> ^ is there anything simpler that these?
<uvirtbot> axisys: Error: "is" is not a valid command.
<axisys> s/that/than/
<axisys> first link has nothing
<axisys> second one is not ubuntu specific
<axisys> third one is really lot of work
<axisys> in solaris SVM is super simple
<axisys> SVM aka disk suite aka soft raid app
<axisys> wish ZFS is already in linux .. life would be sooo easy
<nxvl> sommer: i have never love you like today
<nxvl> ubuntu server guide is awesome
<axisys> how do I get notified when there is a pkg update available?
<nxvl> as in new debian version or as in new upstream version?
<nxvl> or as in new ubuntu version for updating your server?
<axisys> nxvl: ubuntu
<axisys> nxvl: ubuntu server
<axisys> nxvl: or pkgs
<nxvl> i use scripts for that
<nxvl> a cron running apt-get update
<nxvl> and stuff
<nxvl> sommer_: i have never love you like today
<nxvl> ubuntu server guide is awesome
<axisys> nxvl: how would u know when reboot is necessary? in workstation it shows the icon
<nxvl> mm
<hads> It's not nessecary :)
<nxvl> i think there is an update-manager interface for CL
<hads> If you do a kernel update then you will need to reboot to get the new kernel, that's about it.
<axisys> in other words there is no way to get notified.. even with log or email?
<nxvl> axisys: you can write a shell script and add it to cron
<nxvl> BUT
<nxvl> i remember there was an easy one
<hads> Well it's your responsibility to notice what packages you install/upgrade.
<nxvl> just don't remember what it was
<nxvl> axisys: please add it to brainstorm
<nxvl> axisys: brainstorm.ubuntu.com
<hads> There's apticron/cron-apt etc. which will notify you when there are updates available.
<axisys> hads: how about when I need to reboot ? there is no notification for that?
<hads> As I said, if you do a kernel update then you will need to reboot to get the new kernel.
<nxvl> axisys: i don't have a solutions for it in mind, but, you can send an e-mail to the list http://lists.ubuntu.com/mailman/listinfo/ubuntu-server and add it to brainstorm http://brainstorm.ubuntu.com/
<nxvl> need to run
<nxvl> axisys: please follow my suggestion, i find your idea relly usefull and viable
<nxvl> s/viable/feasible/g
<nxvl> read you later
<axisys> nxvl: http://brainstorm.ubuntu.com/idea/10640/
<axisys> just added it
<psycho> hi guys
<psycho> need some help with ubuntu 8.04 server edition working as a router !
<psycho> i used to have a 2.4.34 kernel router system and everything was working fine
<psycho> when i upgraded to ubuntu 8.04 2.6.24 kernel everything works fine except for creating new hotmail passport live account
<psycho> does anyone have an idea where to start looking ?
<xt> do you have a pppoe connection?
<psycho> no its not pppoe and the mtu size is 1500 as i always had it
<xt> alright, I thought it might be mss size
<xt> you can always packet sniff
<psycho> mss or mtu !?
<xt> on ppp you "need" -A FORWARD -m comment  -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS  --clamp-mss-to-pmtu --comment "MSS CLAMP"
<soren> How would mtu size affect ability to create a hotmail account?
<xt> soren: I've seen all sorts of weird stuff going on without that on a pppoe connection, for example certain web pages not working
<psycho> this is weird as on 2.4 kernel i have the same firewall rules and same scheme as of 2.6.24 kernel router
<psycho> 2.4 works like magic 2.6 doesn't
<soren> xt: Sounds "special".
<xt> soren, I despise ppp on broadband connections, hehe. Luckily I dont have one myself as I have fibre at home
<psycho> although everything working great on 2.6 except for this feature
<psycho> i have E1 connection
<wrecky> yo whats probably the best free web system control panel, besides webmin
<wrecky> or a control panel that works game servers to like CS 1.6 or CS:S
<Kamping_Kaiser> ebox recomended by ubuntu over webmin
<jiphex> Can someone please lend a hand with configuring exim4, it seems it's not reading /etc/mailname for some reason, and hence I can't send any mail locally or remotely from the box because exim (correctly) fails to resolve "etc_mailname" or "ETC_MAILNAME" as mail hosts http://pastie.org/226963
<Kevin_openworld> Hello all
<Kevin_openworld> Can some one help me with Php myadmin.
<Kevin_openworld> on ubutnu
<xt> http://www.catb.org/~esr/faqs/smart-questions.html
<Kevin_openworld> Well this is what going on. I install phpmyadmin and it not found when i go to http://192.168.2.6/phpmyadmin. I installed it for Apache 2 the site is Apache/2.2.8
<heno> Hello good people of #ubuntu-server!
<heno> Is there anyone here who has VMware-ESX set up and can help us wrap up the last JeOS test case for Hardy.1?
<heno> see http://iso.qa.ubuntu.com/qatracker/test/1711
<heno> nijaba, soren, dendrobates- ^
<Kevin_openworld> Heno
<Kevin_openworld> I think all the people are asleep
<Kevin_openworld> Becuse i asked for help and got no reply
<heno> ok thanks Kevin_openworld
<heno> 2 or those 3 should be in European timezones though :)
<Kevin_openworld> I am in EST 6:05 AM
<Koon> heno: nijaba is on a trip. soren should be back soon, though
<heno> ok, great
<soren> wazzup?
<soren> Kevin_openworld: Did you restart (or reload) apache?
<soren> heno: No ESX access for me.
<soren> heno: nijaba's your man.
<heno> soren: ok, he's on travels though?
<soren> soren: Yes, on his way to South France. He left really early, though, so he might be there now, but now that you mention it, it's probably not going to be easy for him to do any testing from there. He's attending a meeting or something.
 * heno just found #vmare on freenode with 160 people in it ...
<heno> will ask nicely there :)
<soren> Heh.. Good plan :)
<Kevin_openworld> I restarted Apache Soren
<Kevin_openworld> I just got back and seen your text.
<kraut> moin
<soren> Kevin_openworld: And no luck?
<soren> Oh, hang on.
<soren> Try this:
<Kevin_openworld> Nope
<soren> http://192.168.2.6/phpmyadmin/
<soren> (note the trailing slash)
<Kevin_openworld> same page i been going to
<Kevin_openworld> not working
<soren> That's not what you said, though.
<Kevin_openworld> I know
<Kevin_openworld> both of them wont work
<soren> What happens?
<soren> What do you see instead?
<Kevin_openworld> The requested URL /phpmyadmin/ was not found on this server.
<soren> Have you changed apache's config at all? Using virtualhosts, perhasp?
<soren> perhaps, even.
<Kevin_openworld> I think so
<Kevin_openworld> I am using Webmin
<Kevin_openworld> also
<soren> gah..
<soren> Then you're on your own, dude :)
<Kevin_openworld> Any one else?
<Kevin_openworld> wait
<Kevin_openworld> Do they make a Windows PRogram?
<Kevin_openworld> to edit mysql and things?
<soren> probably.
<Kevin_openworld> I will google it.
<Kevin_openworld> I think i seen one before
<Kevin_openworld> Wait
<Kevin_openworld> Can i download phpmyadmin as a php files?
<Kevin_openworld> Becuse i looked in the var/www
<Kevin_openworld> and their no phpmyadmin file?
<soren> The phpmyadmin package configures apache to look for the files in /usr/share/phpmyadmin.
<soren> IIRC.
<soren> Kevin_openworld: ^
<Kevin_openworld> ok
<soren> ...so that's where they are.
<Kevin_openworld> fond them
<Kevin_openworld> Do i drag and drop them all?
<Kevin_openworld> in
<Kevin_openworld> var/www/phpadmin?
<Kevin_openworld> Or copy?
<soren> I don't do drag and drop.
<soren> I recommend a symlink.
<soren> Or configuring apache to look in the right place.
<Kevin_openworld> ?
<Kevin_openworld> oo
<Kevin_openworld> How?
<Kevin_openworld> Can i just copy?
<soren> webmin => You're on your own. I have no idea.
<Kevin_openworld> k
<Kevin_openworld> Well i found them so i think i know what to do
<Kevin_openworld> Thanks a lot.
<soren> You probably need to sacrifice a lamb somewhere in the process.
<hads> heh
 * soren -> food
<Kevin_openworld> it worked
<Kevin_openworld> THanks
<griffon> anybody here who has experience with the ldap overlay module: smbk5pwd?
<griffon> i compiled it for the current openldap server 2.4 from ubuntu 8.04 but it won't work. If i change pam_password to exop and i'll change my password using passwd it stalls after making the EXOP call (according the logfile output of openldap)
<zul> morning
<emgent> hey people rapache 0.4 is out with apache modules support
<emgent> It`s in rapache-devel PPA
<sommer_> hey all
<aiwatch> Hi every one
<zul> soren: apt_all.in patched for ubuntu
<soren> zul: *blink*
<soren> Really
<soren> ?
<zul> soren: yep
<soren> Awesome, dude!
<zul> for intrepid
 * soren hugs zul
<zul> perl is fun
<soren> I think it's SRU worthy.
 * soren realises he just increased the pain by 1000%
<zul> http://pastebin.com/d2dc26fdf
<zul> not very painful
<soren> I mean doing SRU's, but I guess you're used to that, too :)
<soren> Did you test the patch?
<zul> i wrote a test program that basically does that
<soren> Because ISTR that munin isn't too fond of dashes.
<zul> mind testing that out for intrepid once it gets build
<ScottK> soren: Do you post stuff to the Ubuntu Server blog or is that just mathiaz?
<soren> ScottK: I do.
<soren> Er..
<soren> Sorry. No. I don't.
<ScottK> You could, but you don't?
<bill_> is there a way to set up resource rate limits on things like I/O?
<soren> Don't think I could, no. Not at this point.
<soren> I think it's intended to be open to the entire server team at some point, but I'm not sure.
<ScottK> OK.  I think the mail I just sent to the server list would be a good post.  I'll wait for him.
<ScottK> Thanks.
<soren> np :)
<ScottK> sommer: When you have some time, I'd like to discuss documenting whitelisting based on DKIM/SPF results in the server guide (this is generally the docs piece of the amavisd/dkim spec.
<Tophat> is there anything for linux that can act like a windows domain controller?  such as Active Directory or have it setup as a Central Authorization Point?
<blue-frog> ldap or samba-ldap
<blue-frog> for windows domain samba-ldap
<sommer> ScottK: now's an okay time... is there a wiki page on the procedure?
<ScottK> sommer: No.  It's in the package docs.
<ScottK> Can you grab the current Intrepid source package?
<sommer> ah, that should be good enough... sure
<arvind_khadri>  in the server edition the postfix can be configured when we want to correct??
<arvind_khadri> or has it to be done while installation only
<ScottK> arvind_khadri: Yes.  Unless you select the mail server task it's not installed by default.
<ScottK> You can configure it at install time or later.
<heno> anyone fancy setting up a vmware-esx demo install? we still have an outstanding JeOS test case
<heno> http://www.ntpro.nl/blog/archives/325-The-ultimate-ESX-3.5-white-box.html
<heno> that's the most help I could get in #vmware
<ScottK> heno: It would be very handy if Canonical had a virtualization engineer or some such to help out with things like that.
<sommer> ScottK: source acquired... that was the amavid-new source right?
<ScottK> Yes.
<sommer> cool, what am I looking for?
<ScottK> Look in the file RELEASE_NOTES
<heno> ScottK: sure, but we are a community project too ;)
<zul> ScottK: soren is the virtualization engineer
<sommer> gotcha... doesn't seem to complicated after a quick glance
<arvind_khadri> ScottK, postfix is the POP right??
<ScottK> zul: ;-)
<ScottK> arvind_khadri: No.  Postfix is MTA.  You want Dovecot for POP.
<arvind_khadri> ScottK, oh ok
<ScottK> sommer: For someone who is knowlegable, it's not so hard, but I think we need to cover how to add domains to the whitelist and what it does.
<sommer> ScottK: sure, I'll add it to the mail filtering section
<ScottK> sommer: I'd also like to document using SPF results to whitelist in Spamasssasin, but I need to do some reasearch on that.
<ScottK> sommer: Great.
<ScottK> sommer: Updating the server guide is part of the spec, please let me know if you need help and/or when it's done.
<ScottK> sommer: It is really amazingly wonderful to get an answer like, "sure, I'll add it to the mail filtering section".  Thanks.
<sommer> ScottK: sure will do, it may be later this month... still working on Samba, but that's maybe this close to being ready for review |--------|
<sommer> ScottK: np
<arvind_khadri> ScottK, how to add route the entry should look like default 192.168.1.1
<ScottK> arvind_khadri: I don't understand what problem you are trying to solve.
<arvind_khadri> ScottK, i want to add a route as of now
<ScottK> arvind_khadri: I don't have enough context to answer that question.
<arvind_khadri> ScottK, hmm thanks ..
<soren> zul: I'm afraid your patch doesn't work.
<soren> zul: a) there's a missing comma in your @releases.
<soren> zul: b) Since we in Ubuntu are dealing with pockets rather than suites, "-t $release" won't cut it.
<soren> My suggestion about using "-s" and looking for the suite doesn't quite cut it either, though.
<soren> ...since that doesn't do much to detect held packages.
<soren> I've got a patch here that does nothing but return the package count, but doesn't set extinfo.
<soren> ...which is a bit of a shame.
<soren> My perl-fu isn't very strong :(
<zul> soren: damn it
<soren> zul: When my ssh keys get updated (submitted a few minutes ago), I'll put my new patch on people.u.c.
<zul> soren: okie dokie
 * delcoyote hi
<spiekey> Hi
<spiekey> soren: you there? :)
<soren> Oui.
<spiekey> just a sec :)
<spiekey> yey! it works!!!!
<spiekey> thanks soren :)
<soren> Hahha!
<soren> spiekey: Any time, dude. :)
 * soren is about to let out a sigh of relief
<soren> I think I've finally found a structure for the new VMBuilder that I'm happy with.
<spiekey> yes!
<spiekey> yey!
<spiekey> :))
<spiekey> :-/-<
<spiekey> :-\-<
<spiekey> :-|-<
<jdstrand> MatBoy: you know, we talked about nscd wrt libnss-ldap and libpam-ldap the other day. I didn't realize nscd was in universe until today, so I moved it to Suggests in libnss-ldap
<jdstrand> mathiaz: ^
<jdstrand> soren: so you refactored ubuntu-vm-builder correct? this was in part to create libraries that ubuntu devs can use I assume. I recently refactored ufw, and wonder it there is anything we can share
<jdstrand> soren: the one from ufw that may be worthwhile is util.py (http://bazaar.launchpad.net/~jdstrand/ufw/trunk/annotate/160?file_id=util.py-20080701191142-03fec67gtdcg30cn-6)
<jdstrand> soren: that there are still some ufw specific bits in there (I think just references to UFWError)
<jdstrand> soren: we'd need to clean up the 'debugging' variable, but between those two, I think itmight be useful
<jdstrand> s/between/if we address/
<soren> jdstrand: There are a few things we might be able to share.
 * soren . o O { import uncomplicated }
<soren> I like the rollback mechanism, I came up with, but it probably won't be of much use to you.
<jdstrand> soren: oh, did you rename it (uvb)? I didn't know it was official
<soren> It's not.
<soren> :)
<jdstrand> soren: well, I doubt the network sutff would be that interesting to you either, but maybe another uncomplicated app might like all this stuff :)
<soren> I imagine uncomplicated live migration will.
<soren> Or uncomplicated directory server.
 * ScottK notes the absence of Server Team from https://wiki.ubuntu.com/TeamReports/June2008 and is glad he's not required to fill it out.
 * jdstrand nods
 * soren glances at mathiaz 
<ScottK> mathiaz: Did you see my latest message to the Server ML on DKIM testing?  I think it would be good as a blog post.
<mathiaz> ScottK: not yet - I'm getting there though.
<ScottK> OK.
<ScottK> Please keep that in mind when you get to it.
<jdstrand> soren: so I guess we need to create a python-ulib package, then put it in LP and collaborate. this is not likely something I can do super quickly, but I could add my ufw stuff to it easily enough. This will need to get a MIR though, since ufw will depend on it
<melter> is there a recommended mail server for ubuntu?
<soren> postfix
<soren> jdstrand: Yeah. It's not super important right now, though, but it's something we could look into when it's slightly more than 3-4 functions.
<melter> how is it decided which options dpkg-reconfigure will set for postfix?
<lamont> melter: postfix's dpkg-reconfigure behavior is generally to take what is in main.cf as the defaults, and then (depending on the debhelper severity setting) either ask or not ask to change them.  If the option is not one of the ones that is in debhelper, then dpkg-reconfigure won't change it
<lamont> if it is, and you change the answer, then postfix will change it in main.cf for you
<melter> i'm guess i'm wondering why, for example, "myhostname" is set explicitly to the hostname that exists at the time of configuration, when the default it for postfix to automatically use the system's current hostname when it starts
<lamont> because the return from gethostname(3) was totally and completely broken at one point
<melter> is it fixed now?
<ilowe> hi guys, I'm having a problem with a preseeded install... my installer just hangs at some point
<lamont> dunno.
<jdstrand> soren: that's cool. I just wanted to broach the subject as dendrobates mentioned doing something like that at some point
<melter> the problem is that when my hostname changes, i have to reconfigure postfix
<soren> jdstrand: Certainly.
<jdstrand> soren: actually, I count 11 in util.py ;)
<lamont> melter: the purpose of the postinst in postfix is to get most people a working mailer config out of the box.  from there, it is assumed that clueful admins will probably tweak main.cf and such, and never run dpkg-reconfigure
<soren> jdstrand: Sure, but at this point there's like 3 or so that we'd be sharing :)
 * jdstrand nods
<lamont> melter: you're welcome to comment out the entry in main.cf....
<lamont> assuming that works for you
<jdstrand> soren: I expect you to use all 11, *now*!
<ilowe> anybody done preseeded installs before?
<lamont> note also that postfix kind of believes that the host tends to have a long-lived name that exists in the DNS
<mathiaz> ilowe: you may wanna try in #ubuntu-installer and specify where it hangs in the process
<ilowe> mathiaz: thanks much
<ScottK> lamont: Now it's just sort of broken.
<lamont> ScottK: sounds about how I remembered it...
 * lamont finds himself continually amazed that people run MTAs on their laptops
<ScottK> I use Postfix on my laptop to relay to one of my real MTAs so reportbug and bts work.
<axisys> i just upgraded the linux-restricted-modules .. do I need to reboot?
<axisys> wish there is some mail alert or syslog alert to let me know that.. already requested that in brainstorm
<lamont> ScottK: ditto although as much for testing as for any real MTA usage - and configured to relay through the home machine, via an openvpn route --> trusted
<lamont> I guess I should really teach my home machine about allowing sasl-authed users to send mail.. :0-(
<ScottK> axisys: Generally if it's a kernel update you do and if it's not you don't.  Reading the security advisories is always recommended and they will tell you if a reboot is required.
<ScottK> lamont: I do it via SASL.
<axisys> ScottK: so it is not like workstation where it just notifies u
<ScottK> No.  Where would it notify you?  Most servers aren't constantly logged into.
<axisys> ScottK: not expecting a gui (since it is a server and not workstation) alert .. but a syslog ot email alert seems needed
<axisys> ScottK: r u kidding? syslog or email are not always on
<axisys> ?
<ScottK> There was some discussion at the last UDS about increased automation of security updates, but I don't recall the details.
<axisys> ScottK: ok.. thnx
<nealmcb> ScottK: Cool message about your DKIM work - thanks!  Sounds like a great blog post
<Blinny> What would cause /etc/cron.daily/apt to take 4 hours to run every night?
<ScottK> nealmcb: Thanks.
<nealmcb> ScottK: I was following DKIM early on during some of the ï»¿discussions about mail list issues  - is there a preferred way to keep good dkim signatures when going thru mailman?  e.g. not mangling the subject line, what to do about appending ml signatures etc?
 * nealmcb should just google again and read the spec :)
<soren> Blinny: DNS failure?
<soren> Blinny: 3 minutes multiplied by number of nameservers multiplied by number of requests apt-get update would have made.
<ScottK> nealmcb: I think the current mailman has some kind of no-mangle setting, but I'm not a mailman admin.
<ScottK> nealmcb: Any change to the body or a signed header field is going to cause a failure.
<nealmcb> ScottK: wasn't there a way to say "only validate the first x bytes of the body" so that signatures could be ignored?  or was that dropped?
<ScottK> nealmcb: It's in the spec, but no one uses it.
<nealmcb> hopefully enough mail agents will guide the user to mail-list-related headers and folks won't need to rely on sigs to explain about unsubscribing, but that will take time...
<ScottK> Mailman also has an option to strip pre-existing signatures.
<ScottK> In theory this shouldn't be needed since broken sig is supposed to be treated just like no signature, but in the real world it's not.
<nealmcb> oh - dkim sigs - yeah - that is complicated also.  who is doing what with broken sigs?
<ScottK> With DK (and so I presume the same will happen with DKIM) I had experience with people bouncing mail to the From address due to a broken sig.
<ScottK> There's no standardized reason to do it, but people grasp at straws.
<michalski> hello, i've had a bug report open for a couple of months now and it seems to have been pushed aside (https://bugs.edge.launchpad.net/ubuntu/+source/ebox-ntp/+bug/222620)
<uvirtbot> Launchpad bug 222620 in ebox-ntp "package ebox-ntp None failed to install/upgrade: subprocess post-removal script returned error exit status 1" [Undecided,New]
<michalski> I was wondering if it would be appropriate to assign it to the ubuntu-server team
<michalski> or if it even is a bug
<mathiaz> michalski: assign no - subscribe yes
<michalski> wilco
<mathiaz> michalski: if you can provide steps to reproduce it it will help
<michalski> thats just the thing, its so random, I go to synaptics and search up ebox, I see that ebox-ntp has residual config that I just want to get rid of, so I mark it as completly remove
<michalski> but it just comes back with that error
<zul> mathiaz: we should really really get the new apache from debian
<mathiaz> zul: yes - I'm working on merging openldap 2.4.10 now
<zul> mathiaz: cool
<zul> want me to take care of apache then?
<nealmcb> michalski: what was the command line?  did you use --purge?
<michalski> let me verify neal
<nealmcb> ahh - synaptics - unusual for a server....
<michalski> hehe :)
<michalski> sudo apt-get remove ebox-ntp --purge =====says its not installed so not removed
<JanC> michalski: did you also test the newer upstream ebox stuff for Ubuntu?
<michalski> the config is still there
<michalski> JanC: no, im just trying to remove ebox
<nealmcb> michalski: that log in the bug has lots of xorg stuff also - seems like a more complicated story....
<JanC> if it's fixed there, that would maybe help to find the issue by looking at the differences...
<zul> mathiaz: please include these patches in the opendldap merge as well http://people.ubuntu.com/~chucks
<mathiaz> zul: the ones in http://people.ubuntu.com/~chucks/ldap/ ?
<zul> yep
<zul> sorry :)
<michalski> im having similar problems with googleearth-4.3 schooltool-2008 virtualbox-ose-modules-2.6.22
<michalski> uninstalled, yet config still there
<zul> the first one was the patch discussed yesterday and the second one fixes the asseriton error  described by that launchpad bug
<ScottK> lamont: Both the hppa buildd's for Intrepid seem to need a kick.
<Blinny> soren: Good guess, but I don't think so - I run a caching nameserver that is a master for local (192.168.0.0/16) addresses
<lamont> infinity: ^^
<Blinny> soren: I can aptitude update & safe-upgrade quick-as-lightnin
<uvirtbot> New bug: #245265 in openssh (main) "package openssh-client None [modified: /var/lib/dpkg/info/openssh-client.list] failed to install/upgrade: unable to make backup link of `./usr/bin/ssh' before installing new version" [Undecided,New] https://launchpad.net/bugs/245265
<infinity> ScottK: Again?  Hrmph.
<nealmcb> michalski: it is curious that it doesn't have more info in the error message - you might try just removing that package again to get a cleaner error report and just post that rather than such a big log.  and look for more debugging output or see what the script is actually running and run that yourself - I just don't know offhand how to do that
<michalski> --->reinstalling ebox-ntp, and others
<michalski> Output while reinstalling:
<michalski> Errors were encountered while processing:
<michalski>  ebox
<michalski>  ebox-objects
<michalski>  ebox-network
<michalski>  ebox-services
<michalski>  ebox-firewall
<michalski>  ebox-ntp
<michalski> E: Sub-process /usr/bin/dpkg returned an error code (1)
<michalski> hold on i'll pastebin it this goes way back
<michalski> http://pastebin.com/d39554793
<nealmcb> hmm - why did you reinstall?  seems like it would make it harder to debug the uninstall
<michalski> reinstall could recreate some dependencies that it might have needed to uninstall?
<michalski> its giving me the same errors while removing again
<michalski> oh and just to note the reason I have synaptic and a GUI installed is because this is my laptop, my server has no GUI. I always test out new apps before putting them on my server
<zul> mathiaz: actually apache can just be synced again
<uvirtbot> New bug: #245276 in apache2 (main) "Please sync apache apache-2.2.9-3 from debian unstable" [Undecided,New] https://launchpad.net/bugs/245276
<jdstrand> zul: did you/are you planning to apply http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r1=1.120&r2
<jdstrand> =1.121&hideattic=1&sortbydate=0 ?
<jdstrand> zul: it's the openldap DoS
<zul> jdstrand: for intrepid?
<jdstrand> zul: yeah
<zul> jdstrand: mathiaz was doing the merge right now
<jdstrand> zul, mathiaz: the above commit is apparently bad and been reverted upstream
<zul> jdstrand: good thing we didnt include it then :)
<jdstrand> zul, mathiaz: http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c (rev 1.122)
<zul> yeah I didnt touch that patch I would have wanted feedback first
<jdstrand> ok-- it sounds like 1.122 is ok
<jdstrand> I don't know though, I haven't actually tested anything-- just passing along what I've heard ;)
<zul> :)
<michalski> must go cya
<mathiaz> jdstrand: are you doing a security update for hardy ?
<AnRkey> i am remotely ssh'ed in to a box that I need to conf. eth1 and eth2 both have the exact same network config, why I don't know. I need to know which interface my connection is using. Is there a way to see this? I have tried tracepath already and I can't see any interface info. Man tracepath is not much help either.
<mathiaz> jdstrand: I'm refering to the openldap cvs commit you've mentionned above
<nealmcb> michalski: thanks - it would help if you can add those updates to the bug, and try asking on #ebox
<nealmcb> AnRkey: what does route -n say?
<Blinny> AnRkey: tcpdump? Or push a file to it and watch Rx/Tx grow
<AnRkey> brb
<AnRkey> Blinny, i like your idea and I think it will help me ID cards in the future :D
<AnRkey> nealmcb, here is the pastebin link >> http://paste.ubuntu.com/24783/
<AnRkey> nealmcb, i am connected via the 196 ip
<jdstrand> mathiaz: not today-- I just cam across that on oss-security
<nealmcb> AnRkey: yeah - Blinny has a good approach.  odd situation
<AnRkey> nealmcb, yeah Blinny's approach worked with some reading
 * Blinny flexes
<AnRkey> i did this for eth1 and eth2
<AnRkey> sudo tcpdump -c 20 -i eth1
<jdstrand> mathiaz: zul mentioned the DoS to me, so I wanted to make sure the previous/bad patch wasn't used
<nealmcb> Blinny: lol
<AnRkey> Blinny, you should have been more convincing :P
<Blinny> Bah!
<AnRkey> I learned three nice tips today
<AnRkey> i so love ubuntu
<AnRkey> my life is sooooo easy now
<AnRkey> i am working on a box 1500km away and I have never met the owner or the contractor that I am sub contracting to :P
<mathiaz> jdstrand: allright - I'm not sure I'll include it today though
<mathiaz> jdstrand: FYI, I'm about to upload 2.4.10 with make tests enabled \o/
<mathiaz> jdstrand: now it takes around 2 hours to build openldap
<HomesickA> hey, anyone installed pvpgn on ubuntu before?
<zul> mathiaz: ergh...all the tests pass or are some still disabled?
<AnRkey> I will have to give Blinney credit for this when I post to my blog about it :P
<AnRkey> i have so many uses for this
<jdstrand> mathiaz: re make test> \o/, re 2 hours> icky
<mathiaz> zul: good question - I don't know - debian enabled the test in 2.4.10-1
<mathiaz> jdstrand: I've added support for the nocheck debuild option
<mathiaz> jdstrand: so that you can build the package without running the tests
<jdstrand> mathiaz: that's cool
<ScottK> I'd appreciate it if someone could give me a tutorial on how tasksel works.  As an example, the phrase dovecot appears nowhere at all in the package, but both pop and imap are in the mail-server task.
<mathiaz> ScottK: the list available tasks is computed from the seeds
<ScottK> Ah.
<ScottK> So I need to look there too.
<ScottK> OK.
<mathiaz> ScottK: in order to add a new task, we have to add it to the seeds and then rebuild tasksel
<ScottK> Right.
<ScottK> Let me tell you what I was thinking ...
<ScottK> The server flavor spec isn't happening for Intrepid.
<ScottK> So we do the best we can with tasksel.
<ScottK> What if instead of one mail server task we had two:
<mathiaz> ScottK: http://bazaar.launchpad.net/~ubuntu-core-dev/ubuntu-seeds/ubuntu.intrepid/annotate/1295?file_id=mailserver-20070919110458-uemtbuz83qwix5rc-1 - this is where pop and imap are being pulled in
<ScottK> 1. mail-server-delivery which would be ~ the current mail-server task.
<ScottK> 2.  mail-server-filtering which would not pull in the delivery agent, but would have postfix, amavisd-new, spamassassin, and clamav.
<mathiaz> ScottK: hm - I think it would clutter the install a little bit
<ScottK> The admin installing would still have to configure stuff, but there's 3 good use cases.
<mathiaz> ScottK: what about using meta-packages instead ?
<ScottK> Can't do it during install then.
<ScottK> mail-server-delivery would be good for an internal MDA, mail-server-filtering would be good for a border relay, and mail-server-filtering + mail-server-delivery would be good for a single level architecture.
<zul> mathiaz: got a changelog somehwere?
<mathiaz> ScottK: right - I think that these are 3 valid use cases. However I wonder if all 3 of them should be available at install time
<zul> im curious
<mathiaz> zul: you can probably look up the changes in debian svn repository
<zul> mathiaz: point taken
<ScottK> If the goal is to make things more useful essentially out of the box, then I think yes.  If not, you may as well do away with the mail-server task entirely and switch to metapackages.
<mathiaz> ScottK: right - I'm still not convinced that tasksel and the installer is the right place to do that
<ScottK> mathiaz: Fundamentally I agree that tasksel is not sufficiently scalable for our needs.  Unfortunately we don't have a great plan B that we are doing.
<mathiaz> ScottK: providing meta-packages for the first two scenarios and a tasksel for the third seems good to me
<nealmcb> it brings up the question of how to deal with lots more tasks in tasksel (or flavors) at some point, as we move more towards appliances and lots of options
<nealmcb> which we've talked about before
<ScottK> Yep
<mathiaz> nealmcb: exactly - I think we all agree on that
<ScottK> So far we have one solution that is technically and policy doable, but it's not approved.
<ScottK> mathiaz: I'm going to get extremely frustrated if the answer is dendrobates doesn't approve flavors and you don't approve more tasksel.
<nealmcb> what does "approved" imply here - that the team agrees that it is the right way to go? that it would make it into main? or that development is funded?
<ScottK> Approved means at the very least he marked approved on the spec.
<ScottK> Funded would be awesome, but it's far too disruptive a concept to put in the archive without an approved spec.
<mathiaz> ScottK: the reason I'm raise concerns about more tasks to tasksel is because of clutter
<ScottK> mathiaz: I understand the concern.
<mathiaz> ScottK: I wouldn't want to have a list of 20 things a newbie can install
<ScottK> I think the solution to the concern is a different way, but we have to suck up the clutter in the meantime or we stop progressing.
<nealmcb> sure, but I can imagine various interpretations of that, and it isn't clear to me - I guess the flavors spec would be part of main by definition, so you mean more or less "we'd take it if it were implemented"?
<mathiaz> ScottK: to go back to your specific proposal, IMO mail-server-filtering and mail-server-delivery are very specific tasks
<ScottK> That's true.
<ScottK> My first thought had been mail-server with just Postfix and then those two for add-ons.
<mathiaz> ScottK: someone that can make the difference between the two already has a good knwoledge about the system (ie senior sysadmin)
<ScottK> So maybe we need better names.
<mathiaz> ScottK: these people are not looking at tasksel - you could point them to a meta-package
<ScottK> So why do we have any tasksel?
<mathiaz> ScottK: IMO it's junior sysadmin that are using the choices in tasksel to install general purpose systems
<ScottK> We have tasksel for SSH that installs one package.
<ScottK> That's using a cannon to ring a doorbell..
<mathiaz> ScottK: correct - that's because a lot of people are doing this at install time.
<ScottK> If the mail server task has no spam filtering (as now) it's only useful for internal delivery without a lot of adding.
<ScottK> So what you have now is a config that only serves a very narrow market.
<mathiaz> ScottK: correct - now that we plan to have spamassassin in main, we can add it to the mail server task
<ScottK> OTOH, all in one, with the spam filtering only caters to the SOHO market.
<ScottK> You don't have to be very big before wanting a two tier architecture.
<mathiaz> ScottK: correct - and that's the market/end user tasksel targets
<ScottK> By supporting two tier, you get into the more mid-size range where people are more likely to buy support contracts.
<mathiaz> ScottK: that's true - once you moved to a two tier archicture, we could assume that the end user is more knwoledgeable
<ScottK> But Canonical gets the money for that, so whatever.
<mathiaz> ScottK: I'm all in favor to provide also a way to support a two tier architecture
<mathiaz> ScottK: which would be your mail-server-delivery and mail-server-filtering proposal
<ScottK> Yes.
<mathiaz> ScottK: that's why I'd suggest to have meta-packages for the mail-server-delivery and mail-server-filtering (because we can assume that the end users knows about meta-packages)
<ScottK> And then selecting both gives you single tier architecture.
<mathiaz> ScottK: and use the mail-server task to cater for the single tier architecture
<ScottK> Then I REALLY think we need to remove the mail-server task.
<ScottK> It will really confuse people to do it at install if you want one type of install and do it later if you want another.
<ScottK> Not Ubuntu at all.
<AnRkey> how can i make ubuntu redetect and assign all network interfaces again?
<ScottK> AnRkey: Presumabley sudo sh /etc/init.d/networking restart would do.
<AnRkey> ScottK, eth0 is not being picked up
<mathiaz> ScottK: correct - but we run into some usability issues with tasksel then
<AnRkey> ScottK, it works with another ubuntu install on another drive
<ScottK> mathiaz: Yes.  There is no single perfect answer.
<ScottK> mathiaz: I can see either tasksel or meta packages, but not both.
<mathiaz> ScottK: that's why I suggest to provide meta-packages for -filtering and -delivery and then provide a mail-server task that pulls in both meta-packages
<ScottK> mathiaz: What we really need in tasksel is server-basic and server-full.
<ScottK> mathiaz: Which leaves the confusion about doing it at install or post install depending on what you want.
<ScottK> I think that's very bad.
<mathiaz> ScottK: hm - I would view that from the target end user perspective
<mathiaz> ScottK: junior sysadmin/non-techis -> tasksel - advanced sysadmin -> apt-get install meta-package
<ScottK> I don't think it'll go like that.
<ScottK> I think even on the advanced system the junior guy will do the work, just that a senior admin will have told him what to do.
<ScottK> I think it's much better to be able to say in the server guide one way to do it.
<mathiaz> ScottK: true
<ScottK> mathiaz: Handle it however you want, but this resistance is honestly really affecting my motivation level.
<AnRkey> ScottK, is there a way to get ubuntu to redetect the cards and start from scratch? Reloading the network cards is not picking up the card
<ph8> AnRkey:  It's not being detected as eth1 or eth2 by accident or anything is it?
<ph8> what's lspci say?
<mathiaz> ScottK: I see your point - I'd ask cjwatson what he thinks about it - he's one of the tasksel author and part of the installer team.
<mathiaz> ScottK: He may have another idea on how to tackle this problem.
<ScottK> mathiaz: In the tasksel man page I did see some hints about hiding some tasks by default.  It might be extensible to revealing subtasks if a primary is selected.
<ScottK> mathiaz: Thanks for looking into it.
<mathiaz> ScottK: yes - that's another thought I had in this discussion - there are more tasks defined than the one you see in the server install
<AnRkey> ph8, no
<mathiaz> ScottK: so may be we can add new tasks, but hide the ones we don't want to be available at install time
<AnRkey> ph8, hmm
<AnRkey> brb
<mathiaz> ScottK: the other interesting part is that tasksel can be called on the command line
<ScottK> It'd be even cooler to be able to show subtasks at install time once a primary task was selected.
<ScottK> Unfortunately my Perl is non-existant, so I've got no code even potentially offer.
<mathiaz> ScottK: right - I think we discussed that with cjwatson during the last UDS and there are some issue with the UI IIRC
<mathiaz> ScottK: and the way d-i works
<AnRkey> ph8, ScottK, sorry for being a tard. I have just realised that the config for that interface has been commented out by a "special" person
<ScottK> ;-)
<ScottK> There's always a reason.
<AnRkey> ph8, i have had cards that have been detected as eth1, 2 and 3 before too so I checked that like 3 times
<AnRkey> thanks though
<AnRkey> ScottK, ph8, is there a way to get the card redetected as eth0 if it's somehow moved to say eth1, 2 or 3? (just for interest sake)
<ph8> yes
<ph8> /etc/udev/rules.d
<ph8> something*persistent_rules
<ph8> it's got persistent_rules in the filename somewhere
<ph8> might be Z70*
<ScottK> IIRC restarting networking (as I suggested earlier) should do it if there is an appropriate config in /etc/network/interfaces
<ph8> it designates eth0/1/2/3 based on the card's mac address AnRkey
<AnRkey> where is that config stored?
<AnRkey> common, it must be somewhere... I WILL FIND IT :P
<ScottK> AnRkey: /etc/network/interfaces
<AnRkey> ScottK, then how does eth0 become eth1, 2 or 3 on my boxes?
<ScottK> Looks like you find it in udev/rules.d/70-persistent-net.rules
<android6011> im looking to add a wap proxy to my server, is there something i can install to do this or do you have any ideas?
<ScottK> mathiaz: To support your discussions with cjwatson, here is what I would suggest http://paste.ubuntu.com/24804/
<Squark> Hello there!
<Squark> Got some questions about Webmin.
<Squark> Is there anyone willing to help me, please?
<FreeSoft> spanish?
<Squark> No.
<ropetin> Squark: Everyone is willing to help, if you ask the question!
<Squark> Okey, true. Almost forgot about the question part. :)
<FreeSoft> spanish?
<FreeSoft> never
<Squark> So, I've set up Webmin backup module..
<Squark> to send me an email everytime a backup is made to a remote host.
<Squark> The server with Webmin installed does not have any MTA server installed.
<Squark> So I've set up mta-relaying with SSMTP.
<Squark> But still, Webmin doesnt send me email reports.
<Squark> Really don't know what to do.
<jpds> !webmin | Squark, have you seen this:
<ubottu> Squark, have you seen this:: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<Squark> Huh.
<Squark> No, havent seen it.
<Squark> But the .deb package can be downloaded on the offical Webmin page.
<jpds> !ebox | Squark
<ubottu> Squark: ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<Squark> okej, gonna check it out.
<lukehasnoname> I haven't used ebox
<lukehasnoname> I just remember liking Webmin a lot
<Squark> Me also.
<Squark> Nice administration tool.
<Squark> i can't believe it is not supported on debian and debian like distributions.
<lukehasnoname> Don't quote me on this (I hear I give bad advice) but it has to do with how the two programs handle config files
<lukehasnoname> I BELIEVE ebox has its own config files that won't mess with the system's
<ScottK> Squark: It used to be, but it was removed.  ebox is supposed to be more reliable, but I've used neither.
<Squark> Webmin has been around for quite some time. Never heard about ebox, but will check what it offers.
<ScottK> mathiaz: Since I've gotten no uptake on my mail about please test amavisd-new stuff, I'd really appreciate that in a blog post.
<lukehasnoname> Squark: People seem to like ebox, so give it a shot, I say.
<Squark> the eBox version released with Ubuntu 7.10 (Gutsy Gibbon) has several bugs that severely limit it's usefulness
<Squark> Im somehow sceptical about this thingy. :)
<Squark> Are there anymore alternatives to Webmin?
<lukehasnoname> Netdirector?
<lukehasnoname> But I tried installing it unsuccessfully
<lukehasnoname> btw 7.10 was 8 months ago
<lukehasnoname> if you're running 8.04 I doubt those same problems are present. If you have 7.10, you could check the backports, or install the package from ebox's site.
<Squark> yeah, but this project is still very young and doesn't have all the features Webmin does.
<lukehasnoname> then use webmin
<lukehasnoname> from the site
<lukehasnoname> I don't know what to tell you. Netdirector might be too much or not the right fit, ebox is the preferred tool, and webmin is still available
<lukehasnoname> I'm out, ttyl
<Squark> lukehasnoname: thanks for your answers.
<CaptObvious> I have a weird situation
<CaptObvious> I've basically figured out I'm pretty much screwed
<CaptObvious> but I was just wondering if any of you guys could come up with a creative solution
<CaptObvious> I have a box running ubuntu server that I have recently edited the fstab on
<CaptObvious> I added an invalid argument by accident and rebooted
<CaptObvious> as such, it's mounting / as ro on boot
<CaptObvious> well, more like the remount to rw is failing
<CaptObvious> the only access I have to the box is via ssh but for some reason it won't authenticate via sudo or su with a ro root filesystem
<CaptObvious> if I could get a root shell I could fix it, I just don't know how to get it to authenticate su or sudo while the root partition is ro
<CaptObvious> any ideas?
<Squark> Without physical access to the computer you cant do much, i think.
<CaptObvious> well, it's sat under my desk
<CaptObvious> but the only keyboard I have prevents the machine from booting when connected
<CaptObvious> I don't think the BIOS likes the USB hub in the keyboard
<CaptObvious> and I don't have any optical drives for it
<CaptObvious> I pretty much need a new keyboard don't I?
<Squark> Hum, I think so.
<CaptObvious> wish I had another machine I could hook the drive up to and edit the fstab in there
<CaptObvious> but my only other machine is a laptop
<CaptObvious> that's a bit of a bad design isn't it?  not letting sudo authenticate if the root filesystem is read-only?
<Squark> If I'm correct Ubuntu with read only set on root partition can't fully boot. So you are left in a bash like console in the middle of boot process.
<Squark> Without keyboard you are pretty much screwed, as you already realized.
<CaptObvious> it boots finer
<CaptObvious> fine*
<CaptObvious> just has a ro root filesystem
<CaptObvious> I can't log in locally, but I can log in via ssh
#ubuntu-server 2008-07-04
<moan> espaÃ±ol alguien?
<ryanakca> eGroupWare is unmaintained in Debian :/
<ryanakca> gah, my bad
 * ryanakca stops talking
 * delcoyote hi
<spiekey> hello!
<spiekey> i am trying to fetch mails from a pop3 server like this: poll server.com protocol POP3 user "POPUser" password "secret" is "LocalDestinationUser" fetchall
<spiekey> it fetches the mails, but i have no idea where they are going to
<LTSPTNK> Hey! I heard that here might be some ppls who might have a clue in integrating Ubuntu machine/machines to AD domain?
<LTSPTNK> I'm using Ubuntu 8.04 as LTSP server and having little problems with AD integration
<LTSPTNK> ill get back to topic at monday :)
<soren> spiekey: Er... Is the fetchmail or some such?
<spiekey> yes, fetchmail
<spiekey> i think i have the error...
<spiekey> ls -alh /var/run/cyrus/socket/lmtp
<spiekey> srwxrwxrwx 1 root root 0 2008-07-03 19:25 /var/run/cyrus/socket/lmtp
<spiekey> BUT the logs say: postfix/lmtp[25726]: 3219149BD: to=<suxx@localhost>, relay=none, delay=0.07, delays=0.07/0/0/0, dsn=4.4.1, status=deferred (connect to server.com[/var/run/cyrus/socket/lmtp]: No such file or directory)
<spiekey> solved it. ;)
<HomesickA> hello
<venil> hi, how do i upgrade to 8.04.1 if i have 8.04 installed, is it just apt-get upgrade?
<soren> venil: Yes.
<venil> how safe is it, how likely is it for something to go wrong, this is a live server
<zul> should be fairly safe
<soren> Hard to say... I'd say "not very likely" since it's been tested a lot,
<venil> thanks zul, soren
<pgquiles> how do I enable big inode support in ext3? I want 1ns date resolution instead of 1s date resolution
<zul> soren: there is a new versin of rsync I was going to merge it
<soren> zul: Have fun
<uvirtbot> New bug: #245493 in samba (main) "sharing a folder reports permission issues in Hardy Heron (32 bit)" [Undecided,New] https://launchpad.net/bugs/245493
<veo-d2> Hello
<veo-d2> I just have a question, could anyone get a webhosting control panel to work with lighttpd(fast-cgi_php5) with ubuntu server? thanks
<veo-d2> most of supported ones want me to use apache again
<pgquiles> in August
<pgquiles> oops wrong channel :-)
<ViPER^-> Howdy!
<ViPER^-> I got a small problem when trying to compile xbtt. I compiled it yesterday using an svn source but that version didnt work with the tracker software i was going to use so i downloaded a new svn source of xbtt but when i try to run an sudo ./make.sh it sais the command doesnt exist. Why is that?
<spiekey> ViPER^-: what command does not exist?!
<spiekey> can you paste the full output at pastebin.com ?
<spiekey> soren: any idea how i install de_DE.UTF-8 locale on hardy?
<spiekey> i get: Locale: de_DE.UTF-8  	BAD  	Locale not available
<soren> ViPER^-: What's xbtt?
<soren> spiekey: Install language-pack-de, perhaps?
<emgent> soren: i think Extended BitTorren
<emgent> soren: http://xbtt.sourceforge.net/
<soren> ViPER^-: I don't see how this is relevant here?
<soren> ViPER^-: Ask the xbtt guys, I'd say.
<spiekey> soren: damit...still getting this error. I guess i have to reverse engineer it :-/ http://pastebin.com/m1858895c
<soren> spiekey: Install that package, and then dpkg-reconfigure locales. What's the output?
<spiekey> http://pastebin.com/m3f1cc5e7
<soren> That looks good.
<soren> Where do you get the error, you say?
<spiekey> soren: within group-e, a php application. Line 12 causes this error.
<soren> spiekey: I don't really know, I'm afraid.
<spiekey> soren: no problem. I dont think its ubuntu related anymore :)
<monsieurledan> hi, really stuck with samba. have been following http://linuxgazette.net/105/price.html and http://www.howtoforge.com/ubuntu-home-fileserver-p3 to build a fileserver for a winblows network.
<monsieurledan> i can't set up smbpasswd, create a user for samba and assign it a password
<monsieurledan> hold on... i think i've got it. id10t error.
<monsieurledan> i've just got to say _wow_ likewise-open is one hell of a package. it just solved literally all of my AD problems
<Koon> monsieurledan: great !
<monsieurledan> :D
<monsieurledan> now i have it figured out, i can commit to installing all this on the actual server and wipe this test box again
<ViPER^-> soren, why it should be relevant here? It may have something to do with ubuntu server or it can be the xbtt source.
<ViPER^-> But i solved it by chmod the make.sh file to 777
<soren> ViPER^-: It couldn't have anything to do with Ubuntu Server, no.
<soren> Ubuntu perhaps. Ubuntu Server, not so much.
<karlito> hi, just install apache2 and php5. got problem with my include in my php script. it display a http 500. This same site display well on a other server. I think it configuration related. hard link work well,  but relative link bug my website display. any ideas ?
<uvirtbot> New bug: #236642 in debian-installer (main) "unable to get iSCSI prompt without physical disk present in hardy-server (dup-of: 237460)" [Undecided,New] https://launchpad.net/bugs/236642
<moan> espaÃ±ol alguien
<moan> ?
<ryanakca> !es > moan
<ubottu> moan, please see my private message
<moan> ubuntu server has not spanish room...
<moan> :(
<nxvl> mathiaz: around?
<mathiaz> nxvl: yop - how can I help you ?
<nxvl> mathiaz: i just wanted comments/suggestions about the list of services
<nxvl> mathiaz: in case i miss one
<nxvl> mathiaz: or i listed services we don't want
<mathiaz> nxvl: I'll get to your email a bit later today
<mathiaz> nxvl: and I'll have a look at your list
<nxvl> mathiaz: ok, thank you!
<nxvl> mathiaz: it is just about preparing the next step (comments on what i have already)
<nxvl> nijaba: ping
<nxvl> mathiaz: btw, did you think it would be better to package the perl/python bindings now, or after the lenses are ready?
<nxvl> i think after
<mathiaz> nxvl: I would focus on writing lenses first
<nxvl> yep, i think the same
<nxvl> \o/
#ubuntu-server 2008-07-05
<nijaba> nxvl: late pong
<nxvl> better later than never
<nxvl> nijaba: did you saw my e-mail?
<nijaba> nxvl: I saw one earlier today
<nxvl> nijaba: i send it yesterday night (really early in you tz), so must be it
<nxvl> s/you/your/g (i have CGI:IRC clients)
<osmosis_> apt-get install phpmyadmin  works pretty well, but i feel like I should really have SSL turned on for that too. I haven't found out how to do that. Tips?
<d1dk0> hi all
<d1dk0> can someone help me with one 6.06 drama
<d1dk0> today i install it on 1 old pc - pentium 2 / 256 mb ram
<d1dk0> + LAMP
<d1dk0> after instalation with started apache and mysql i hat ~ 100mb ram used
<d1dk0> after apt-get upgrade i have used ~ 250 mb
<d1dk0> someone pls? :)
<Kamping_Kaiser> d1dk0, what exactly is the problerm?
<d1dk0> i can't see what use these 200 mb ram with stopped apache and mysql
<d1dk0> nothing else installed
<hads> Try top
<d1dk0> no one process use more than 1% mem
<d1dk0> summary ~ 20%
<d1dk0> Mem:    255868k total,   233696k used,    22172k free,    15328k buffers
<d1dk0> Swap:   297160k total,       84k used,   297076k free,   179084k cached
<d1dk0>   PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
<d1dk0> 12329 root      15   0  2188  984  768 R  1.9  0.4   0:00.04 top
<d1dk0>     1 root      16   0  1564  532  460 S  0.0  0.2   0:03.60 init
<Kamping_Kaiser> free is proably mroe useful info wise
<Kamping_Kaiser> but the key thing to note is 179084k cached 15328k buffers
<d1dk0> free
<d1dk0>              total       used       free     shared    buffers     cached
<d1dk0> Mem:        255868     233696      22172          0      15348     179064
<d1dk0> but i have nothing started / installed
<d1dk0> i install ubuntu before few hours
<Kamping_Kaiser> same as what i said before: look at buffers and cached
<Kamping_Kaiser> `free -m` will give you in mb instead of kb btw
<d1dk0> tnx
<d1dk0> it is possible to clear the cache?
<Kamping_Kaiser> why would you want to?
<hads> RAM being used is a good thing.
<d1dk0> because in clear installation /without apt-get upgrade/ i hat used only 100mb ram
<hads> http://forums.gentoo.org/viewtopic.php?t=175419
<d1dk0> tnx! (beer)
<d1dk0> nice :D
<akuma55> hello im new to ubuntu server i got a question
<akuma55> whats the commant to reboot
<akuma55> ?
<erichammond> akuma55: reboot
<akuma55> what the comman to be root
<erichammond> akuma55: sudo reboot
<akuma55> thanx
<erichammond> akuma55: You may need to be in an admin group and it may prompt you for a password
<erichammond> akuma55: (enter your own password)
<akuma55> yeah it worked thanx
<akuma55> i am trying to make a file server can you help me with?
<akuma55> to set it up
<akuma55> im trying to edit /etc/network/interfaces and it wont let me can anybody tell me why
<akuma55> what isn the command to edit it?
<akuma55> can anybody help
<levander> Anybody can recommend a simple to configure mail server that supports ManageSieve and an expire feature?  I'm tired of waiting for dovecot to support these.
<levander> What about just naming some simple to configure mail servers so I can see if they support the features I want?
<Kamping_Kaiser> couer?
<Kamping_Kaiser> *courier
<Kamping_Kaiser> levander, courier?
<hads> dovecot :)
<hads> There's a python managesieve implementation
<levander> Kamping_Kaiser: courier is easy to configure? I've never heard of it before, well maybe heard of it in passing.
<Jester45> is there a good status tool for servers? not a full control panel but to monitor network useage harddrives ram swap
<hads> Monitor how?
<semisonic> Does the Latest Ver of Ubuntu Server work with COmpaq SmartArray
<semisonic> eg DL-380
<elliotjhug> hi all, I'm experiencing an error I'm having difficulty diagnosing with bind, while it is behaving correctly for one of my domains the other is not responding to DNS lookups, what steps are a good way of diagnosing this (ie where do I find logs etc)
<Kamping_Kaiser> usual place afaik - /var/log/{,bind}
<Kamping_Kaiser> or it could simply be syslog (which i think is default)
<Kamping_Kaiser> also try bind*tab* and named*tab* for tools
<elliotjhug> thanks - there's definitely no logs in /var/log - first place I checked - I'll try the other two
<Kamping_Kaiser> iirc it logs to syslog by default (i used one of the spare syslogd log things to log into a seperate file)
<elliotjhug> yeah - disocered a nice set of errors here
<elliotjhug> hmm, giving me a 'bad dotted quad' error on one of my lines.. but that line has worked perfectly well in the past
 * Kamping_Kaiser puts a cross in 'tech support bingo' square "but it worked previously"
<elliotjhug> sorry - I know, found the problem, so it can't have worked previously - cos the IP address is set to start with 912 - which can't be right. Hopefully this should fix it
<Kamping_Kaiser> hehehe
<jackli> oftc.net
<jackli> irc://oftc.net
<Kamping_Kaiser> o_0
<Deeps> i keep typoing that as otfc
<Deeps> too much football
<Kamping_Kaiser> can someone remind me what the pam module for running arbitary scripts is called?
 * delcoyote hi
<ctx144k> hello all
<ctx144k> when ill try ubuntu-server installation (8.0.4.1) i get after some secounds the follow message:  http://rafb.net/p/Gsj47698.html
<ctx144k> anyone have an idea what i can do?
<ctx144k> i tried disabling DMA on CDRom ...
<ctx144k> (in bios)
<Orfeous> hi everyone!
<Orfeous> i am thinking of installing ubuntu server instead of debian that i always have been running as server for many years
<Orfeous> is it recommended?
<lukehasnoname> Orfeous: Ubuntu is nice, but does it offer something Debian doesn't, for you?
<Orfeous> lukehasnoname: hmm.. just little more plug n play :P
<Orfeous> i mean ubuntu sets up everything with loadable modules that doesnt debian do as default
<Deeps> urr, it does?
<Deeps> the main differences i see between debian and ubuntu is ubuntu has newer packages and worse ipv6 support
<Orfeous> i dont use ipv6 either
<PittCaleb> Looking for some help with courier/imap issues on fresh install of ubuntu server, any takers?
<lilgeekshop> Is there any program to change or hide  your IP in Ubuntu???
<ScottK> Orfeous: I've used Ubuntu Server for two years now and it's served me well.  The real question is do you need newer packages than you can get in Etch (at the time I needed newer stuff than I could get in Sarge).
<ScottK> Ubuntu Server also has tools to make integration with Active Directory and setting up VMs easier that Debian lacks (those use cases aren't important for me, but they may be for you).
<levander> What's the command to get the status of your wifi card?  It's similar to ifconfig...
<Nafallo> iwconfig
<levander> Nafallo: that was it, thanks
<lukehasnoname> Is there any official changelog for the point release?
<ScottK> lukehasnoname: The point release is just the sum of all the updates so far, so not really.
<lukehasnoname> ScottK: Ya, I knew that, I was just wondering if it had been logged. It isn't too important; I was curious. Thanks though.
<nxvl> soren: ping
<uvirtbot> New bug: #245893 in openvpn (universe) "openvpn update-resolv-conf script does not support multiple domain" [Undecided,New] https://launchpad.net/bugs/245893
<ctx144k> hello all. is there a way to get ubuntu-server 8.04 (not version 8.04.1)?
<owh> ctx144k: Install it from CD without an active Internet connection.
<jjesse> ctx144k: from releases.ubuntu.com?
<jjesse> http://releases.ubuntu.com/8.04/
<ctx144k> jjesse, first line?
<jjesse> ctx144k: the server cd?
<ctx144k> i have kernel-problems with 8.04.1 - with 8.04 i havent
<ctx144k> yes
<Orfeous> now my ubuntu server is up and running :P
<ctx144k> owh, i need an image with older kernel
<Orfeous> ctx144k: define "kernel problems" what doesnt work?
<jjesse> hrm never mind the links all go to the same page
<ctx144k> ata - initialisation doesnt work... one moment ill write down to nopaste
<ctx144k> http://rafb.net/p/EiQwFm84.html
<ctx144k> ATA1.0 is cdrom... so my system doesnt know my cdrom
<ctx144k> a friend have same problems after upgrading kernel(aptitude distupgrade from 8.04 to 8.04.1) with his sata-controller
<Orfeous> why distupgrad when it worked? :)
<ctx144k> ... no fucking comment ....
<ctx144k> anyone knows where to get v8.04?
#ubuntu-server 2008-07-06
<freaky[t]> what is the best wiki software? oO
<nxvl> depend on you needings
<nxvl> i prefer docuwiki
<nxvl> your*
<nxvl> is light but id hasn't a lot of features
<Orfeous> hmm..
<Orfeous> going back to debian i think
<freaky[t]> nxvl: ok im currently looking at tikiwiki
<akuma5> can some one help me setup a file server
<akuma5> anybody in here
<akuma5> can some one help me config samba for my file server?
 * delcoyote hi
<LMJ> hello the chan
<ctx144k> hello all. is there a way to get ubuntu-server 8.04 cd-image (not version 8.04.1)?
<erichammond> ctx144k: How about this? http://mirror.csclub.uwaterloo.ca/ubuntu-releases/8.04/
<erichammond> ctx144k: You can find other mirrors here: http://www.ubuntu.com/getubuntu/downloadmirrors
<ctx144k> erichammond, that is 8.04.1 Â°
<ctx144k> !
<erichammond> ctx144k: Never mind. That's 8.04.1too
<ctx144k> i need 8.04 image, cause i have kernel-prblems with 8.04.1
<ctx144k> while initialisaion of cdrom i get the follow messages: http://rafb.net/p/Gsj47698.html
<ctx144k> after some minuts ill get the language-menu, the system cant find the cdrom
<ctx144k> with ubuntu8.04 i havent any problems
<RaceCondition> how can I disable the sending of those everyday "Re-opening all log files" e-mails from my Ubuntu 8.04 box?
<exot> hello, I'm trying to debug LDAP authentication by SugarCRM, how can I know if there are ldap packets come to my LDAP server, iptables or sth ?
<Deeps> tcpdump?
<akuma5> when i put in this command     gksudo gedit /etc/samba/smbusers     i get    (gksudo:4717): Gtk-WARNING **: cannot open display:
<akuma5> can someone tell me why
<erichammond> akuma5: What does this give you: echo $DISPLAY
<erichammond> akuma5: (probably nothing?)
<akuma5> nothing
<erichammond> akuma5: You are in a shell without a display.  Is it local or remote?
<akuma5> putty
<akuma5> remote
<erichammond> akuma5: I doubt you'll be able to use X clients like gedit if you are on a Windows box.
<akuma5> oh
<erichammond> akuma5: but I'm not a Windows user, so I don't know if there is a way to do that.
<akuma5> it try it local that
<erichammond> akuma5: Alternatives might include using a terminal editor like "vi" or "pico" (the latter probably better for non-experts).
<akuma5> what about nano
<erichammond> akuma5: Sure.  I'm an emacs and vi user so I'm not familiar with all the other options that have come out in the last couple decades :)
<erichammond> akuma5: Also, you would use "sudo" instead of "gksudo" so: sudo nano /etc/samba/smbusers
<erichammond> akuma5: Apparently on Ubuntu, pico is nano
<Deeps> nano and pico are essentially the same
<Deeps> one has less restrictive licensing than the other
<Deeps> similar to the way mpg123 and mpg321 provide essentially the same functionality and usage options, just one is "freer" than theo ther
<akuma5> nano work but its empty
<akuma5> http://ubuntuguide.org/wiki/Ubuntu:Feisty#How_to_install_Samba_Server_for_files.2Ffolders_sharing_service
<akuma5> im trying setup a file share server with samba
<akuma5> is there a way to do it around that command
<erichammond> Do you have /etc/samba/smbusers ?
<akuma5> no
<akuma5> i just checked with lynx
<erichammond> akuma5: I think it starts out empty.  You add your users to it.
<akuma5> yeah it does sorry did not see when it said that in the tutor
<akuma5> what would be the command to mount sda1
<exot> hello, do anybody used LDAP authentication in sugarCRM ?
<erichammond> akuma5: Hm, that sounds like a dangerous question :)  What makes you think you need to "mount sda1" ?
<akuma5> i mean sda2
<akuma5> <erichammond> sorry about that
<erichammond> I'm in the middle of an upgrade from 7.04 Feisty to 7.10 Gutsy (with the intent of getting to 8.04 Hardy) when the server got wedged.
<erichammond> Last message: Installing new version of config file /etc/init.d/glibc.sh ...
<akuma5> oh
<erichammond> I think I'm in serious trouble.
<akuma5> hope not
<erichammond> I'm going to try a reboot unless anybody can think of something better to try.  I'm afraid it won't come up with a new libc and old everything else.
<akuma5> <erichammond> did you fix your problem
<erichammond> akuma5: The system can't complete a boot.  I'm going to pick up a new drive in the morning, install Hardy on it, and restore from the old drive/backups.
<akuma5> oh
<akuma5> <erichammond> i am trying to mount sda1 and make it auto mount if i have to reboot do you know what i have to do
<ctx144k_> which little mail-server should i install? postfix is to big, i wanna only sending some mails out (status-mails, for example when crashing an application)
<mralphabet> ctx144k_: mail?
<mralphabet> !mail
<mralphabet> ^mail
<uvirtbot> mralphabet: Error: "mail" is not a valid command.
<ubottu> mail is another medium to communicate. Ubuntu mailinglists can be found at http://lists.ubuntu.com
<mralphabet> hmm
<mralphabet> ^mta
<uvirtbot> mralphabet: Error: "mta" is not a valid command.
<mralphabet> bah
<mralphabet> ctx144k_: mailutils - includes mail which is a tiny mail sender
<ScottK> ctx144k_: Postfix by itself is not very big.
<freaky[t]> is there any home channel from tikiwiki? im going crazy i never find anything i want to enable. i enabled the polls module now i dont know where to put it on the right sidebar im going crazy this is the 3rd time now this thing is crazy
<freaky[t]> oh
<freaky[t]> i use crazy too often
<freaky[t]> im german sorry ;p
<mralphabet> http://tikiwiki.org/ConnectingToIrc
<freaky[t]> thanks
<freaky[t]> :D
<MatBoy> hey guys ! on asterisk-gui I always get:
<MatBoy> For some reason, I could not grab scan.html, is the misdn-init tool installed?
<MatBoy> which is installed
<MatBoy> is this something different to install in Ubuntu ?
<osmosis_> i just installed cacti for the first time. how do I setup my snmpd.conf file ?
<osmosis_> should I be using snmp version 2 or 3 ?
<SliMM> hello
<SliMM> what is AppArmor?
<osmosis_> how should I configure my  /etc/snmp/snmpd.conf  file?
<brightwebworks> Is there a good front-end for Apache2?
<Nafallo> squid? :-)
<brightwebworks> ok
<Nafallo> depends on what you mean by frontend really.
<Nafallo> we might interpret that in the wrong way.
<brightwebworks> GUI front-end
<Nafallo> ah. NOT squid ;-)
<brightwebworks> ok
<brightwebworks> do you know of anything?
<brightwebworks> anything good?
<Nafallo> I don't use GUI if I can avoid it, sorry.
<brightwebworks> ok
<jasonmchristos> hi
<jasonmchristos> hello?
<cfedde> How do I teach my server to list itself in the avahi mdns zone?
<jasonmchristos> hello?
<jasonmchristos> anyone want to hear an idea that may develop into a project?
<nxvl> jasonmchristos: just say it
<jasonmchristos> ok hold on
<jasonmchristos> I've been in another channel
<jasonmchristos> its an idea for an ubuntu distro that uses peer to peer clustering out of box
<jasonmchristos> simply put
<akuma5> can someone help me add a drive to samba
<nxvl> jasonmchristos: https://blueprints.edge.launchpad.net/ubuntu/+spec/server-flavors
<nxvl> jasonmchristos: take a look at it
<jasonmchristos> what is this about?
#ubuntu-server 2009-06-29
<Guest14623> ok here is mu link http://paste.ubuntu.com/205885/
<Guest14623> does anyone have any hint as to where my problem is . I have been searching for an answer for days .
<owh> Guest14623: What problem?
<Guest14623> have a look http://paste.ubuntu.com/205885/
<owh> Phone. brb
<owh> Guest14623: Where are you pinging from?
<owh> Guest14623: Also, you have multiple instances of auto eth1 and auto eth0
<Guest14623> from my home network . the server is attached to a switch and i can ping the 1st nic but the 2nd no dice
<owh> Guest14623: So, you're pinging from within the same network as the server?
<Guest14623> thats a pasting error on my part
<Guest14623> ya , thats right
<owh> Guest14623: Well, show us what it really looks like.
<Guest14623> My server is connected to my switch with 2 connections , then i have my home network router where all my  personel computers are connected two
<Guest14623> my router is also connected to my switch
<owh> Guest14623: No, what I mean is, show us the real file, not one that has paste errors. We'll talk about testing after that.
<owh> Guest14623: When tracking down a problem, you need to eliminate the issues, one at a time.
<Guest14623> ok
<Guest14623> ok , here are my interfaces http://paste.ubuntu.com/205904/
<owh> Guest14623: Right, first we're going to check connectivity. Do you know how to disable interfaces?
<Guest14623> ya , when i disconnect the 1st nic , the 2nd nic will work properly
<Guest14623> i forgot to mention that
<owh> Guest14623: So, if you disconnect eth0, eth1 works?
<Guest14623> ya
<owh> Guest14623: And vice-versa?
<Guest14623> ya
<owh> Does your ISP support the same account being logged in twice?
<A|X> hello friends@
<Guest14623> no , they are seperate logins
<owh> Guest14623: Ah, sorry, was remembering what I saw in the previous pastebin.
<owh> Guest14623: What does your routing table look like?
<A|X> I'm having a stupid rediculous time getting anythign debain based to boot off this server
<owh> A|X: Debian based? In a Ubuntu Server forum?
<A|X> own... ?
<A|X> you *do* know that Ubuntu is debain based, yes?
<owh> A|X: Yes, I do, but I didn't know if you did. What is your problem?
<A|X> owh, thats why I'm here :)
<owh> A|X: I have learnt never to assume anything. It's cheaper.
<A|X> lol
<A|X> server 9.04  ,  or ubuntu desktop 7.10 ,  8.04 ,  and 8.10  all go to a busybox initram shell
<A|X> which from what i've read, means it can't find the root partition when it boots
<Guest14623> here ya go owh http://paste.ubuntu.com/205908/
<A|X> but when i boot to the CD, and select the boot option "Install Ubuntu"   it goes to that shell,  so i'm not so sure that "can't find the root partition" is the issue
<Guest14623> i gotta say thats for helping me , i have looked all over the net
<Guest14623> here ya go owh http://paste.ubuntu.com/205908/
<owh> Guest14623: I'm reading.
<Guest14623> o sorry , i did not know if you seen it ... Thanks
<owh> Guest14623: I'm still unclear what you're trying to achieve. Can you please explain?
<Guest14623> i would like to have is both connections up and running being able to send and receive .
<Guest14623> both connections to be independent with eth0 being the default connection
<owh> Guest14623: So, should I imaging a web server serving two domains on different IPs, each using a different ppp link? Or something else?
<owh> s/imaging/imagine/
<hikenboot_> hello can anyone tell me the equivalent in ubuntu for emege -av nvidia-drivers?
<Guest14623> i am running direct admin , so the 2nd nic would become name server ns1.
<owh> Guest14623: So, if you ssh to each individual IP address, does it work?
<Guest14623> no
<Guest14623> i can only ssh to my nic 1 , but if nic gets disabled i can ssh to nic 2
<Guest14623> its odd
<owh> Guest14623: How are you disabling the interface?
<Guest14623> i am wondering is its has somthing to do with my isp's hardware
<Guest14623> i have no firewall up yet , nothing to block the access to the 2nd nic
<owh> Guest14623: Again, how are you disabling the interface?
<Guest14623> ifconfig eth0 down
<owh> A|X: If you boot using things like disabling acpi, etc. Does it work?
<owh> Guest14623: Does the routing table change?
<owh> hikenboot_: On a server? The #ubuntu channel should have a !nvidia tip for you.
<Guest14623> i have never disabled acpi . I just tried to disable eth0 (1st nic) and everything went wonky on my . it did not switch over to 2nd nic automaticially .
<owh> Guest14623: acpi was not for you.
<owh> Guest14623: When you disable the nic, does the routing table change?
<hikenboot_> thanks owh
<hikenboot_> its all about getting it working with xen...its a home server so it also a desktop
<Guest14623> hello owh , ya the routing table does change . bascially deletes everything in the routing table
<owh> hikenboot_: I would say for that problem. Treat it as a normal desktop first, get it working properly, then futz with it. Reduce the number of problems you're trying to solve at the same time.
<hikenboot_> thanks owh
<owh> Guest14623: I have the suspicion that your issue is that you have not configured your routing table. I *think* that you cannot rely on automatic behaviour in your environment. I'm no expert on routing, but there are FAQ's and HOWTO's for dual nic setups. All that you've told me indicates that this is your problem. Again, I may be completely wrong.
<owh> hikenboot_: Pleasure.
<scott1978> hello all: looking to turn ubuntu server into a media server for other pc's and xbox 360. looking for ideas how... any suggestions?
<Guest14623> thanks owh , would you recommend any kind of how to's
<A|X> owh, haven't tried.
<scott1978> does anyone know about mediatomb?
<owh> Guest14623: Google for "routing howto", there are several useful links there.
<A|X> so yeah
<A|X> it boots
<A|X> after setting up 9.04 server
<A|X> and says "Giving up waiting for root device
<A|X> then goes into an initramfs shell
 * A|X bangs his head against his desk
<owh> A|X: All that means is that you again need to boot with it off, boot into rescue mode, update menu.1st with that kernel option - magic.
<A|X> borgie borgie borgie
<A|X> owh, will do. Thanks.
<A|X> rescure mode == off disk
<A|X> or is there some other rescue mode?
<owh> A|X: Huh>
<owh> s/>/?/
<A|X> nvm
<A|X> g
<A|X> od damn clonezilla
<A|X> hmm. So i'm on /dev/sda1
<A|X> which is the root partition,  and i've just re-selected that as the root partition
<A|X> EWASFDVXCGReqwdszxc
<qiyong> is it good to use autofs on /home?
<owh> qiyong: "good" in which sense?
<qiyong> owh: good to use
<owh> qiyong: That's like asking: "Is vi 'good' to use." - the question is meaningless. What are you trying to achieve that makes you think of using autofs.
<qiyong> owh: to store user data centrally
<qiyong> is autofs widely used?
<owh> qiyong: Well, until you asked I'd never heard of it - which doesn't mean much. There was a FAQ dating back to 1998, indicating it's been around for a while. There are documents on the ubuntu.com domain. The idea seems interesting. So, I cannot give you a full throated support or denial either way. I've not looked if popcon shows it or not.
<olman> tengo 2 red eth2 y eth0
<olman> helpme with bridge utils
<LiraNuna> anyone got experience with app armor?
<maxagaz> hi
<LiraNuna> it keeps telling me that apache2 is asking for DEFAULT_URI hat while it's already set
<LiraNuna> when I "add" it and finish, it doesn't change a thing
<hpierce> I need some help setting up a debug environment for Firefox...
<uvirtbot`> New bug: #393357 in openldap (main) "package slapd 2.4.15-1ubuntu3 failed to install/upgrade: " [Undecided,New] https://launchpad.net/bugs/393357
<hpierce> Hi... anyone home?
<ajmitch> hpierce: this is for server-related topics, not firefox, so you're most likely to find help in another channel
<ajmitch> probably the ubuntu mozilla team channel, in that case
<ubuntunom> .
<ubuntunom> hpierce: no im at work
<hpierce> ajmitch: when my system locks up, I am not clear it is the applications fault.
<hpierce> I suspect it's a low level library.
<hpierce> I have seen some of the banter on the forums, and any application can lock up your system points to a deeper problem.
<hpierce> But, if there is a dev oriented ubuntu channel, I will happily go there or move back to SuSE where I did have the problem at all.
<\sh> moins
<Gorlist> does anyone have a list of which ports should be opened for a standard webserver (apache, ftp, smtp etc?)
<\sh> Gorlist: for a standard webserver? incoming only port 80
<alex_muntada> maybe 443 too ;-)
<Gorlist> so only port 80, does that cover smtp etc?
<\sh> Gorlist: smtp has nothing to do with http...if you want to send mails from your webhost, you have to open port 25 from internal to external net...but nothing more...
<Gorlist> hmm
<Gorlist> right thanks
<\sh> ftp (passive in your case) only if you want to update your webstuff via ftp...then it's incoming port 21 and outgoing ports >1024
<alex_muntada> Gorlist: making your SMTP daemon listen to localhost only usually is enough
<Gorlist> Will go through it :) ive got ufw set to Deny allow currently
<aljosa> i was looking at http://doc.ubuntu.com/ubuntu/serverguide/C/ and searching for nagios section but nothing is there. is something else recommended instead of nagios?
<alex_muntada> aljosa: a few days ago this topic was mentioned on the channel, it would seem that nagios is the "blessed" package for monitoring since it's in main
<alex_muntada> however, no mention on the server guide, true
<TJ`> hey new to ubuntu server
<TJ`> can anyone help me out with routes?
<TJ`> have 192.168.x.x and 10.1.5.x etc
<TJ`> the server is on 10.x
<TJ`> not seeing 192.x
<bogeyd6> TJ`,  you need static route
<rc55> Hi - I have a nameserver in Gentoo but it's ancient - apart copying from /var/bind and bind.conf (assuming this is correct), is there anything else i need to do assuming bind is installed on ubuntu (server 8.04.2)?
<_ruben> rc55: you might need to alter you config / dir layout a bit .. other than that you should be fine .. (/etc/bind/named.conf and /var/cache/bind/ (or everything under /etc/bind/) tend to be the paths to use)
<_ruben> oh and perhaps your rndc config/keys
<heath|work> good morning.
<RoyK> hi all. I have setup open-iscsi, but I have a little issue - how can I make that start before fstab is parsed?
<heath|work> I am working on a system (web portal) for users from multiple domains to login and get access network resources between different systems like mail, web cms, users for their domain, etc. Is a LDAP server the best solution for this situation?
<sommer> heath|work: I like LDAP for that type of setup... of course depending on the number of users another system may fit you better.
<heath|work> hi sommer, the number of users will increase over the years. I am looking at open-exchange for the mail and calendar portion. According to their docs if will authenticate against LDAP. Using LDAP from an admin side looks a bit intimidating though.
<heath|work> if => it
<rags> I have a ipsec tunnel from a remote server and my ubuntu server here..the ubuntu server has two interfaces..one on .1 and the other .2...the ip sec is configured such tht  systems on Lan(.2) can access the tunnel.
<rags> the problem is while other systems can access the tunnel thru ubuntu, ubuntu itself is unable to access any systems
<rags> I think this is bcause it uses the wan ip i.e. (.1) and therefore is denied access on the tunnel...
<heath|work> rags, Any systems?
<rags> heath|work: systems on the remote n/w...
<rags> heath|work: I mean using the tunnel
<ivoks> so, ubuntu has two ips on two interfaces from the same C class?
<rags> ivoks: no..sryy forgot tht....one is wan ip and the other is lan
<heath|work> static routes?
<rags> the wan is on the .1 n/w connected to a modem...and .2 is on the lan
<ivoks> i realize that, can you tell us which ip exactly?
<ivoks> so, 192.168.1.1 and 192.168.1.2?
<rags> ivoks: yes...exactly
<rags> no..sorry
<ivoks> so, how do you expect ubuntu to find 192.168.1.3?
<rags> ivoks: different subnets
<ivoks> ok then
<rags> ivoks: 192.168.1.1 is the wan side..cconnected to the modem..and 192.168.2.1 is the lan with a couple of systems
<ivoks> and the tunnel?
<rags> the ip-sec is to a .4 n/w...which systems on the lan have no problem accessing, but from ubuntu itself it fails
<ivoks> so, it's 192.168.2.4?
<rags> no...(.4) subnet...
<_ruben> rags: using openswan or racoon?
<ivoks> ok
<rags> like 192.168.4.5
<rags> class C n/w...I think It is because of the two interfaces...I feel ubuntu is using the wan interface thru the tunnel or something..
<_ruben> it most likely is
<ivoks> use mtr
<_ruben> the route to the remote network needs to have a src ip specified
<ivoks> mtr IP
<_ruben> damnit
<_ruben> just did a dist-upgrade (including kernel) on my jaunty system .. now it fails to boot because it cant find my lvm
<rags> mtr??...k...it's a packet capture?
<heath|work> why can't you just add a route to those machines?
<_ruben> ip route get 192.168.4.1 will show that its using the wrong source ip (not the one covered by ipsec)
<rags__> heath|work: can't because ipsec is weird and I'm still trying to figure it out...the routes for ipsec can't be seen using normal route commands...
<rags__> _ruben: I'm using racoon
<_ruben> rags: never used racoon myself .. but trick is most likely do add a(n extra) route
<rags__> Can't because ipsec is weird and I'm still trying to figure it out...the routes for ipsec can't be seen using normal route commands...
<_ruben> sudo ip route add 192.168.4.0/24 via you.r.gate.way src 192.168.2.1
<_ruben> if that doesnt work, then racoon sucks even more than i thought
<_ruben> using openswan myself
<rags__> _ruben: I mean it uses the spd ans sa for routing traffic and bringing the tunnel..
<_ruben> rags__: the spds and sas are just fine .. using that route you'll actually be using em
<_ruben> its more of a routing issue than ipsec really
<rags__> _ruben: I'll try,but currently there are no routes at all to the tunnel n/w
<_ruben> rags__: doesnt matter
<rags__> it magically routes the packets thru the tunnels
<rags__> _ruben: k...I'll try tht..
<_ruben> its just a "helper" route .. it doesnt do any routing, its just there to change the src ip
<rags__> the gateway is ubuntu it self...?
<_ruben> it's its default gateway
<rags__> _ruben: nope not working...
<_ruben> rags__: try $ ping 192.168.4.1 -I 192.168.2.1
<_ruben> assuming 192.168.4.1 exists
<_ruben> also, do you have any NAT rules in place?
<rags__> _ruben: I tried the interface ping...still not wokring...and yes I am usint NATT
<_ruben> if even -I for ping doesnt work, NAT is another very likely problem
<_ruben> source ip and NAT are the 2 most common issues with ipsec :)
<_ruben> ow .. not just NAT, NAT-T even .. jikes .. nat traversal complicates things even more (which i should've noticed before)
<_ruben> nat-t i never really had to mess with .. but be sure to double check your nat rules so that you dont nat your traffic thats supposed to go through the tunnel
<rags__> _ruben: everything is working fine actually, only ubuntu is giving problems...
<heath|work> anyone using virtualmin?
<heath|work> or know if webmin can control multiple servers through one portal?
<ewook> heath|work: you can setup relationships between webmin, yes.
<heath|work> ewook, thanks, I am looking through the docs, but I haven't found anything on that yet.
<ewook> oh.
<ewook> heath|work: sry, can't point you in the right direction.
<heath|work> it's cool. Just knowing it may do what I need is good enough to try it out.
<ewook> left webmin behind after it destroyed a couple of config's for me a while back due to falty behaviour.
<_ruben> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<_ruben> ;)
<rsr> hi
<rsr> what is the option virtual machine host about? Does it tune the kernel for better performance as a virtual appliance server?
<heath|work> rsr, during install?
<rsr> yes
<_ruben> rsr: it install kvm and its friends
<rsr> theres an option on install
<heath|work> _ruben, is there anything similar to it?
<rsr> although I dont have hardware virtualization
<_ruben> heath|work: similar to webmin? ebox
<heath|work> rsr, kvm quem and everything
<rsr> isnt kvm for hardware?
<heath|work> _ruben, I will check it out now, thanks
<_ruben> rsr: me neither, so uninstalled it again .. which deleted lvm2 package .. which made my new kernels unbootable .. sigh
<rsr> my hardware doesnt support virtualization
<_ruben> rsr: then dont install that option :)
<heath|work> lol
<rsr> ok
<rsr> so I can just use kvm wthout the hardware virt support?
<_ruben> dont think so .. qemu doesnt require it, but is dog slow
<_ruben> without hardware support i'd go for either virtualbox or a vmware product
<_ruben> or perhaps xen
<rsr> _ruben: does virtualbox need a gui?
<_ruben> rsr: dunno, never used it :)
<_ruben> im a vmware guy
<rsr> really?
<rsr> is vmware opensource?
<soren> No.
<heath|work> virtualbox doesn't need a gui no
<rsr> ok
<_ruben> there's some free products though
<soren> The open source version does.
<heath|work> and I believe virt-manager can control it now
<heath|work> I've been extremely happy with kvm so far
<rsr> heath|work: Can I use kvm without hardware support?
<heath|work> no id o not think so, how many virts are you trying to run?
<rsr> I am starting a business based on joomla and sugarcrm so I will have an appliance for each client
<soren> rsr: Yes, but it'll be as slow as qemu (i.e. very likely not useful at all).
<rsr> righ now I only have one client
<rsr> soren: what do you think I should go for? I only use opensource though
<heath|work> rsr, it would be worth getting a hvm capable cpu and using kvm
<rsr> heath|work: I cant spend the cash right now
<rsr> I have to do with an athlon xp 22000+
<soren> rsr: Better hardware :)
<rsr> 2200
<_ruben> xp 2200+ for hosting .. heh
<_ruben> my 1700+ does a nice job as just file server.. wouldnt expect it to do much more
<rsr> _ruben: dont underestimate...we have too much hardware power nowadays
<rsr> an athlon xp 2200+ was just about a server platform 5 years ago
<_ruben> tell that to the dual quad core xeons running esxi at work :p
<rsr> hey
<rsr> isnt esxi opensource and gpl?
<_ruben> no .. its free though (under certain circumstances)
<rsr> oh
<heath|work> rsr, I just spent $150 and got 4gb of ram a hvm amd cpu and a video card
<heath|work> from newegg
<rsr> yeah I dont plan on spending any money
<rsr> i built the server out of spare parts
<rsr> im a startup
<rsr> has a pretty fast fsb and HD though
<heath|work> rsr, be careful with esxi, when you need to scale you could be spending big bucks
<rsr> no I wont use it
<rsr> I tend to stick to free technology
<heath|work> We had a call with them last week... ouch
<rsr> Ill have to try an alternative solution
<heath|work> _ruben, do you know if ebox will manage multiple servers?
<rsr> maybe ill have to install a gui for virtualbox since someone here said open source version doesnt support the command line
<heath|work> rsr, why not just do virtual hosting and have 1 server?
<rsr> heath|work: what do you mean?
<heath|work> you just want a web server right?
<rsr> pretty much...I could just install a turnkey ubuntu
<rsr> ever heard of it?
<rsr> but my idea was to use turnkeys on a host for easy backup
<heath|work> rsr, this is a setup for hosting: http://howtoforge.com/perfect-server-ubuntu-9.04-ispconfig-2
<heath|work> That will cover email for your clients, hosting, ftp access, and they will have some control of those settings if you grant it to them
<rsr> yes
<rsr> pretty nice walkthrough
<kwork> Address                  HWtype  HWaddress           Flags Mask            Iface
<kwork> 172.16.16.2                      (incomplete)                              vlan260
<kwork> why does it show incomplete as hwadr ?
<bytenik> Hi there. I have compiled a new kernel from source on one computer, and created .deb packages from it. I then installed the packages and was up and running on the new kernel. Now I copied those packages over to another system and installed them, but some source packages complain even though I installed headers.
<heath|work> ebox 1.0 not on jaunty ?
<pmatulis> !info ebox jaunty
<ubottu> ebox (source: ebox): the eBox platform - Base framework. In component universe, is optional. Version 0.12.4-0ubuntu1 (jaunty), package size 342 kB, installed size 2512 kB
<heath|work> I am amazed at how well KVM works over nfs
<henkjan> heath|work: no troubles with migration?
<heath|work> that's next on the list. I just got my new machine build with a hvm cpu so I can test that out.
<heath|work> henkjan, I was thinking about trying glusterFS. Have you had any experience with that?
<Steve[mbp]> morning everyone!
<heath|work> morning!
<Steve[mbp]> ^_^
<uvirtbot`> Steve[mbp]: Error: "_^" is not a valid command.
 * Steve[mbp] kicks uvirtbot` for thinking that an emote is a command
<heath|work> do you think hdparm would be an accurate test for testing virts rum over nfs?
<jmedina> heath|work: I always use bonnie++ or iozone
<heath|work> jmedina, I will check those out
<uvirtbot`> New bug: #393528 in bacula (universe) "package bacula-director-mysql 2.4.4-1ubuntu5 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/393528
<remote> is the `wl' module present in the ubuntu-server installation disc?
<Jared555> hello, is there any way to make sure sysctl.conf is loaded fully for virtual machine bridging?
<Jared555> currently the settings which control if bridges are sent through iptables are not loaded
<jon_high9000> hello. I am trying to setup a mail server with postfix dovecot procmail and fetchmail. is there a simplistic way to set this up?
<ScottK> jon_high9000: What Ubuntu release are you using?
<jon_high9000> 9.04
<ScottK> jon_high9000: Also why procmail?  You've already got dovecot for a delivery agent.
<ScottK> jon_high9000: For Dovecot and Postfix, sudo apt-get install dovecot-postfix.
<jon_high9000> Scottk: I am very green at this.
<ScottK> jon_high9000: OK.  You probably don't want procmail.  Installing dovecot-postfix will give you a basic working config for getting mail delivered.
<jon_high9000> Scott: I imagine it shows. lol
<ScottK> You'll also want to look into spam and virus scanning.  See amavisd-new in the Ubuntu server guide.
<jon_high9000> Scottk: do i need to install the Server cd? or can i just install it on my desktop?
<ScottK> You can install it on your desktop if you're using it for that function too.
<jon_high9000> is there any setup instructions for newbies?
<jon_high9000> I have a gmail account as well
<ScottK> The server guide has setup information.
<webtech-m33> jon_high9000: there is a lot of good how tos on howtoforge.com
<ScottK> webtech-m33: Generally it's better to use the Ubuntu docs if they cover what you need.  Most of what he needs is there.
<jon_high9000> Scottk: I understand that dovecot has mbox feature which as i understand means that i can still use thunderbird 2.0.0.0.22
<ScottK> It does, but I don't know the details.  mbox is so 1990's.
<jon_high9000> Scottk: I hear ya. but unfortunately till they change the type of mailboxes we maybe using for the duration as far as i know.
<_ruben> it doesnt matter what the MTA uses to store the mails .. since you'd be using dovecot, you'd fetch them using pop3/imap .. how your MUA then stores that data, is entirely up to the MUA
<jon_high9000> Scottk:then again, I am very green.
<ScottK> jon_high9000: AFAIK you're correct for Thunderbird.
<jon_high9000> Scottk: so i use should use postfix amavis-new dovecot-postfix thunderbird as the mail client.
<ScottK> jon_high9000: Read the amavisd-new information in Ubuntu server guide.  You'll want to add spamassassin and clamav to that.
<jon_high9000> on the dovecot-postfix do i also install primary package postfix itself i assume?
<frojnd> I've replug the external usb disk and check the dmesg before: http://pastebin.com/mb51dd76 and after: http://pastebin.com/m6ac1fed0 but there is no difference... My external usb disk is cold if I touch it... any ideas how can i check if it's completely dead? fdisk -l wont find external disk
<ScottK> jon_high9000: dovecot-postfix will pull it in via dependency if it's not already installed.
<jon_high9000> Scottk: I will look over the server guide . no problem
<jon_high9000> thank you very much for your help. it was greatly appreciated.
<jon_high9000> cya
<frojnd> ah..
<frojnd> wring dc adapter
<frojnd> wrong
<histo> is there a way to know whether a server requires a restart due to updates?
<Linux_Time> a friend of me wan't to install a ubuntu version (8.10) on his 'homeserver' at a virtual machiene - how can i Â«downgradeÂ» from Desktop to Serverversion? is the only difference KDE/Gnome Packs or more..?
<maxb> AFAIK the only difference between Ubuntu "server" and "desktop" flavours is the selection of packages that are installed
<ivoks> and kernel
<maxb> the kernel is in a package :-)
<ivoks> ?
<heath|work> couldn't you start with apt-get remove ubuntu-desktop?
<heath|work> I can't make my mind up for our auth backend: OpenLDAP or MYSQL? any suggestions?
<ivoks> for what?
<Sam-I-Am> heath|work: openldap is not in the same category as mysql
<Sam-I-Am> openldap can use a mysql backend...
<heath|work> OpenLDAP seems pretty difficult to get a grip on. I've been reading about it a little bit.
<Sam-I-Am> heath|work: its not bad... depends on what you're trying to do.  i'm not aware of anything that'll use mysql directly for auth tho.
<heath|work> We will be running multiple systems (mail, web apps, etc) and it looks like OpenLDAP would be the best
<heath|work> We will have lots of users with from different domains (user@domains.com) , so I am a little confused on how OpenLDAP will provide what we need.
<heath|work> well.. just found Phaam and it looks promising
<Sam-I-Am> you might want to check into zimbra
<Sam-I-Am> its a package based on openldap and mail stuff that handles multiple domains and whatnot out of the box
<Sam-I-Am> but you can do it with plain openldap and mail stuff
<heath|work> sorry that was phamm
<Sam-I-Am> that might work too... hadnt heard of it until now
<heath|work> we are using open-exchange
<Harryy> Hi. How would I set Ubuntu to use GMT+0 as the default system time? I have /etc/default/rcS UTC=yes, but it still shows my local time (GMT -5) :S
<diffra> Harryy: sudo dpkg-reconfigure tzdata should work
<diffra> or, simply, cp /usr/share/zoneinfo/GMT /etc/localtime
<Harryy> oh cool thanks
<Harryy> h@ubuntu:~$ uptime
<Harryy> 21:29:03 up 1 day, 2:13, 1 user, load average: 0.05, 0.04, 0.00
<Harryy> yay win :D
<donspaulding> I want to enable an outside company to use SFTP to copy files to and from my Hardy server.  I want the files to live under the home directory of an existing user on the server, but I want the outsiders chrooted to a sub-directory, not the whole home dir, and without any shell access.  Can this be done with OpenSSH?  Can someone point me to the right docs?
<Vog> donspaulding: you want an sftp server that uses ftp accounts
<Vog> just asec trying to find a good doc.... *google is your friend*
<Vog> this might work too but you'll need to setup specific permissions on the directories you mentioned. http://www.cyberciti.biz/tips/rhel-centos-linux-install-configure-rssh-shell.html
<donspaulding> Vog: thanks, looking at the RSSH article now.
<billybigrigger> hey all
<billybigrigger> anyone here use webalizer for stats?
<billybigrigger> anyone know how to get webalizer to read multiple log files? all i can see it that it will read a log file, access.log, but apache rotates it way too often for me, i think every week, so i have access.log .0 .1 and webalizer isn't showing full stats
#ubuntu-server 2009-06-30
<uvirtbot`> New bug: #393656 in postfix (main) "postfix fails on boot with "fatal: could not find any active network interfaces"" [Undecided,New] https://launchpad.net/bugs/393656
<luckyone> hello all, I am trying to get sound working on my ubuntu-server install
<giovani> luckyone: for what purpose?
<luckyone> giovani: I am using it as a NAS, and want to be able to play music off of it
<giovani> luckyone: NAS' aren't typically media players
<luckyone> my NAS is an MSI Wind, so it has all it needs
<giovani> yeah, that's not really the point
<giovani> I'm not sure if any of the audio drivers are in the -server kernel
<giovani> if it doesn't work out the box, the answer is probably no
<giovani> luckyone: run "lsmod | grep snd" for me
<luckyone> looks like my user isn't in the audio group.
<luckyone> it is the small things...
<luckyone> giovani: http://pastie.org/528764
<giovani> ok, then sound is loaded
<giovani> problem?
<jetole> hey guys. Does anyone know a good method to map out all links on all pages on a certain website. Kinda like spider program or something. I am trying to change a large website to friendly urls and want to find a list and then make sure I didn't miss any
<giovani> jetole: maybe a wget -nv -r --delete-after?
<jetole> thanks
 * jetole checks it out
<giovani> it's not the cleanest method ...
<jetole> I think there is a don't download option
 * jetole is looking at wget
<jetole> I must have been thinking about something else
<jetole> this will likely take eons though
<jetole> since wget is downloading all files
 * jetole googles 
<giovani> that's why I said it was messy
<jetole> like I said, large website
<giovani> just run it locally on the box?
<jetole> don't know about that
<jetole> it's a windows 2003 server
<giovani> what don't you know?
<giovani> haha
<jetole> several actually
<jetole> I know I know
<jetole> I hate windows too
<jetole> this is a corporate website and the windows servers were there when I started
<jetole> and the tech department knows I hate windows too
<jetole> I'm gonna ask #apache too
<giovani> jetole: wget -nv --spider -r htt
<giovani> http://
<giovani> that works
<giovani> --spider doesn't download beyond the HTML it has to to find more links
<giovani> you can hack up the output with awk to get a clean url list
<jetole> you know I have been meaning to learn awk
<jetole> have used sed for years
<jetole> never got around to awk
<giovani> not really related :)
<jetole> just thought I would mention it
<giovani> wget -nv --spider -r http://www.nytimes.com/ 2>&1 | cut -d" " -f3
<giovani> that seems to work alright
 * jetole is actually looking at htdig right now
<jetole> and swish-e
<jetole> htdig seems to work well so far
<jetole> still running though
<karl86> hi guys, I need to set a cpanel server up to recieve mail for a domain that has its apache traffic to another box. I'm drawing blanks in google can anyone suggest some search terms that might bear fruit?
<mattt> karl86: just point the MX record for the domain at the cpanel box?
<karl86> hey mattt, think I might be able to do it by using an 'addon' domain and using mail forwarding
<karl86> seems incredibly long winded, i'm used to working at command line, but cpanel works in mysterious ways
<mattt> karl86: personally, i'd just set up the cpanel domain as normal ...
<mattt> karl86: forget the fact that the setup also sets up an apache config, etc.  .... cpanel won't care htat you don't actually use it :)
<karl86> that would set up virtual hosts and such in httpd.conf though wouldnt it? I only want to handle mail for this domain
<mattt> karl86: it would, but what does it matter?
<karl86> fair point
<karl86> will give it a go
<mattt> karl86: anyway, cpanel may have an option to just set up mail hosting, i know plesk does .... but sorry i'm not familiar enough w/ cpanel
<karl86> not a problem at all, thank you for your assistance :)
<mattt> good luck :)
<agentk> Anybody know where to find prelim squid-3.1 packages?  I need connection-auth=off support.
<karl86> mattt: it worked thank you :)
<uvirtbot`> New bug: #369727 in openldap (main) "package slapd 2.4.15-1ubuntu3 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/369727
<karl86> can you copy a .so file from one location to /usr/lib? or does it mess things up
<mattt> karl86: cool!  and technically, i believe you can ... but then you'll have a misc. file on the filesystem not owned by a pakacage
<mattt> *package
<karl86> hi matt, it does seem to work. And its only for the benefit of svn so its not a critical thing :)
<qiyong> should I disable landscape?
<qiyong> !landscape
<ubottu> Landscape makes the management and monitoring of Ubuntu systems simple and effective by combining world-class support with easy to use online management tools. https://landscape.canonical.com/
<qiyong> where is it started?
<captainkirk> hi all.  how can i configure an external usb drive to automount when connected to be available as a backup storage device to a cron job?
<captainkirk_> hi all.  how can i configure an external usb drive to automount when connected to be available as a backup storage device to a cron job?
<captainkirk_> hi all.  how can i configure an external usb drive to automount when connected to be available as a backup storage device to a cron job?
<cjones> where would synptic install phpbb3?
<mattt> cjones: dpkg -L phpbb3
<bc> cjones: also check for any gotchas in /usr/share/doc/phpbb3
<vi390> any idea how I can get openVZ kernel at jaunty ?
<bobg> in hardy, I get "unknown filesystem" when I try to mount a  reiserfs partition. what do I have to do to enable reiserfs?
<Skaag> I've installed the "Virtual Machine Host" while installing Jaunty, now I see a virt-sh shell for creating virtual machines, etc. Where can I find more information about this?
<blizzkid> lo all. some urgent help needed here... I set up a server using drbd and ocfs2. Everything worked fine, but now when I do mount.ocfs2 /dev/drbd0 /data0 I get mount.ocfs2: Error when attempting to run /sbin/ocfs2_hb_ctl: "Operation not permitted" and Unable to access cluster service while starting heartbeat
<alex_muntada> Skaag: try https://help.ubuntu.com/9.04/serverguide/C/virtualization.html
<Skaag> thanks looking at that
<RoyK> hi all. anyone here that have used nfs4 acls?
<Kira> Does anybody know of a step-by-step guide to setting up a Postfix+Dovecot mail server on Jaunty?
<sommer> Kira: https://help.ubuntu.com/9.04/serverguide/C/postfix.html
<sommer> Kira: it's not that complete, but really sudo apt-get install dovecot-postfix does all the setup
<Kira> Hmm, I guess that's not all that I need to know.
<Kira> what about mailbox setup, etc?
<Kira> and stuff like hooking up with a webmail application (e.g. Horde)
<heath|work> Kira, http://howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirrelmail-ubuntu9.04
<heath|work> Would anyone know why I keep getting prompted to [sudo] right when I log in?
<heath|work> Ubuntu JeOS 9.04
<_ruben> heath|work: probably something in your login scripts .. grep sudo ~/.*
<heath|work> _ruben, that returns nothing, I'm not sure what is going on... it's strange
<_ruben> heath|work: could be hiding in /etc/ somewhere as well .. or a script calls it which is being called by a login script
<_ruben> what i'd do is open up 2 sessions .. while the 1st is at the sudo prompt .. run `ps auxfww` in the second .. then from the tree output you might be able to traceback the origin of the sudo call
<heath|work> _ruben, I will give it a whirl thanks
<Ng> kirkland: as part of your kvm-84 backport stuff, how would you feel about including kvm-pxe? :)
<mjeanson-> mathiaz: just to let you know that we'll likely be a few minutes late
<mathiaz> mjeanson-: ok :)
<Ng> is it normal for kvm to chomp all the CPU it can find after you start it? I'm seeing a lot of chomping and very little console action
<Ng> and killing it when it's in that state seems to leave libvirt with the impression that something is still using the associated disks
<Ng> (this is with the kvm-84 backport onto hardy, but I was seeing the same thing before I applied that)
<joe-mac> is anybody actually using the tomcat5.5 package from apt on 8.04 LTS?
<andenw> joe-mac: yes, im using it on my server. why?
<joe-mac> andenw: can't get it to work at all and i've set it up plenty of times throguh source
<joe-mac> i'm getting these errors: org.apache.catalina.startup.Catalina start SEVERE: Catalina.start:  LifecycleException:  No UserDatabase component found under key UserDatabase, cept i have the user db set up
<mathiaz> https://www.redhat.com/archives/freeipa-devel/2009-June/msg00298.html
<mathiaz> mjeanson: ^^
<andenw> joe-mac: look at my /etc/tomcat-5.5/server.xml at http://paste.ubuntu.com/207009/ , do you have a similar userdatabase setup?
<joe-mac> yea i have the user db set up in the server.xml and the file is where it should be
<joe-mac> weirdest thing, catalina.out is empty
<joe-mac> and it's mod 777
<uvirtbot`> New bug: #392759 in apache2 (main) "apache2 DoS attack using slowloris" [Wishlist,Confirmed] https://launchpad.net/bugs/392759
<joe-mac> yea i was going to suggest at least included that module to limit connections from a certain ip to help with that...
<ivoks> meeting's over?
<sommer> yeppers :)
<MTecknology> Any idea why something run as root will generate mail but when it's run from the root cron it won't?
<MTecknology> 0 0 * * 1 logwatch --detail 10 --range '-1 week' --mailto admin@server.com
<joe-mac> MTecknology: is MAILTO set to an empty string?
<MTecknology> joe-mac: hm?
<MTecknology> joe-mac: that's the cron that I run ^
<MTecknology> except with server.com replaced
<MTecknology> If I run that as root the mail sends, run it form cron and it doesn't
<joe-mac> MTecknology: that's why i asked ab out the mailto var, says who to mail shit to from cron
<MTecknology> joe-mac: where do I set that?
<joe-mac> in the crontab, at least on vixie cron
<joe-mac> right above the line for cron do MAILTO="yourusername"
<joe-mac> OH shit i misunderstood you,t hought you weren't getting cron output
<joe-mac> in that case, probably an environment thing, not sure how the logwatch --mailto functionality works
<MTecknology> I'll try that
<MTecknology> if it works I'll be happy
<MTecknology> it's something funky w/ cron :S
<MTecknology> .... it worked
<MTecknology> thanks
<JorgeJorgesson>  I seem to be having a lot of problems with mysqld starting up in Ubuntu 9.04.  I start it up with sudo mysqld &, but when I try to start the cli, I get a cannot connect error.
<JorgeJorgesson> I have tried connecting with both localhost and 127.0.0.1
<bitprophet> not on 9.04 myself but any reason you're not using the init script?
<MTecknology> JorgeJorgesson: /etc/init.d/mysql restart ; the  do mysql -uroot -p
<JorgeJorgesson> MTecknology: fail at server start
<MTecknology> JorgeJorgesson: pastebin the command and error\
<JorgeJorgesson> Sorry, worked fine with sudo
<JorgeJorgesson> MTecknology: why is this required everytime?  Does the server not start automatically?
<MTecknology> JorgeJorgesson: you tried starting it from mysqld when it should have been running
<JorgeJorgesson> Ok, but I could not log on from the cli mysql
<MTecknology> can you now?
<JorgeJorgesson> Yup
<MTecknology> should just keep working then
<JorgeJorgesson> So, if I reboot it will work automatically now?
<MTecknology> should
<JorgeJorgesson> I'll give it a shot right now.
<JorgeJorgesson> thanks
<JorgeJorgesson> Because this has happened many times before and it is driving me crazy
<Sp00K> Hey guys. I'm having a locale issue. My default locale is german while I prefer Dutch or English, reinstalling is no option since its a production box. If needed I can only restart it friday night. Does anyone have a good idea how to fix the locale issue (I prefer without a reboot)? :)
<MTecknology> Sp00K: I know you can install additional locales and just set your own locale, you might need to log out and back in, I forgot how though
<Sp00K> MTecknology, Hm. This might be handy: http://pastebin.com/m23ccebf3 as I already installed dutch language etc, I am still facing the issue that its defaultly using de_DE. And yes, I've reconfigured locales and even locale-gen (I think its the same what dpkg does.). I only have SSH access. :|
<JorgeJorgesson> MTecknology: nope, upon reboot, the mysqld server is not running again
<MTecknology> I know it's possible and I've seen it done, beyond that I'm afraid I'm not much help, sorry
<Sp00K> MTecknology, Was that against me or JorgeJorgesson?:P, if it was against me, Thanks anyways :-)
<MTecknology> Sp00K: that was you
<Sp00K> Ok, thanks anyways :)
<MTecknology> JorgeJorgesson: check /var/log//
<JorgeJorgesson> /var/log/?
<MTecknology> JorgeJorgesson: it's where system logs are held
<JorgeJorgesson> I know.  Which file to check.
<MTecknology> mysql*
<JorgeJorgesson> mysql.error is empty
<JorgeJorgesson> mysql.log is empty
<MTecknology> what about the other?
<MTecknology> mysql
<JorgeJorgesson> MTecknology: That are the only two.  The others are archived .log files
<JorgeJorgesson> *those
<MTecknology> log            = /var/log/mysql/mysql.log
<MTecknology> vim /etc/mysql/my.cnf
<JorgeJorgesson> /var/log/mysql is an empty directory
<MTecknology> JorgeJorgesson: hrm... before you do that...
<MTecknology> /etc/init.d/mysql status
<JorgeJorgesson> mysql is stopped
<MTecknology> dpkg-reconfigure mysql-server
<JorgeJorgesson> Package `mysql-server' is not installed and no info is available.
<MTecknology> aptitude install mysql-server
<bitprophet> sounds mildly problematic
<MTecknology> bitprophet: not as problematic as my installing vista on my sisters laptop atm
<bitprophet> condolences
<JorgeJorgesson> MTecknology: ok, maybe I need to understand what is going on here first, sorry.
<JorgeJorgesson> I thought the server was installed already
<MTecknology> JorgeJorgesson: have you ever installed a server app on your own system thinking it was your server, or are you still novice? :P
<MTecknology> I've done that a few times - I think that and any command followed by an accidental -rf / is a right of passage :P
<JorgeJorgesson> As I have no idea what you just said I guess I'm new
<Sp00K> MTecknology, I just 'exported' every option for locale into NL/dutch and placed it into the global .bashrc, issue fixed since it works :)
<MTecknology> joe-mac: hey... I was calling logwatch instead of /usr/sbin/logwatch......
<MTecknology> Sp00K: congrats
<Sp00K> Thanks :)
<MTecknology> JorgeJorgesson: you like rogers isp?
<JorgeJorgesson> MTecknology: It is ok.  Expensive and limited bandwidth
<MTecknology> ouch
<MTecknology> HA!!!  http://www.linux-magazine.com/Userfriendly/(offset)/51
<JorgeJorgesson> MTecknology: ok, back to the issue at hand.....what am I installing with the mysql-server?
<MTecknology> JorgeJorgesson: mysql
<MTecknology> the server component
<JorgeJorgesson> MTecknology: but I must have it already.  I've run the server before.  I'm not sure I get it all here.
<MTecknology> JorgeJorgesson: the server component is pretty much required if you want to run a server
<MTecknology> just install it and be happy ;)
<bitprophet> JorgeJorgesson: how'd you get the mysqld binary installed in the first place, if it is actually there?
<JorgeJorgesson> mysqld-server5.0
<MTecknology> JorgeJorgesson: normally you only need to install mysql-server, the rest is taken care of
<JorgeJorgesson> ahhh, now I see.
<bitprophet> MTecknology: if I read the apt info for mysql-server it doesn't seem to install anything but mysql-server-5.0 currently (ie. it's not a meta-package pulling in other packages)
<bitprophet> so shouldn't he already have everything that "install mysql-server" would give him?
<JorgeJorgesson> That is what I thought!  I just wanted to match my remote mysql servers installation
<bitprophet> JorgeJorgesson: all I can say is that if you started out with no mysql installed and did 'apt(itude|-get) install mysql-server(-5.0)' you should have an init script in /etc/init.d/ that starts mysqld for you, no problems
<MTecknology> bitprophet: I thought mysql-server also took care of the daemon
<bitprophet> naw
<bitprophet> mysql-server =~ mysql-server-5.0
<JorgeJorgesson> Ok, so what is going on then????
<bitprophet> you're thinking of just "mysql" probably? I can't recall as I never ever install the client w/o the server, heh
<bitprophet> JorgeJorgesson: what's "ps ax | grep mysql" give you?
<JorgeJorgesson> I hate installing stuff when I don't understand it.
<JorgeJorgesson> Now I went and installed mysql-server.  Damn
<bitprophet> JorgeJorgesson: all I can do is help you figure out A) what's installed and B) what's running and C) how to shut it all down adn start it up the "normal" way :D
<bitprophet> what did it do? it should've not actually done anything
<bitprophet> except install an empty package :)
<MTecknology> JorgeJorgesson: after you do that, restart and see if things work
<MTecknology> just to see
<bitprophet> all it does is install a copyright and changelog file
<JorgeJorgesson> ok....feeling like a guinea pig here, but I'll play
<bitprophet> http://dpaste.com/61689/
<bitprophet> so, JorgeJorgesson, don't worry, you didn't install anything bad :D
<MTecknology> bitprophet: I'll go watch vista upgrade to sp1 for the next few hours
<JorgeJorgesson> Oh, I know that....I just don't want any version conflicts
<MTecknology> apprently I'm getting more dumber
<MTecknology> a meta package usually helps keep version conflicts from happening..
<MTecknology> bitprophet: you're a ruby fan?
<JorgeJorgesson> 7028 pts/0    S+     0:00 grep mysql
<JorgeJorgesson> That was for bitprophet
<ruben23> hi, i lost my user password- how do i recover it or overwrite this to login
<ruben23> the user im using now is the user specified during the installation
<ruben23> i never setup root password.
<MTecknology> ruben23: reboot into recovery and launch a root shell
<ruben23> ok
<ruben23> then ill set to change the user password...?
<MTecknology> yup
<MTecknology> passwd user
<bitprophet> MTecknology: "fan", not necessarily
<bitprophet> I use it at work
<bitprophet> a Python person at heart.
<bitprophet> Ruby's all right and has plenty of good points, but I think more like Python does.
<bitprophet> JorgeJorgesson: ok, so mysql's not running, good
<bitprophet> JorgeJorgesson: what happens if you do sudo /etc/init.d/mysql start
<JorgeJorgesson> MTecknology: installing mysql-server did nothing
<bitprophet> that's the normal way of starting services, if you weren't aware (/etc/init.d/<whatever> (start|stop|restart|status|etc))
<JorgeJorgesson> bitprophet: sudo.... starts mysql server
<bitprophet> and then ps ax | grep mysql shows it's running?
<JorgeJorgesson> I know it's running because I can log in.  I'll run the command though
<bitprophet> eh, that works
<bitprophet> so are you good now?
<JorgeJorgesson> bitprophet: no, I have to manually start every time?
<bitprophet> the root problem here is that just executing one of the daemon binaries is rarely going to work fully on an OS which customizes the install to expect env vars and to call e.g. mysqld_safe instead of mysqld and etc etc
<bitprophet> JorgeJorgesson: no, that init script should start on boot
<JorgeJorgesson> bitprophet: it does not
<bitprophet> find out by doing try doing sudo update-rc.d mysql defaults
<JorgeJorgesson> I've tried that 5 times now, sorry.
<bitprophet> uh. forget those first 4 words
<bitprophet> what does it say? that the links already exist?
<JorgeJorgesson> Yes
<JorgeJorgesson> But it does not
<bitprophet> interesting
<JorgeJorgesson> I'd say
<JorgeJorgesson> Serenity now.....
<bitprophet> have you monitored the startup process to see if any obvious errors show up?
<JorgeJorgesson> bitprophet: no, I've not.
<bitprophet> guessing it's just not set into the right runlevels somehow, which would be odd but explain the problem
<JorgeJorgesson> bitprophet: this is a fresh 9.04 install
<JorgeJorgesson> Installed mysql-server5.0 from the repos
<JorgeJorgesson> Nothing unusual
<bitprophet> mm
<bitprophet> what do you see when you do find /etc/rc*.d -name "*mysql*"
<JorgeJorgesson> Note: desktop version, not server
<bitprophet> (ignoring any -ndb stuff)
<bitprophet> ah
<bitprophet> I've only used server
<JorgeJorgesson> Sorry....
<bitprophet> no idea if there's a qualitative difference
<JorgeJorgesson> should have said that upfront
<bitprophet> I assumed desktop just adds a bunc hof GUI shit
<JorgeJorgesson> hahahahha
<bitprophet> anyway so what symlinks are in the /etc/rc*.d folders?
<JorgeJorgesson> bitprophet: how many files do you want to see?
<bitprophet> use that find command I pasted above
<bitprophet> should only show maybe 2 dozen
<MTecknology> JorgeJorgesson: server installs a different kernel but that's the only significant difference, shouldn't change that though
<bitprophet> could pipe to |grep -v ndb
<bitprophet> if you see waht I do on 8.04
<bitprophet> should look vaguely like this
<bitprophet> http://dpaste.com/61695/
<JorgeJorgesson> bitprophet: yes, I see about that many.  your pastebin is almost the same as my output
<bitprophet> so you've got "S" files in rc's 2 through 5 ?
<JorgeJorgesson> http://pastebin.ca/1479858
<bitprophet> apparently so
<bitprophet> very bizarre
<JorgeJorgesson> Yup
<JorgeJorgesson> I must have something wrong here.
<bitprophet> at this point I have no further idea, maybe a bug in 8.10/9.04
<bitprophet> Yea...if you've not actually set up any data I'd aptitude purge mysql-server-5.0 and reinstall from scratch, perhaps. otherwise, no idea.
<JorgeJorgesson> Yeah, let me try Fedora
<bitprophet> :'(
<JorgeJorgesson> Well, whatever works, right?
<JorgeJorgesson> It's all Linus
<JorgeJorgesson> *Linuzx
<JorgeJorgesson> damn
<JorgeJorgesson> Linux
<JorgeJorgesson> Standard, fresh installation of 9.04 does not work with mysql-server....I tried.  Two times actually.
<bitprophet> well, good luck with fedora then :)
<bitprophet> I've never liked redhat or its derivatives, always prefer to find/fix/work around any warts in Debian derivatives instead ;) but to each his own
<JorgeJorgesson> I'm not set on Fedora...anything that works with mysql-server
<bitprophet> naturally :)
 * bitprophet has to put up with RHEL on prod servers because the backup system his host uses only runs on RH type systems
<bitprophet> best tool for the job and all that
<JorgeJorgesson> Yup, Ubuntu does not cover all bases.  Actually this is the first instance.  Unfortunately I have to change over 4 more machines to whatever works with mysql-server.  I want them all the same. Including my POS system
<bitprophet> So, while I'm here, does anyone know what the latest news is on Xen (host) support? I recall hearing last year that Xen packages were being phased out, which makes me sad (my xen server is on 7.10)
<bitprophet> yea, consistency is important
<JorgeJorgesson> well, especially for my users.  It took them a year to adapt to Ubuntu.  Now something new yet again.
<bitprophet> :(
<JorgeJorgesson> Yup, not sure how to tackle this one yet.......shit sandwich and all.
<bitprophet> mm
<bitprophet> rock and a hard place
<bitprophet> I'd look for bug reports, if mysql is running just fine via init script post-boot, there's got to be some stupid little thing preventing it from firing automatically on boot
<bitprophet> or ask on #ubuntu which I imagine gets much more traffic
<JorgeJorgesson> I'll try the mysql guys one last time.
<JorgeJorgesson> I'm going to try XP again as well.
<bitprophet> like, this must be easier to solve than if it wasn't running at all, for example.
<JorgeJorgesson> I'd have thought so.
<JorgeJorgesson> Or someone else must have tried this before.  But if not, then this is just not something that people do with the desktop version
<JorgeJorgesson> bitprophet: yeah, it appears as though this has not been done, or there is no interest in it with the desktop Ubuntu version.  Very strange.
<bitprophet> makes me wonder if somehow the desktop version doesn't _run_ init scripts. that'd be pretty odd though.
<Travis-42> how would I specify which user I want to run a command in for things like a crontab entry or a logrotate prerotate command?
<bitprophet> sudo -u <username> <command>   ?
<JorgeJorgesson> Not sure but I just tried it on an XP machine with rebooting.  Works just fine.
<bitprophet> or edit that user's crontab, for that particular task.
<Travis-42> bitprophet: ah, I didn't really occur to me that I could have just used "sudo -u" in the entry, I don't know why.  Thanks.
<bitprophet> JorgeJorgesson: well that's a totally different OS :) so it's not really something to compare to. it's definitely not MySQL's fault, at least, defeinitely something with how Ubuntu is packaging it, or some local quirk of your system
<bitprophet> Travis-42: np
<JorgeJorgesson> bitprophet: I agree
<JorgeJorgesson> That is why I'm asking here and not in mysql
<bitprophet> did you ask in #ubuntu yet? as I said they probably have more eyes watching, and it's more specific too, since you're on the desktop edition
<JorgeJorgesson> yup, nothing back
<bitprophet> worth a shot. just ask "is there any reason why my mysql init script isn't firing on boot?"
<bitprophet> ah
<bitprophet> bummer :(
<JorgeJorgesson> Hey, I gave it a good shot here!
<bitprophet> you did!
<bitprophet> Wish I could be of more help
<JorgeJorgesson> And I just changed the last machine over to Ubuntu yesterday....all users were to go to it tomorrow....Canada Day.
<JorgeJorgesson> Holidays are great for training.
<bitprophet> ha
<JorgeJorgesson> bitprophet: valiant effort!  I have a ton of work to do now.  Thanks a bunch for trying.
<bitprophet> no prob, good luck
<JorgeJorgesson> Might be worth a warning to future users somewhere.
<guntbert> how do I change the language settings in ubuntu server (jaunty)?
 * ajmitch sees there wasn't much of a server meeting to miss this morning
<superbeef1> anybody have any recent luck installing VMware-tools when running 8.04 LTS on ESX?    I'm failing accross the board including every open-vm-tools hack
<Sam-I-Am> i run that
<Sam-I-Am> which build of esx?
<Sam-I-Am> and whats the errors
<superbeef1> 3.5.0
<superbeef1> fails to compile vmmemctl
<superbeef1> with their tools, or latest open-vm-tools
<Sam-I-Am> which build of 3.5
<Sam-I-Am> because that matters
<superbeef1> 82663
<Sam-I-Am> upgrade
<superbeef1> yeah it's kind of stale
<Sam-I-Am> its up to 153-something
<Sam-I-Am> and they have modules specifically for ubuntu now
<superbeef1> but i don't see the memory module won't copile
<Sam-I-Am> its also officially supported...
<Sam-I-Am> esx 4 has debian included in the support list too
<superbeef1> yeah i tried their repo for tools, but that failed too.....   Maybe someday soon I can get a maintenance window and upgrade the ESX host
<Sam-I-Am> sounds like your only option
<Sam-I-Am> i dont think open-vm-tools exists on LTS... aside from the hack
<Sam-I-Am> for a while there open-vm-tools on versions > LTS was the only thing that worked.
<superbeef1> Sam-I-Am: thanks.... jeez there's a ton of pathces for this thing that need to be applied
<Sam-I-Am> uh huh
<Sam-I-Am> 3 file sets... esx itself, vmware tools, and the VIC
<Sam-I-Am> depending on how you do it...
<superbeef1> I guess I should jump through the hoops and take it up to update 3 at least
<Sam-I-Am> 4?
<Sam-I-Am> should be a 4
<JorgeJorgesson> ok, the guys at mysql are just rude with my questions.
<bitprophet> :(
<JorgeJorgesson> Ok, I'm trying every last ditch effort to not to go to XP
<ajmitch> great, php 5.3.0 hit debian experimental
<RoAkSoAx> soren, have you been working on cobbler?
 * ajmitch wonders if we should wait for 5.3.1 for karmic
<Fenix|work> Greetings...
<Fenix|work> ... Any Ubuntu server guides for doing tape backups?
<uvirtbot`> New bug: #394036 in mysql-dfsg-5.0 (main) "MySQL 5.0.22 Crash on Ubuntu 6.06.2 LTS (SELECT 0+0+0...)" [Undecided,New] https://launchpad.net/bugs/394036
<uvirtbot`> New bug: #367751 in munin (universe) "irqstats is confused by 2.6.24 /proc/interrupts" [Undecided,In progress] https://launchpad.net/bugs/367751
<Gorlist> is their list of ports that should be open for apache/email server etc?  (80, 21 for ftp...etc)
<Gorlist> emails are 25?
<MianoSM> smtp = 25?
<Gorlist> great
<Gorlist> which ones pop?
#ubuntu-server 2009-07-01
<uvirtbot`> New bug: #394043 in nagios3 (main) "Sync nagios3 3.0.6-5 (main) from Debian unstable (main)." [Wishlist,Confirmed] https://launchpad.net/bugs/394043
<MianoSM> http://www.iana.org/assignments/port-numbers
<incorrect> can anyone suggest a good command line tool to view network throughput?
<ghostlines> iftop dude
<ghostlines> that's a nice app, I think it's what you want
<jmedina> ghostlines: iftop wont graph network throughtput unless you generate trafic
<jmedina> incorrect: for network throughput you can use iperf
<jmedina> or simply rsync, or scp
<jmedina> I really like vnstat :)
<cmwslw> i know this might sound ridiculous, but is there any way to restart my server from a webpage?
<smultron> cmwslw: i've never used one, but you might want to look at web-based server managers like: http://www.webmin.com/
<MianoSM> I love webmin
<foxbuntu> MianoSM, tried ebox?
<foxbuntu> cmwslw, you might want to check out ebox as well
<cmwslw> i already have that installed, but it is a security risk if it is enabled for the whole internet to access
<ewook> firewall it?
<cmwslw> i do have a login protected admin page though which i would like a simple restart button
<cmwslw> i might need to reboot while on vacation - that's why i need a reboot button
<smultron> don't want to ssh in and reboot?
<cmwslw> i can't really firewall webmin because i don't know what the ip address is
<cmwslw> can i use an ipod touch to ssh - mine's jailbroken and ssh installed
<cmwslw> idk if it is the ssh client or just server
<MianoSM> foxbuntu: I did, it wasn't my cup of tea (to be honest I have liked using webmin for too long)
<smultron> cmwslw: you should be able to use that. just do a test before leaving
<cmwslw> wait, my ssh is enabled for lan only, like webmin
<cmwslw> i always thought that enabling services like these for the internet were huge security hazards - is it not the case?
<foxbuntu> cmwslw, while they can be, you just need to take proper precautions to secure them
<foxbuntu> cmwslw, I have a few servers with ssh out to the web, but I use RSA key authentication not passwords
<cmwslw> i just tried sshing into my server via my ipod touch, and everything worked
<cmwslw> i'm going to see if i can get rsa keys to work on it
<JorgeJorgesson> I have a mysql server running on one machine, but cannot access from another even with the same username/pswd (root)
<jmedina> JorgeJorgesson: JorgeJorgesson probably because mysqld only listen on the loopback interface
<jmedina> check /etc/mysql/my.cnf for the bind-address option
<JorgeJorgesson> Ah, if I change that, then I cannot access it on the same local machine, correct?
<JorgeJorgesson> Now I see my problem.
<JorgeJorgesson> I cannot use the mysql database server from a local machine and a remote machine at the same time, correct?
<jmedina> just comment the line and restart mysql
<jmedina> check
<jmedina> netstat -pltn | grep mysqld
<jmedina> that will show you the socket mysql is listening
<JorgeJorgesson> jmedina: comment what line?  how do I get mysqld to listen on both remote and local?
<jmedina> bind-interfaces
<jmedina> bind-address
<JorgeJorgesson> Do I bind both?
<jmedina> or something, im telling you from memmory
<JorgeJorgesson> Ok, nevermind.  Thanks for the tip though!
<jmedina> you can just comment the line, and mysql will listen on every network interfaces
<JorgeJorgesson> I tried that.
<JorgeJorgesson> Local access works, remote does not
<MianoSM> You forwarded the port, and tried connecting to the local and external IP?
<JorgeJorgesson> MianoSM: even internal (LAN) connection need to connect via WAN?
<jmedina> JorgeJorgesson: did you create a mysql account allowd to connect from remote hosts?
<jmedina> the defualt root account only allows to connect from localhost root@localhost
<JorgeJorgesson> I don't understand....I've had all this working before
<jmedina> JorgeJorgesson: show the evidence....
<jmedina> show your logs
<jmedina> show your config files
<jmedina> show output from netstat -pltn | grep mysql
<JorgeJorgesson> ok, something is wrong here
<JorgeJorgesson> I think two servers are running
<jmedina> show the evidence
<jmedina> use pastebin
<JorgeJorgesson> My remote account shows no databases, my local shows all
<JorgeJorgesson> I had this all working just the other day....no proof required.  I was using it.
<JorgeJorgesson> I don't understand what went wrong here
<jmedina> well, if you dont show us the output, all we can do is guess
<JorgeJorgesson> What do you want to see?  Do you too want ssh?
<jmedina> JorgeJorgesson: your config file
<jmedina> output from netstat
<jmedina> :)
<JorgeJorgesson> config what
<jmedina> the one we were just taking about
<jmedina> my.cnf
<JorgeJorgesson> http://pastebin.ca/1480210
<jmedina> now from netstat -pltn | grep mysql
<JorgeJorgesson> tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      3912/mysqld
<jmedina> ok
<jmedina> and what about the account?
<JorgeJorgesson> This stuff is going to give me a heart attack soon or later
<jmedina> can you connect to mysql with root?
<jmedina> :)
<JorgeJorgesson> local yes, remote no
<jmedina> ok
<jmedina> use mysql;
<JorgeJorgesson> yes
<jmedina> select host,user,password from user;
<JorgeJorgesson> yes
<JorgeJorgesson> I get a connection with no databases remotely
<JorgeJorgesson> local I see all my databases
<jmedina> show the output
<JorgeJorgesson> What log can I show you that it worked just a couple of days ago
<JorgeJorgesson> I was using the remote to study for my exam
<JorgeJorgesson> Output:
<JorgeJorgesson> Database information_schema
<JorgeJorgesson> 1 row in 0.00 sec
<jmedina> mm
<JorgeJorgesson> Yeah, same problem as before
<JorgeJorgesson> It all worked just two days ago
<JorgeJorgesson> remote, local
<JorgeJorgesson> all good
<JorgeJorgesson> The mysql guys called me a moron (more or less) the ubuntu-us-fl guys got me running local....great job!
<jmedina> JorgeJorgesson: use pastebin
<jmedina> I coulnt see your output
<jmedina> :)
<JorgeJorgesson> pastevin.ca/1480214
<JorgeJorgesson> pastebin.ca/1480214
<jmedina> JorgeJorgesson: spanish?
<jmedina> mmm
<JorgeJorgesson> yeah, pretty much!!!
<jmedina> tocayo
<jmedina> lets try in english :)
<JorgeJorgesson> ciau baby
<JorgeJorgesson> ok, did you get it?
<jmedina> yeap
<jmedina> ok but...
<jmedina> I never ask for the output from show databases;
<JorgeJorgesson> Oh crap....
<JorgeJorgesson> Ok, reset
<JorgeJorgesson> What did you want again?
<jmedina> use mysql;
<JorgeJorgesson> yes
<JorgeJorgesson> On the remote?
<jmedina> select host,user,password from user;
<jmedina> not
<jmedina> from local
<jmedina> root at local
<JorgeJorgesson> mysql
<JorgeJorgesson> not sure what you want
<JorgeJorgesson> use mysql;
<JorgeJorgesson> ?
<jmedina> I want to get a mysql user list
<jmedina> I want the optput from selec..
<JorgeJorgesson> ok, exact  commands
<jmedina> scroll up
<JorgeJorgesson> I did
<JorgeJorgesson> No database selected
<jmedina> what?
<jmedina> did you type: use mysql;?
<JorgeJorgesson> I guess I'm just not smart enough to get this stuff.
<JorgeJorgesson> yess
<jmedina> Â¬Â¬
<jmedina> again
<jmedina> use mysql;
<jmedina> you should get something like: database changed...
<jmedina> then type the select command..
<jmedina> and show me the output
<jmedina> so are you takina mysql exam?
<jmedina> taking
<JorgeJorgesson> yes and I've run a website for a year
<JorgeJorgesson> this is making no sense to me
<JorgeJorgesson> ERROR 1046 (3D000): No database selected
<jmedina> mmm
<jmedina> how did you connecto to mysql?
<jmedina> from remote or local?
<JorgeJorgesson> I can write select queries galore
<JorgeJorgesson> I am local
<jmedina> ok
<jmedina> show databases;
<jmedina> you should get a list of databases;
<JorgeJorgesson> I told you before, no problem
<JorgeJorgesson> Remote is the problem
<jmedina> ok, but we need to type some commands from local to debug this
<JorgeJorgesson> ok
<JorgeJorgesson> I understand what you want to do
<JorgeJorgesson> show users, show permissions
<JorgeJorgesson> right?
<jmedina> yeap
<JorgeJorgesson> Ok, I'm not that far yet in my studies!
<JorgeJorgesson> I'm at select, create and such...up to chpt. 10
<jmedina> ok again
<jmedina> show the output from show databases;
<JorgeJorgesson> from where?
<jmedina> from local!!!!!
<jmedina> I want to know if you have a root account with remote access
<JorgeJorgesson> I told you ......all my databases.....http://pastebin.ca/1480222
<JorgeJorgesson> Sorry, I'm being a smartass again....you are helping.
<JorgeJorgesson> Just frustration
<jmedina> ok
<jmedina> now
<jmedina> use mysql;
<jmedina> and
<JorgeJorgesson> wharer
<JorgeJorgesson> where
<jmedina> LOCAL!!!!!!!!!!!!!!!
<JorgeJorgesson> ok
<JorgeJorgesson> ok
<jmedina> and then type
<jmedina> select host,user,password from user;
<jmedina> and show me tht output
<jmedina> that will give you a mysql users list and the host they are allowed to coonnect from
<JorgeJorgesson> ERROR 1046 (3D000): No database selected
<jmedina> damn
<JorgeJorgesson> that would be in information_schema
<jmedina> please show me the full output from use mysql to that error
<JorgeJorgesson> I did
<jmedina> again
<jmedina> I want to see everything
<jmedina> not only that line
<JorgeJorgesson> That is it.
<mattt> *use mysql;*
<JorgeJorgesson> One line
<mattt> :)
<JorgeJorgesson> I did
<JorgeJorgesson> I can make stuff up if you want :)
<jmedina> JorgeJorgesson: just paste full output
<JorgeJorgesson> I did....not sure what you want here
<JorgeJorgesson> That is the exact output
<jmedina> use your mouse, click in the line that starts with mysql> use mysql, and drag it down until the line with ERROR
<jmedina> :)
<JorgeJorgesson> exit
<JorgeJorgesson> sorry
<jmedina> :D
<cmwslw> does anybody know how to enable ssh access over the internet, but only w/ rsa keys?
<JorgeJorgesson> mysql> select host,user,password from user;
<JorgeJorgesson> ERROR 1046 (3D000): No database selected
<cmwslw> i got rsa keys to work on my ipod
<jmedina> I want to see full output for every command you type and for every message mysql
<JorgeJorgesson> can we do this all together?
<mattt> JorgeJorgesson: you haven't switched to the mysql DB :(
<JorgeJorgesson> ah, use mysql
<mattt> yep, 'use <DB>;', where <DB> in this instance is mysql
<jmedina> cmwslw: edit /etc/ssh/sshd_config and add PasswordAuthentication no
<JorgeJorgesson> mattt, i understand
<mattt> JorgeJorgesson: otherwise, you can do: 'select host,user,password from mysql.user;'
<cmwslw> jmedina: thanks a ton!
<JorgeJorgesson> http://pastebin.ca/1480228
<jmedina> cmwslw: I think that option was in the config file with yes
<JorgeJorgesson> mattt, understood now
<jmedina> probably ubuntu guys remoted it
<jmedina> JorgeJorgesson: now
<jmedina> select host,db,user from db where user='root';
<jmedina> matt thanks for remind me about db.table
<JorgeJorgesson> empty
<JorgeJorgesson> so how do I logon as local root
<jmedina> so, your root@% dont have accees to any database
<jmedina> you mean remote
<JorgeJorgesson> so how do I logon as local root
<jmedina> as local?
<jmedina> you are doing this as local.
<JorgeJorgesson> I still don't understand....this worked just days ago
<jmedina> JorgeJorgesson: well something changed, and someone did it
<JorgeJorgesson> But I am right here
<JorgeJorgesson> I own these machines
<JorgeJorgesson> I had it all working
<JorgeJorgesson> I cannot now access my "server" from my "local" machines
<JorgeJorgesson> Machines in the same network
<jmedina> grant all privileges on *.*  to 'root'@'%';
<jmedina> and then
<jmedina> flush privileges;
<jmedina> and there you go :)
<JorgeJorgesson> I just don't get what happened.
<JorgeJorgesson> My website is running just fine.......and has been for a year
<ajmitch> and your website is on which computer?
<cmwslw> yes! i can now ssh with an rsa key from my iphone
<cmwslw> this is awesome
<jmedina> cmwslw: good,  you should write a howto :)
<cmwslw> i was planning on doing that
<jmedina> Im going to by a hiphone :)
<cmwslw> on my blog
<jmedina> 200 dollars :)
<cmwslw> it was actually not very different from a normal computer
<cmwslw> i hope jorge gets back on
<cmwslw> i just realized i had the same problem as him and fixed it
<jmedina> I have some servesr configured to allow password auth for normal users and only allow root using rsa
<JorgeJorgesson> jmedina: all is well now, thanks again
<cmwslw> jorge: did you try rebooting?
<JorgeJorgesson> yup
<cmwslw> that fixed the problem for me
<JorgeJorgesson> Works great
<jmedina> JorgeJorgesson: you are welcome
<cmwslw> haha
<jmedina> reboot?
<jmedina> what?
<cmwslw> i had the same problem
<jmedina> this is not windows
<jmedina> :)
<ajmitch> jmedina: he had problems with mysqld apparantly not running after a reboot earlier
<cmwslw> server was down for a week until i rebooted
<cmwslw> could have fixed it sooner but i was on vacation
<cmwslw> now i can use my IPHONE! woot
<Island_Swimmer> Hi, All. I should be the happy owner of three new baby servers, but something has gone a miss
<mattt> Island_Swimmer: ?
<Island_Swimmer> Well, when I go to create a new Mediawiki page, I get:
<Island_Swimmer> Error Text:
<Island_Swimmer> Fatal error: Allowed memory size of 20971520 bytes exhausted (tried to allocate 7680 bytes) in /var/www/technology/wiki/includes/AutoLoader.php on line 582
<cmwslw> idk why mediawiki would use that much
<Island_Swimmer> What could be wrong? Any help is appreciated. Please
<ajmitch> cmwslw: 20MB isn't much
<cmwslw> i thought 20mb was the default?
<ajmitch> Island_Swimmer: change the memory limit in the php.ini file
<ajmitch> cmwslw: it's still not a lot of memory :)
<Island_Swimmer> I tried, but since I can't get VIM-full installed, I can't edit the files
<cmwslw> nano?
<Island_Swimmer> I am not comfortable with Nano, since it broke my php in the first place
<mattt> Island_Swimmer: sed -i ?  :)
<cmwslw> well if that's the case, i would reinstall php then
<Island_Swimmer> I did. That is why my limit is back to 16 MB
<cmwslw> i don't see how nano could be more complicated than vim
<mattt> Island_Swimmer: ok, so then you know what the problem is ... but the problem is that you can't use nano?
<jmedina> and why not vi?
<Island_Swimmer> I'm blind. Learning a new Text Editor on a production system is not really an option in the time crunch. Unfortunately that is the case
<mattt> ok, that certainly complicates things a bit :/
<Island_Swimmer> I wasn't sure if that was the problem, but rather I suspected it. I also needed to confirm this
<jmedina> Island_Swimmer: copy the file to your local machine, edit it, and upload it again :)
<ajmitch> sed -i it is then
<jmedina> :)
<jmedina> or ed
<jmedina> :)
<Island_Swimmer> I didn't think of that
<ajmitch> jmedina: that's cruel
<Island_Swimmer> I'll be back. What is the file exactly I'm editing again
<jmedina> ajmitch: well if he is unable to use vi then will be hard to use sed
<Island_Swimmer> ?
<Island_Swimmer> Please
<ajmitch> the file in /etc/php5/apache2/php.ini
<ajmitch> jmedina: you don't need to navigate around anything with sed, it's a single command to run
<jmedina> ajmitch: I know
<jmedina> he just can't learn sed right now, so I just give a solution, I would use sed
 * jmedina loves sed
<jmedina> :)
<ajmitch> php5's debian/rules uses sed to change the memory limit
<jmedina> ajmitch: share the line
<ajmitch>         cat php.ini-dist | tr "\t" " " | sed -e'/memory_limit =/ s/128M/32M/g' > debian/php5-common/usr/share/php5/php.ini-dist.cli
<ajmitch> is what's in debian/rules, of course it'd need to be changed for the installed file
<Island_Swimmer> Ok. I upped the limit and still get the same error after Apache2 Force-reload
<Island_Swimmer> I upped it to 32M
<Island_Swimmer> I appreciate all solutions, no matter how big or how small
<jmedina> Island_Swimmer: restart apache
<jmedina> not just reload
 * ajmitch would suggest it being much higher than 32M, depending on how much RAM your servers have
<Island_Swimmer> I got a slightly different error
<Island_Swimmer> Error text:
<Island_Swimmer> Fatal error: Allowed memory size of 20971520 bytes exhausted (tried to allocate 8192 bytes) in /var/www/technology/wiki/includes/SpecialPage.php on line 1
<ajmitch> certain PHP apps gobble up the memory
<Island_Swimmer> Yeah, but Mediawiki is recomended at 32M
<Island_Swimmer> 32M
<ajmitch> as a bare minimum?
<Island_Swimmer> Hmm. I'll be back
<ajmitch> looking at the mediawiki site, you should also increase the memory limit in LocalSettings.php
<ajmitch> http://www.mediawiki.org/wiki/Manual:Errors_and_Symptoms#Fatal_error:_Allowed_memory_size_of_nnnnnnn_bytes_exhausted_.28tried_to_allocate_nnnnnnnn_bytes.29
<Island_Swimmer> Thanks
<Island_Swimmer> That fixed it
<Island_Swimmer> It was in Localsettings.php
<Island_Swimmer> !Webadmin
<ubottu> Sorry, I don't know anything about Webadmin
<Island_Swimmer> !Webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<Island_Swimmer> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<Island_Swimmer> Why is VIM-full not in my repository?
<Island_Swimmer> Please
<Island_Swimmer> !Packages
<ubottu> You can browse and search for Ubuntu packages using !Synaptic, !Adept, "apt-cache search <keywords or regex>", or online at http://packages.ubuntu.com - Ubuntu has about 20000 packages available, so please *search* for an official package before installing things in awkward ways!
<Island_Swimmer> !Repositories
<ubottu> The packages in Ubuntu are divided into several sections. More information at https://help.ubuntu.com/community/Repositories and http://www.ubuntu.com/ubuntu/components - See https://wiki.ubuntu.com/RecommendedSources for the recommended way to set up your repositories
<ScottK> Island_Swimmer: vim is (I suspect) vim-full.
<Island_Swimmer> I know that, but unfortunately it is not in my repository. Neither is Ebox
<Island_Swimmer> It is odd. It is a minimal install of Ubuntu 8.04 Hardy
<negge> I'm wondering if PHP 5.3 will make it into Hardy? If so I need to start doing some testing...
<negge> does anyone know?
<arooni> how do i fix this:  for apache?  Directory index forbidden by Options directive: /mnt/app/current/public/
<negge> arooni: somewhere in /etc/apache2/sites-available/<yoursite> there's a line that forbids directory listing. Normally that's exactly what you want to do
<arooni> thats what i want right
<arooni> to forbid direcotry indexing
<negge> arooni: check the Apache documentation or just Google it, I don't remember exactly what you're supposed to write. But the file you should put ut in is the one I mentioned, that's for sure
<arooni> got it working
<negge> good
<acalvo> hi
<acalvo> I need some advise: I want to migrate my old mail server and I was thinking that maybe is time for a change. We're using POSTFIX and COURIER as MTA/MDA with LDAP as backend. I've been researching a little bit, and maybe DOVECOT or QMAIL could do the job better and easier. What do you think? Thanks!
<mattt> acalvo: do the job better how?
<mattt> acalvo: are you having problems w/ postfix/courier?
<acalvo> mattt, no, but it was a pain to set it up and it lacks some administration tools
<mattt> acalvo: i don't even see a qmail package on hardy :/
<acalvo> mattt, damn, my test machine is Jaunty...
<mattt> don't see one for jaunty either :)
<mattt> iirc, there is some packing issues w/ qmail which is why ubuntu/red hat, etc. don't distribute it
<ajmitch> some historic licensing issues at least
<acalvo> oh, ok
<acalvo> but, what do you think about DOVECOT?
<ajmitch> dovecot & postfix are the recommended tools for ubuntu
<acalvo> well, I think I'll give it a try
<acalvo> hope the LDAP integration works fine
<acalvo> have you tried with such a configuration (LDAP, quotas, ...)?
<ajmitch> I haven't tried it, but I believe there's some good documentation on dovecot & ubuntu
<acalvo> oh, well
 * ajmitch uses exim4 & dovecot
<acalvo> uhmmm
<acalvo> exim!
<acalvo> another one I've heard about
<mattt> i like postfix ... the standard install works nicely w/out much (if any) hacking
<mattt> but it's really configurable if you want to do wacky stuff
<acalvo> I agree
<acalvo> but it seems that exim is more powerful and customizable
<mattt> i thought exim's selling point was simplicity
<acalvo> yes, but it achieves that by having several plugins
<steady2023> hey can you guys help
<steady2023> how do u apt-get install including config files if I deleted the directory
<twb> !u
<ubottu> U is the 21st letter of the modern latin alphabet. Neither 'U' or 'Ur' are words in the English language. Nor are 'R', 'Y', 'l8', 'Ne1' or 'Bcuz'. Mangled English is hard for non-native English speakers. Please see http://geekosophical.net/random/abbreviations/ for more information.
<twb> steady2023: try aptitude reinstall.  You may have to purge and install the package in question, because deleting a config file is treated as a deliberate action by dpkg -- that is, it will REMEMBER that you wanted to delete it.
<steady2023> ok cool that fixed it
<steady2023> u got a good easy guide to getting proftpd to work
<steady2023> I followed 3 of them but they are all from a few years ago and have conflicts
<twb> proftpd is full of security holes, IIRC.
<twb> Why don't you use vsftpd?
<steady2023> I just need to get an ftp working to install joomla
<steady2023> I mean I guess it tells me it needs ftp access
<sandstrom> How can I reset (settings and everything) ufw?
<uvirtbot`> New bug: #394164 in cyrus-sasl2 (main) "uninstallable: incorrect dependencies after security update" [Undecided,New] https://launchpad.net/bugs/394164
<twb> sandstrom_: ufw disable?
<sandstrom_> I  was thinking of everything (files etc). But I think I managed. thanks anyway
<twb> sandstrom_: aptitude purge ufw? ;-)
<negge> sandstrom_: easiest way is to delete everything from /var/lib/ufw/user.rules (or user6.rules if you're using ipv6)
<negge> no need to reinstall or anything
<sandstrom_> thanks
<twb> negge: ah, well, he should have been clearer about what he meant by "reset" :-)
<acalvo> does anyones uses squid with some add-on to block undesired services (such as msn, p2p, ...) and web pages?
<twb> acalvo: you mean at the firewall level?
<acalvo> well
<acalvo> no, we have a firewall
<twb> Obviously you can avoid p2p on your own hosts by simply not installing p2p software.
<acalvo> hardware firewall
<acalvo> but does not support web or service filtering
<acalvo> well, try to tell to the students what they should not do...
<twb> Sounds like you have an appliance device running a closed version of Linux, such that you cannot get to its software firewall and tell it to block p2p packets.
<twb> Normally in such a situation I'd install OpenWRT or Ubuntu Server on the router in question, and teach it to block p2p packets with the l7 stuff.
<twb> Or if you have total control over the desktops (i.e. they all run your custom GOE and you don't allow users to use their own laptops or install things), you can just ensure that no p2p apps are installed on the desktops.
<acalvo> well, thanks
<acalvo> but I was thinking in using a transparent proxy which had some utility to block/filter services
<acalvo> I've heard about squid-guard
<acalvo> but I never get it to work
<acalvo> (yet!)
<twb> squid-guard won't do shit against bittorrent
<twb> Because bittorrent does not use HTTP.
<nlindblad> Hi
<nlindblad> How come an e-mail with score -1.80 gets marked as spam when the treshold is 5.20?
<nlindblad> (Sendmail with milter-spamc)
<twb> Any reason you're using sendmail instead of, say, postfix?
<eolo999> hi, where can i find good documentation on how to convert Xen guests to run with KVM?
<twb> eolo999: have you tried the ubuntu server admin guide?
<eolo999> twb: apparently there's nothing there regarding migration from xen to kvm; or i'm wrong?
<twb> eolo999: I don't know.
<twb> Inasmuch as kvm is qemu, there is qemu-convert.  That assumes you already have some form of disk image, though...
<eolo999> twb: that just take care of disk images not of xml creation, kernel adjustments(as xen guests use the host kernel) and who knows more...
<twb> kvm needs XML?
<a_ok> my mail log stays empty after rotate. i do reload (now even restart) sysklogd in the last logrotate entry
<a_ok> postfix is the mailer btw
<eolo999> twb: if you want to use it with libvirt...
<twb> a_ok: is your postfix logging via syslog?
<a_ok> twb: yeah
<twb> a_ok: postfix and/or syslog should install the appropriate logrotate entries already -- did you mess with them?
<a_ok> twb: this is a setup from way back so they are messed with before i came to work here. I rearanged things so i have a full mail log in /var/log/adm/mail and the important stuff in /var/log/mail.log however the later does not work
<acalvo> twb, nice point there... I should install some firewall rules there
<a_ok> twb: could you show me your entry perhaps?
<twb> a_ok: I don't have an Ubuntu system handy.
<twb> a_ok: try "aptitude download <package>", then use "dpkg -X <package>*deb `mktemp -d`" to extract it into a temporary directory to inspect it
<a_ok> twb: anyway I am allowed to mess with them I do not understand why it does not do what it supposed to do
<a_ok> twb: a manual sysklogd reload solves the problem
<uvirtbot`> New bug: #394211 in nagios3 (main) "Reporting CGIs incorrectly calculate start or end time for periods spanning changes to daylight time" [Undecided,New] https://launchpad.net/bugs/394211
<ssc__> hi all
<ssc__> is there a way to make bind9 accept an update without a key ? like an 'insecure mode' ?
<jo___> Hi
<heath|work> hello
<jo___> what is the default boot manager installed in Jaunty server?
<jo___> I do not have a /boot/grup dir, and no /etc/lilo.conf either
<heath|work> should be grub
<heath|work> /boot/grub
<jo___> hm. While an dist-upgrade I get the error message:
<jo___> Searching for GRUB installation directory ...
<jo___> No GRUB directory found. To create a template run 'mkdir /boot/grub' first. To install grub, install it manually or try the 'grub-install' command. ### Warning, grub-install is used to change your MBR. ###
<jo___> ls /boot/grub
<jo___> ls: cannot access /boot/grub: No such file or directory
<jo___>  lilo
<jo___> Fatal: Cannot open: /etc/lilo.conf
<heath|work> lilo is not installed by default, looks like you will have to rebuild grub, are you in recovery?
<jo___> no - hope not
<jo___> how to test that?
<mattt> jo___: is it a virtual machine by any chance?
<jo___> no, its a real one (I hope)
<heath|work> lol... i hope
<mattt> jo___: yeah, not sure .. i'd expect grub to be installed, but it could be a xen virtual machine or something similar which doesn't need a boot loader
<heath|work> any know the name of the third party mysql table type that replaces InnoDB tables?
<Sam-I-Am> myisam?
<Sam-I-Am> heap?
<Sam-I-Am> google probably knows :)
<Sam-I-Am> think it does bdb too...
<heath|work> FOUND IT!! XtraDB
<VK7HSE> beat me to it I was just about to paste "MyISAM" but I really don't know if that's the right answer!
<Sam-I-Am> heh
<Sam-I-Am> so many choices...
<heath|work> should hostname and hostname -f show the same?
<heath|work> the fqdn?
<sandstrom_> I get an error when starting the firewall. How can I see what the message means? (ERROR: problem running init script)
<didrocks> jdstrand: FYI, I sent the contributor agreement for "quickly". If you want to merge my branch for ufw as we discussed at UDS, the process seems easy (just ask jcastro)
<sandstrom_> the firewall == UFW
<jdstrand> didrocks: thanks. yeah, I will need a contributor agreement for ufw
<bitprophet> heath|work: afaik, hostname prints the value of /etc/hostname, whereas hostname -f prints the FQDN as defined in /etc/hosts (for 127.0.1.1, first mapping)
<didrocks> jdstrand: it seems that you have to be listed there: http://www.canonical.com/contributors
<heath|work> right, but should I echo full.host.name >> /etc/hostname && /etc/init.d/hostname.sh start?
<jdstrand> didrocks: it is:
<jdstrand> Uncomplicated Firewall (ufw)
<jdstrand> (about a third of the way down)
<didrocks> jdstrand: oh yes. I was just looking for ufw ;) I can send it to you now, if you wish
<heath|work> bitprophet, the reason I ask is because I tutorial I was reading through said they should match, but I have never done that
<jdstrand> didrocks: that would be great. thanks for your patience :)
<didrocks> jdstrand: no problem :) It's sent
 * jdstrand nods
<heath|work> man I love this stuff
<sandstrom_> I get an error when running ufw enable (ERROR: problem running init script). How can I see what the message means?
<jdstrand> sandstrom: if this is hardy, use '/etc/init.d/ufw 'stop|start'. if that isn't helpful enough, use 'sh -x /etc/init.d/ufw start|stop'
<jmedina> good morning
<sandstrom> jdstrand: thanks!
<oioiii_> hi, I buld a kernel module against an installed kernel (not running) using 'make install BUILD_KERNEL=<kernel version>', works as expected, but after reboot module gets not loaded although being listed in /etc/modules, anyone?
<oioiii_> ah, forgot: ubuntu 8.04 LTS server, module is Intel nic driver igb
<oioiii_> the module is installed in /lib/modules/<kernel version>/kernel/drivers/net but not in /lib/modules/<kernel version>/ubuntu/net
<oioiii_> anyone?
<jmedina> oioiii_: can you load it by hand?
<jmedina> is there any other driver load instead?
<Sam-I-Am> jmedina: did you take a look at any of my PPA packages?
<oioiii_> nope, after reboot with new kernel it gives me 'Could not load /lib/modules/<kernel version>/ubuntu/net/igb/igb.ko' although igb.ko is present in /lib/modules/<kernel version>/kernel/drivers/net/igb/ . Doing a rebuild with running kernel and modprobe igb works fine
<oioiii_> But hitting the KVM each time is painful
<jmedina> Sam-I-Am: not yet, I've been out of office all this days
<Sam-I-Am> jmedina: mmmkay
<Sam-I-Am> jmedina: almost done populating it with a whole suite of useful backports to hardy
<oioiii_> jmedina: no other igb module presemt
<jmedina> oioiii_: did you run depmod?
<oioiii_> no, I thoutght depmod was for running kernel?
<jmedina> nop
<oioiii_> ok
<Sam-I-Am> usually a kernel install with dpkg runs depmod for you :)
<jmedina> you can use depmod -a 2.6.xx
<oioiii_> aaah, I see
<jmedina> that version shoud match with your kernel dir at /lib/modules
<oioiii_> ok, I try (one second)...
<jmedina> Sam-I-Am: could you please send me your ppa link to bookmark it
<Sam-I-Am> jmedina: https://launchpad.net/~ionosphere80
<Sam-I-Am> jmedina: they're all in there... there are PPA dependencies, so you'll have to check them.
<jmedina> Sam-I-Am: what you mean with ppa dependencies?
<oioiii_> jmedina: works! thanks a lot:-)
<jmedina> oioiii_: good!!
<Sam-I-Am> jmedina: for example... the samba ppa built against other ppas since i had to backport some libs
<Sam-I-Am> jmedina: you'd just need to add the dependent ppas to sources.list as well
<Knirgh> What's the best ftp server to start with? must be commandline
<jmedina> Knirgh: pure-ftpd it works all by parameters
<jmedina> :)
<jmedina> or you can use debians wrapper and use a config file
<jmedina> Sam-I-Am: so your packages are built agains svn or 2.4.16?
<jmedina> I mean openldap packages
<Sam-I-Am> jmedina: svn
<Sam-I-Am> jmedina: since theres issues with 2.4.16
<mattt> anyone here use xen?
<jmedina> o/
<jmedina> 3.2 in hardy server
<bitprophet> 3.1 on 8.04 here
<bitprophet> err sorry 7.10
 * bitprophet just WISHES that server was on 8.04
<ScottK> bitprophet: Well 7.10 is out of support, so you really ought to upgrade it.
<bitprophet> no shit :)
<ScottK> OK.  Just saying.
<bitprophet> "ought to" does not, sadly, translate into "has time to"
<bitprophet> I know, thanks :)
<jmedina> well xen in 8.04 is not supported afaik, it is in universe
<PhotoJim> perfectly fine to keep using it.  just unplug the ethernet connection. ;)
<ScottK> I'm one to talk.  I still have a dapper desktop for the same reason.
<bitprophet> jmedina: I was wondering about that since I heard of something along those lines. what changed with ubuntu's xen support post 7.10?
<bitprophet> in terms of "can install and run it without having to compile from source", I guess.
<jmedina> bit I dont know, I only use LTS versions for servers
<jmedina> so I have tests tex in dapper and hardy
<bitprophet> well, you said you're using 8.04, which is almost definitely what I will upgrade to when I do upgrade
<bitprophet> it still installs fine? I thought some packages were removed entirely, like the kernels or something
<jmedina> I only  use : apt-get install ubuntu-xen-server and that all
<bitprophet> good to know, thanks
<jmedina> I even run MS windows in HVM mode :)
<bitprophet> you know I'm not sure I've ever actually upgraded a system in place before. almost always it's a super old system that I just backup/wipe/install. (or a VM which just gets retired/replaced by a newer one)
<bitprophet> cool
<bitprophet> we have a windows server for virtualizing that operating system, thankfully.
<Fumoh> I use insmod to load a driver for my NIC, but it is not automatically loaded when I reboot... how can I get it to automatically load during boot?
<bitprophet> add it to /etc/modprobe.d somewhere, I think
<Fumoh> bitprophet: let me check there real fast.
<bitprophet> actually, just /etc/modules looks like it'll do
<bitprophet> "Kernel modules to load at boot time" :)
<Fumoh> Great, let me try that out :)
<bitprophet> all I really know is that /etc/mod* is what you want, ha.
<bitprophet> good luck
<b3nw> good morning, does anyone have any experience with the Dell RD1000 backup drive line? Either USB or Internal SATA and Ubuntu?
<bitprophet> conversely, you can add stuff to /etc/modprobe.d/blacklist to _prevent_ it from loading. very useful to turn off pcspkr, in my experience
<jmedina> wujuuuuuuuuuuuuuuuu
<uvirtbot`> New bug: #394365 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: le sous-processus post-installation script a retourn? une erreur de sortie d'?tat 1" [Undecided,New] https://launchpad.net/bugs/394365
<Fumoh> bitprophet: Yeah couldn't get it to work by modifying the modprobe.d stuff... I just created a startup script that runs the insmod command.  It's dirty, but it works!  Thanks for your help.
<heath|work> how do you enable sieve for jaunty dovecot?
<bitprophet> Fumoh: for that you could also just add it to /etc/rc.local, I think
<bitprophet> you made another init.d script?
<jmedina> Fumoh: shy use insmod instead of modprobe, modprobe will take care to load dependencies modules, provided you have run depmod
<IRConan> anyone know a good way to prioritise network traffic on a ubuntu-server
<jmedina> IRConan: yeap use tc
<jmedina> I really like shorewall's way
<jmedina> HTB for egress traffic, IFB for ingress traffic
<NMR_1122> Do you put all of the sub-domains (wiki.example.com, mail.example.com, www.example.com, etc) in a single Bind9 Zone file, or create separate files for each sub-domain?
<Sam-I-Am> NMR_1122: are those hosts or subdomains?
<jmedina> same question...
<Sam-I-Am> they look like hostsd
<Sam-I-Am> s
<jmedina> you declare subdomains with new NS records
<jmedina> for hosts you use IN, CNAME..
<NMR_1122> they should point to different IP addresses
<NMR_1122> so i think hosts?
<Sam-I-Am> they are hosts
<jmedina> usually for both hosts and subdomains you use same zone file, unless you delegate that subdomain admin to someone else
<Sam-I-Am> then they're in the example.com zone
<IRConan> jmedina: tc?
<jmedina> IRConan: yeap
<jmedina> Traffic Shapping Tool
<jmedina> part of iproute2
<jmedina> NMR_1122: I always use this template file
<jmedina> http://verde.e-compugraf.com/jm-confs/bind9/db.ejemplo.com.zone-SIMPLE.txt
<NMR_1122> the comments are in spanish
<jmedina> yeap
<jmedina> if you want to know what they mean, read bind's ARM
<jmedina> http://ws.edu.isoc.org/workshops/2008/cctld-ams/Documentation/bind-arm/Bv9ARM.html
<NMR_1122> ok, Thanks!
<IRConan> jmedina: got any good links for how to configure tc well?
<jmedina> IRConan: I told you I like shorewalls features
<jmedina> http://www.shorewall.net/traffic_shaping.htm
<jmedina> it is not that easy
<IRConan> "Do not attempt to install Shorewall on a remote system. You are virtually assured to lock yourself out of that system."
<IRConan> hmm...
<jmedina> you need to correctly understand how packet flows
<jmedina> IRConan: what do you want to do?
<IRConan> I haven't really worked out exactly which packets need prioritisation yet
<jmedina> IRConan: you can start reading lartc.org
<jmedina> Linux Advance Routing and Traffic Control
<IRConan> cool... thanks for the info
<heath|work> my mail server is named mail.company.local, but I have virt domains running on it. For the CA's do I need the Common Name to be mail.company.local?
<jmedina> .local ??? what Exchange?
<heath|work> it runs local email, but I would like to add virtual domains as well
<heath|work> I can move it to a .com if I need to
<heath|work> I'm just trying to avoid cert hostname mismatch errors
<ScottK> Nothing can see it outside your network if it's on .local
<jmedina> heath|work: for mail servers CN should match the hostname your mail clientes use
<jmedina> in fact I have MTA rules that rejects mail from .local domains
<jmedina> so for local use donesnt matter your FQDN
<heath|work> so if the mail clients are using mail.company.com, then the cert should be the same
<slangasek> kirkland: what kind of testing have you done with open-iscsi in jaunty/karmic, by chance?  Working with Etienne on bug #236640, he's apparently now running into a kernel oops when running isci_discovery :(
<uvirtbot`> Launchpad bug 236640 in open-iscsi "iSCSI install fails under hardy" [High,In progress] https://launchpad.net/bugs/236640
<heath|work> I was reading it as it must match the hostname
<jmedina> heath|work: yeap
<jmedina> and you have to import your CA cert into your mail clients
<heath|work> but it's the name the clients will use... cool thanks for clearing that up
<heath|work> yeah... thanks jmedina
<jmedina> I would rename your domain if you plan to use this mail system outside your local network
<kirkland> slangasek: i did some testing in early jaunty, dec/jan timeframe
<kirkland> slangasek: as of the upload mathiaz and I made around then, we were able to auto mount an iscsi partition on boot, in a vm
 * jmedina uses open-iscsi with ubuntu xen guests for live migration with jaunty iscsi target
<kirkland> slangasek: as long as that partition wasn't / or /usr, i think
<kirkland> slangasek: that, we had working well as of that upload
<kirkland> slangasek: we were using iscsi-target for our testing
<slangasek> kirkland: ok
<slangasek> so the kernel oops may be a karmic regression
<slangasek> hopefully jaunty wasn't like that
<kirkland> slangasek: yeah, i didn't see that in jaunty
<slangasek> you also said you only tested early in jaunty
<slangasek> so the kernel might've changed before release
<slangasek> well - the kernel /did/ change before release, but maybe it changed in a way that broke :)
<kirkland> slangasek: heh, that's totally true
<RoAkSoAx> soren, are you working on cobbler ?
<soren> RoAkSoAx: No.
<RoAkSoAx> soren, are you gonna package it for karmic?
<soren> RoAkSoAx: No.
<soren> RoAkSoAx: I want to, I just don't have the time.
<RoAkSoAx> soren, ok thanks. I'll try to work on it then :)
<jpds> soren: too many phone call meetings? :)
<heath|work> can I grep through every file in a dir looking for foo?
<heath|work> nevermind that was easy
<Nafallo> jpds: soren needs clones. that's his only way to win the mdraid by default crack he's on :-P
<henkjan> Nafallo: can i anywhere vote for that?
<Nafallo> henkjan: no idea. but it won't happen :-)
<henkjan> do default install on a broken raid 1?
<Nafallo> henkjan: install every system with software raid1 by default. if there is one disk found, leave it degraded by default.
<Nafallo> (as I've understood it)
<Nafallo> anyway. nvm. it was a troll to begin with from my part :-P
<Nafallo> (obviously)
<ajmitch> Nafallo: yes, because we know that soren is not really human, right?
<Nafallo> ajmitch: of course. a guy that walks up to the bar, get notified it's last call and walks away with 10 beers is not my definition of normal :-)
<ajmitch> haha
<bc> would anyone know if the default mail set up for amavis, pyzor, etc, communicates with cloudmark.com? I'm seeing strange traffice two and from there every minute or so.
<bc> netcat to the IP on the port of 2703 only produces this a string like this -> sn=C&srl=11088&a=1&a=cg&ep4=7542-10
<bc> nevermind, found the answer: http://www.google.com/search?q=sn%3DC+cloudmark
#ubuntu-server 2009-07-02
<JDShewey> Hey, having trouble rebuilding a RAID0 array.
<JDShewey> Whey I run mdadm --create I get /dev/sda1: device or resource busy and for /dev/sdb2 (and two other partitions) I get "this device appears to be part of an array". Any suggestions?
<JDShewey> /dev/sda1 is unmounted and is part type linux raid autodetect
<WHARRGARBL> What is irda0?
<WHARRGARBL> How much space does Ubuntu server need to install?
<JDShewey> Depends on what you are serving.
<WHARRGARBL> How much data will the installer install?
<WHARRGARBL> minus the content I put on
<twb> WHARRGARBL: half a GiB is probably a recommended minimum for the root OS
<twb> You could squeeze it down further, or blow it up larger.
<twb> Usually I allocate two to four GiB to the root filesystem, simply because I'm working with large (1TiB) disks and an extra GiB isn't noticable.
<WHARRGARBL> Does ubuntu server support Intel 22000BG wireless cards?
<WHARRGARBL> I'm installing it on a laptop
<twb> I do not know.
<JDShewey> WHARRGARBL: Ask the google. I am pretty sure it does.
<twb> WHARRGARBL: lspci output will help.
<JDShewey> WHARRGARBL: if you are trying to do a WAP, you might be more interested in finding out if it can be put in promiscuous mode.
<WHARRGARBL> Wireless access point?
<WHARRGARBL> no
<WHARRGARBL> I have a hardware WAP
<qiyong> is it in restricted section or in main?
<qiyong> samba-common_3.3.5-1ubuntu2_i386.deb
<WHARRGARBL> Ubuntu server is cool, automatic updates :)
<twb> qiyong: ask apt-cache policy
<twb> qiyong: that is, run "apt-cache policy samba-common"
<Guest14623> how can i post my problem without flooding the screen
<twb> !pastebin
<ubottu> pastebin is a service to post multiple-lined texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/index.php?page=add | Make sure you give us the URL for your paste - see also the channel topic
<Guest14623> thanks
<Guest14623> Hello
<Guest14623> i am pulling out my hair on this issue i am having . Please please can somone take a look and tell me what they think http://paste.ubuntu.com/207882/
<WHARRGARBL> What is a virtual machine host
<WHARRGARBL> on the options for installing ubuntu server
<WHARRGARBL> I don't get it
<WHARRGARBL> You mean it install vmware
<twb> WHARRGARBL: it installs virtualization infrastructure which does the same job as VMware, but is not encumbered by proprietary licensing.
<WHARRGARBL> ok
<mobi-sheep> Servers.  What is the best way to run VLC?  I want to install a simple Xorg and VLC.  Nothing more.  Nothing less.
<twb> mobi-sheep: that's not a server.
<mobi-sheep> twb: I know.  I'm running a XBMC Live and it's jerky so I wanted to try installing Xorg and VLC.  I figured you guys would knew the answers.
<twb> I don't know what an XBMC is.
<mobi-sheep> Probably because you guys do install a simple GUI sometimes in a while or at least gave out commands?
<twb> mobi-sheep: we generally disapprove of that.
<mobi-sheep> twb: Xbox Media Center.  It's a nice HTPC (also can be a server).
<twb> XBMC is software that runs on an Xbox?
<mobi-sheep> twb: Well.  Originally, yes. But now it's able to run on Mac + Linux + Windows.
<mobi-sheep> twb: But that's not the point.  Basically, I got XBMC.  No GUI.  Nothing else.  I know TTY too.  However, I was wondering what package I would need to run a simple Xorg so I can run VLC under X.
<twb> OK, so you are running XBMC as a package on your ubuntu server?
<mobi-sheep> I used XBMC Live iso.  It's messed up so naturally I'm going to try building it out of minimal.iso because XBMC Live does not configure graphic card or anything.  It just ran.  Kinda felt like I'm missing out on certain factors.
<mobi-sheep> twb: Well it didn't mess up, but the video jerks every 5 seconds or so forget XBMC Live.  I found a guide that'll let me build it out of mini.iso which I will do.
<mobi-sheep> twb: The real question would be -- What packages do I need to run applications under X simple as possible?
<twb> Sorry, I was just trying to understand what you were doing.
<twb> To get *just* X running, you want to install xserver-xorg-core, or the larger xserver-xorg package.
<twb> You will probably also want to install packages that e.g. start X when you turn the computer on, and provide 3D acceleration, and maybe also packages that provide a window manager and a terminal emulator.
<twb> For details about that you should really ask another channel, since graphical stuff is offtopic for this channel.
<mobi-sheep> twb: Ahh.  Thank you.
<mobi-sheep> twb: I'll figure out what I'm trying to accomplish. ;3
<WHARRGARBL> How do I use WiFi in ubuntu serer?
<WHARRGARBL> server?
<twb> WHARRGARBL: the same way you use it anywhere else -- install the appropriate drivers.
<WHARRGARBL> FFFFFFUUUUUUUU
<Guest14623> i am pulling out my hair on this issue i am having . Please please can somone take a look and tell me what they think http://paste.ubuntu.com/207882/
<twb> Guest14623: I guess your routing table is getting messed up because the pppoe's on each nic are fighting
<Guest14623> twb -ya that sounds about right , would you know how to fix that or point me in the right direction
<twb> Guest14623: too hard for me right now, sorry.
<Guest14623> do you know what i should be changing
<Guest14623> i have looked all over the internet for days
<Guest14623> even if you could tell me what area i should be working on
<twb> Guest14623: I don't know, sorry.
<Guest14623> twb is there anyone else that you know of who could help me out
<twb> NFI
<scott_nwoktech> Holy cow...i'm a full ubuntu-server convert now...never going back to CENTOS
<jmarsden> Guest14623: Look at the pppd options set by pppoeconf in /etc/ppp/peers/dsl-provider and see if any should be altered or removed for your dual pppoe situation?
<Guest14623> jmarsden - thanks , i'll have a look
<jmarsden> No problem.
<scott_nwoktech> is Ante here?
<jmarsden> scott_nwoktech: Use /whois NAME to see what channels NAME is currently in.
<scott_nwoktech> thanks
<scott_nwoktech> he must be out snowboarding; we had an extensive email conv over the weekend vis a vis a HA VM/Samba cluster. He seemed quite eager to point me in the right directions for some guidance, if he couldn't provide it himself
<scott_nwoktech> i'm extremely in need of some guidance re kvm live-migration on a DRBD | pacemaker stack. If KVM isn't up to it then i assume i can install Xen on ubuntu just fine, and with the latest stable, unlike centos:)
<uvirtbot`> New bug: #394570 in openssh (main) "Backspace via SSH only deletes last byte of characters" [Undecided,New] https://launchpad.net/bugs/394570
<uvirtbot`> New bug: #394583 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/394583
<PC_Nerd101> Hi - what runtime is best for apache and mysql startup scripts, at the moment I have one in rc4.d - but I suspected rc2 woudl be better because its in text mode as oposed to multi-user etc etc.....    ?
<andenw> PC_Nerd101: default runlevel in ubuntu is 2, so rc2.d is the best place. But the standard way to install rc-scripts is with update-rc.d which installs in all rc*.d folders.
<qiyong> is there any realtime traffic monitor tool?
<qiyong> i know some, like bwm, traffshow, but i ask the most popular ones here.
<negge> qiyong: qiyong I think bwm-ng and vnstat are fairly popular (vnstat isn't *exactly* realtime though)
<negge> who needs the most popular one as long as it does the job well?
<qiyong> bwm-ng replacing bwm? negge
<negge> qiyong: actually I haven't used bwm, just bwm-ng, so I don't know the difference
<negge> personal choice I guess
<qiyong> negge: is vnstat running as a daemon?
<qiyong> negge: oh, it's a cron
<uvirtbot`> New bug: #394610 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: le sous-processus post-installation script a retourn? une erreur de sortie d'?tat 1" [Undecided,New] https://launchpad.net/bugs/394610
<bright4_chris> Anyone know how to automatically run a custom script on insertion of a CD on Ubuntu server ?
<bright4_chris> For backup purposes: just insert, script starts like magic, wait a while and doen
<qiyong> jaunty-security doesn't have universe or multiverse
<qiyong> so this line is incorrect:
<qiyong> deb http://localhost/ubuntu/ jaunty-security main restricted universe multiverse
<qiyong> am i right?
<d1b> hi there is there a reliable method of auditing user passwords on 9.04 ?
<d1b> given that sha256 is in use ( / sha2)
<d1b> ah er sorry i meant sha512
<heath|work> I have a virt that will not shutdown -h now  is there a way I can figure out what is wrong?
<ropetin> heath|work: Does it give you any kind of message when you try it?
<heath|work> it indicates that it is going down then nothing happens
<heath|work> even if I use virt-manager with a right click and shutdown nothing happens.
<ropetin> Does syslog show anything?
<heath|work> nothing... this is weird
<ropetin> V weird :)
<heath|work> well... I guess I will just kill it.
<uvirtbot`> New bug: #394703 in sysstat (universe) "iostat -xn crashes with stack smashing" [Undecided,New] https://launchpad.net/bugs/394703
<heath|work> that's such a scary command:  destroy <virt>
<heath|work> http://www.ksplice.com/uptrack/  <---NICE!
<dbaker> anyone using paver, fabric or another automated tool for server setup/deployment?
<acalvo> Hi y'all!
<acalvo> I'm migrating from an old server to a new one, and while trying to move all my LDAP tree I found that the userPassword attribute it's not following the same encryption
<acalvo> is there any way to force it?
<Sam-I-Am> what was it using?
<Sam-I-Am> the default now, if unspecified, is ssha
<Sam-I-Am> for reading passwords, though, it shouldnt matter since the hash type is before it in the attribute like.. {HASH}password
<acalvo> I know
<acalvo> but I've tried the same string in both servers
<acalvo> and they gave me different outputs
<acalvo> however, I've tried a simple one, and the result is the same
<acalvo> a bit confusing...
<Sam-I-Am> whats in your config file?
<RoyK> can I use the ubuntu usb creator to create a fedora boot stick?
<bitprophet> dbaker: I use Fabric
<bitprophet> right now, primarily for OS setup/install, and some deployment of Django apps
<bitprophet> fabric executes locally and is in Python, is the main difference
<bitprophet> it also has some extra layers on top of common shell tasks that sometimes make stuff easier (i.e. a contains method that's just a wrapper around grep, etc)
<dbaker> bitprophet: what do you mean by: 'run locally' ?
<dbaker> bitprophet: on my machine and not on the server I'm trying to setup?
<bitprophet> well a bash script would have to be copied to the remote machine and then executed there, whereas fabric runs locally and executes commands over ssh
<bitprophet> correct
<dbaker> bitprophet: are paver and fabric suppose to serve the same purpose?
<bitprophet> I've not used Paver much, but in my understanding there is some overlap but paver is more of a build tool whereas Fabric focuses more on the deployment/scripting
<bitprophet> but there's probably a lot that could be done in either one just fine
<bitprophet> I'd try both and see which one you like more
<dbaker> bitprophet: what do you mean by "a build tool" and "deployment/scripting" ?
<dbaker> bitprophet: if I want to setup a server with nginx, django, postgresql... is this a deployment task?
<heath|work> I am getting an error on --suite=intrepid  for vmbuilder. There is an intrepid JeOS, right?
<stiVal> hello people! I'm having a little trouble automagically updating from gutsy to hardy. The update is being started by a script in run, that has no frontend.
<stiVal> aptitude is called with this: /usr/bin/aptitude -o Aptitude::Log::=/tmp/aptitude-log -q -o Dpkg::Options::=--force-confnew -o Dpkg::Options::=--force-confmiss
<stiVal> it seems this is not enough?
<stiVal> it gets stuck with the libssl package --- which tries to ask which services to restart, but i want it to start them anyways
<stiVal> sry, i forget - additional aptitude parameters: "-s -V -y 2>&1"
<bitprophet> dbaker: sorry, didn't notice your reply :(
<bitprophet> dbaker: in my totally non scientific terminology, "build" involves more setting stuff up locally, compiling, writing out config or xml files, etc; "deploy" or "script" means to install or modify software or applications
<bitprophet> but I'm pretty sure paver can execute commands over ssh, and fabric can set up dependencies for easy local building, so they technically overlap. the differences would be in syntax and the extra tools provided to make certain types of tasks easier
<bitprophet> (which is why I suggested to try both :))
<detoni_jr> sou novo por aqui... um Ã³timo dia a todos!!!
<_ruben> !br
<ubottu> Por favor, use #ubuntu-br para ajuda em portuguÃªs. Obrigado.
<dbaker> bitprophet: thank you. I'll will
<bitprophet> :) Good luck.
<Marticus> anybody familiar with michael jang's books?
<stiVal> or asked a little shorter: What do I need to do, so debconf is NOT asking ANY questions and using the default values and actions?
<bitprophet> stiVal: when I need to noninteractively run apt stuff and it hangs with debconf asking questions, I've found I often have to figure out the name of the debconf "setting" (not sure what the right term is) and stick that in debconf's database with debconf-set-selections
<bitprophet> so for example when I autoinstall systems with mysql or postfix, I do e.g. "echo mysql-server mysql-server/root_password password <secret> | debconf-set-selection"
<bitprophet> to set a default mysql root password
<bitprophet> also pretend I had the quotes in the right place there
<bitprophet> another example, echo "postfix postfix/relayhost string mail.my.domain" | debconf-set-selection
<bitprophet>  /end blather
<bitprophet> if you've ever dealt with preseed files, it's the same format since it's all just debconf
<stiVal> yes i have ... it's just really anoying, that there is no way to be sure that NO package is asking questions. i don't care what the configurations look like since there is a middleware that takes care of my configurations - everything else can and should be default (no passwords or whatever)
<stiVal> not every system is the same or has the same configuration - that's why the middleware is there - taking care of every package that could ask a question in all the different cases is nearly impossible for me
<stiVal> but thanks - I'll look into that, if at least this time i can make it work your way ;)
<bitprophet> yea, I hear you.
<bitprophet> good luck
<a1fa> aww
<a1fa> i was expecting 140mb/s in raid10
<a1fa> and i am still getting silly 70mb/s
<a1fa> wtf
<a1fa>  Timing buffered disk reads:  216 MB in  3.02 seconds =  71.59 MB/sec
<a1fa> why is everyone idling in this channel
<andol> a1fa: I belive the answer might be found in the combination of the applications irssi and screen :)
<a1fa> hehe
<a1fa> andol
<a1fa> i was expecting 150+ mb/s in raid 10 configuration
<a1fa> where in fact i am only getting 70 mb/s
<andol> a1fa: sorry, not much of a storage person.
<a1fa> anybody build live ubuntu cds to update dell firmware?
<jmedina> I had to use fedora :)
<a1fa> jmedina : traitor
<a1fa> is there a link to the cd image please?
<a1fa> Does it update desktop bios and firmware
<a1fa> or poweredge only?
<jmedina> a1fa: why? I just used fedora to upgrade firmware and then install ubuntu
<jmedina> :)
<ScottK> jmedina: Why did you have to use fedora?
<a1fa> :) cd linky :P
<jmedina> ScottK is there any other easy alternative?
<ScottK> jmedina: No idea.  I'm trying to understand what it was about Fedora that made it work where Ubuntu wouldn't.
<a1fa> no need to reinvent the wheel
<ivoks> ah...
<a1fa> ivoks care, gdje si
<ivoks> i did firmware upgrade
<jmedina> well I didnt know there were ubuntu support :)
<jmedina> mm but afaik, I dont have ubuntu on that host
<jmedina> it is lenny
<heath|work> I am having difficulties getting quota to work in Jaunty with dovecot...
<Sam-I-Am> jmedina: if you're interested, i just posted the latest openldap package built with ssl
<heath|work> should dovecot log that a plug in is loaded?
<ivoks> a1fa: ?
<Gorlist> wanted a run a murmur server on my webserver - should I download it normally through apt - then create a new user just to run mumble?
<Gorlist> or is it okay to run it through my admin
<Gorlist> CentOS normally I would create a new user for it
<a1fa> ivoks : Ante, prijatelju.. za kaj si takav
<ivoks> must be a slovenian :)
<jmedina> Sam-I-Am: thanks, I will take a look
<a1fa> no
<a1fa> Tvoj susjed iz Splita
<Sam-I-Am> jmedina: most of the other stuff was also recently updated
<a1fa> how does this dell reposatory work for apt sources
<ivoks> is that firmware update for raid controller?
<a1fa> da
<a1fa> what directory does apt read the sources from on the server>
<a1fa> Ign http://linux.dell.com jaunty Release.gpg
<ivoks> good luck with that
<ivoks> http://ivoks.blogspot.com/2008/04/ubuntu-804-and-dell-poweredge-1650.html
<heath|work> when you enable a plugin in protocol imap, do you need to also enable that plugin in lda for dovecot?
<ivoks> lda is local delivery agent
<a1fa> ivoks : vec sam imao problema sa tim.. it's all fixed
<ivoks> it doesn't know what imap is
<heath|work> i just can't figure out what I am doing wrong, should the quota appear in Thunderbird?
<heath|work> It looks like everything is configured correct, but there is no maildirsize file in Maildir...
<ivoks> you enabled quota plugin?
<ivoks> plugin {
<ivoks> quota = maildir
<ivoks> }
<jeiworth> hi all, we're a small company (7 users) and my boss has asked me to install a groupware solution, so first i was looking at zimbra, which looks great but you never know what will happen to it if microsoft ever buys yahoo (well, actually we probably all know what will happen ;)) so i am not so sure i want to use it, next on the list are openxchange and opengroupware, does anyone here have experience with either 3 of these solutions? or other recom
<jeiworth>  worth looking into for that matter? thanks!
<ivoks> i've worked with zimbra
<heath|work> ivoks, quota = maildir:User quota
<ScottK> jeiworth: Most of Zimbra is free software.  You might also look at what proprietary bits they add on and if they aren't critical, don't worry about it.
<heath|work> jeiworth, I have used eGroupware, open-exchange(like a lot), and Zimbra
<ivoks> heath|work: which dovecot version is that?
<heath|work> 1.1.11
<heath|work> for jaunty
<jeiworth> ivoks: ok, what is your impression? especially regarding outlook, entourage and kontact compatibility? :)
<ivoks> it was used in ubuntu-only environment
<jeiworth> ScottK: yes, i think a lot of it is under the gpl, right
<ivoks> and everybody used web interface
<ScottK> jeiworth: Or various other Free licenses, yes.
<jeiworth> heath|work: open-xchange you like a lot or you have been using a lot? :)
<jmedina> I offer zimbra as a solution to get rid of outlook and any other desktop client
<heath|work> jeiworth, I like it a lot and will be using it a lot as I replace other servers
<jeiworth> ivoks: i doubt i can convince the hardcore windows users here to only use the web interface
<ivoks> heath|work: http://wiki.dovecot.org/Quota/1.1
<heath|work> ivoks, that's what I have run through to get what I have.
<ivoks> jeiworth: afaik, outlook plugin isn't free in any way
<jeiworth> heath|work: what about egroupware? the advantage would be that its in the ubuntu repos but probably an older version
<ivoks> heath|work: you said you enabled plugin in imap protocol?
<heath|work> ubuntu reps our way out dated when it comes to egroupware
<jmedina> zimbra desktop works fine, and also uses lots of resources, so the better choice is use web interface, and of course train your users :)
<jeiworth> ivoks: well, that is the problem of my boss, i dont think it would be a problem paying som bucks for a decent stable plugin
<heath|work> Although I saw eBox was integrating eGroupware into it
<ScottK> OTOH if you're using Outlook on your desktops, a non-free plugin shouldn't worry you too much
<jeiworth> jmedina: hehe yeah, but some users simply don't want to be taught ;)
<jmedina> jeiworth: well they have no choice, it is the cost of migrating...
<heath|work> ivoks, in imap I have: mail_plugins = autocreate quota
<heath|work> autocreate is working perfect
<jeiworth> ok, so open-xchange or zimbra it is...hmm...zimbra needs to be installed on a dedicated (virtual) machine iirc
<jmedina> jeiworth: most of my implementations requiere that, no deskto client
<ivoks> for zimbra, i'd suggest install it and never touch it again
<ivoks> :)
<heath|work> jeiworth, we used zimbra but it would allow read receipts and everyone was pissed
<jeiworth> jmedina: i prefer that too but you know, some people just _want_ to use their outlook no matter what. :-/
<heath|work> they may have fixed that by now though
<jeiworth> heath|work: can't that be deactivated globally?
<jmedina> jeiworth: jejejee, then they will loose all great features of web interface
<jmedina> :)
<ivoks> take care, gtg
<jeiworth> jmedina: they are mostly sales-ppl, what do they know about great features? ;o)
<jmedina> jeiworth: that what training is about :)
<jeiworth> <ivoks> for zimbra, i'd suggest install it and never touch it again <-- :D
<jmedina> you can really improve your user colaboration with zimbra
<jmedina> when it works....
<jmedina> jo jo jo
<jeiworth> lol
<jeiworth> ok, i think before i screw up my server i'll install zimbra and open-xchange in 2 vmachines and see how fast i get confused :)
<jeiworth> thanks @ll!
<jmedina> jeiworth: dont forget to read official documentation
<jmedina> zimbra has a big user community with good articles in wikis and forums support
<jmedina> most problemas I had  were already solved in a forum thread
<jmedina> openxchange, jeo jo jo, their outlook plugin never work
<a1fa> so Raid 10
<a1fa> on 2650 Dell is not really Raid 10
<a1fa> fick
<jeiworth> <jmedina> jeiworth: dont forget to read official documentation <-- i _always_ read the friendly manual ;)
<a1fa> ....lawl
<a1fa> i had to hack dell's update script
<a1fa> it sucks nutts
<jason__> hey all, i think my server's PSU just crapped out--the computer is completely dead (I even tried jumping the PSU to no avail).  The problem is the server's hard drive...
<a1fa> ?
<jason__> when i try to connect it to a different computer, that computer becomes as dead as my server
<a1fa> ok
<a1fa> ok
<a1fa> so your hd is fried too
<a1fa> how are you going to fix it
<jason__> is that normal? a dead HD preventing a computer even attempting to boot up?
<a1fa> scsi? sata? pata? ide?
<jason__> sata
<a1fa> ok.. so unplug the sata port
<a1fa> and leave the power hooked to it
<a1fa> turn on server
<a1fa> if it powers on then hook SATA port, and unhook power
<a1fa> try again
<jason__> a1fa: server is dead
<jason__> a1fa: won't power on with or without sata drive power / sata chords plugged in
<jason__> brb, i'll try what you said with a different box
<a1fa> yes please
<a1fa> anybody have a pre-build iso for dell firmware upgrade?
<jason__> a1fa: okay, so with the power alone it won't turn on
<jason__> with sata connection only, it turns on
<jason__> with both, nothing obviously
<a1fa> ok
<a1fa> your hard-drive is messed up
<a1fa> its creating some kind of short
<a1fa> i bet your server's power supply is just the safety switch
<ribo> hey, I'm trying to sell my CTO on using ubuntu-server over RHEL; anyone know of a good list of big names using ubuntu-server?
<a1fa> or blown fuse
<a1fa> CTO?
<a1fa> ;P
<a1fa> kick him in the shin
<a1fa> get him drunk
<ribo> haha
<Hecate> chief technical officer (iirc)
<a1fa> drag his ass out in middle of nowhere
<a1fa> and let him walk back
<Hecate> in the meantime: install ubuntu
<Hecate> ;)
<a1fa> even Red Hat is using ubuntu
<a1fa> to develop RHEL
<a1fa> :P
<ribo> haha
<a1fa> i rest my case
<jason__> a1fa: where's the safety switch on most PSUs?
<a1fa> back
<a1fa> or fuse is inside
<a1fa> check your house fuse
<jason__> hrm
<a1fa> what server?
<divan> Hi all - quick question has any one tried unattended upgrades (autoupdates) on ubuntu-server
<jason__> a piece of shit p4 i had lying around
<a1fa> there you go
<jason__> the PSU was making a crazy high pitched sound all day yesterday
<divan> i've tried it on 8.04.2 and 9.04. I often see updates available but they only seem to get applied if I manually do an apt-get update and then wait one night. Surely theres a setting to apply it quicker
<a1fa> ok
<a1fa> are you sure its not the hard-drive
<a1fa> that was making noise?
<jason__> yeah, i'm sure
<a1fa> divan : apt-get dist-ugprade
<jason__> i turned it off and back on again
<a1fa> jason__ : its trashed
<a1fa> it might have friend your hard-drive
<jason__> the HD?
<a1fa> fried*
<a1fa> yeah
<a1fa> both
<a1fa> PSU nd HD
<jason__> yeah, that's what i'm thinking...
<a1fa> shit happens
<jason__> damn
<a1fa> hopefully I know you have backups
<a1fa> :)
<jason__> i have backups that aren't nearly as recent as i'd like
<jason__> never got around to setting up a raid array
<jason__> oh well
<a1fa> :P
<a1fa> suck-ah!
<a1fa> hehe
<a1fa> i am dealing with crap myself
<jason__> at least i wasn't paying $10 / month to share a computer with 200 people ;P
<a1fa> Dell 26500 raid10 is not really
<a1fa> raid10
<divan> alfa: I know I can apt-get update && apt-get dist-upgrade -y however thats not the point - the point is unattended - the ubuntu recommended way as per documentation doesn't work very well.
<a1fa> divan
<a1fa> ask for your money back and help fix the documentation
<a1fa> why the hell do you do unattended upgrades
<a1fa> anyway
<a1fa> you are just asking for trouble
<divan> alfa: Its not ask for trouble its a good security thing to do, it emails you the results anyway. In some scenarios it good practice. I understand I can contribute to the documentation - thats for pointing out the obvious
<a1fa> :)
<a1fa> thanks for making ubuntu better, divan!
<divan> My question was because this being the ubuntu-server channel you would think someone tried the ubuntu server suggested documentaion practice and has some feedback regarding it.
<a1fa> good point
<rsr> hi
<a1fa> ih
<rsr> I have an ubuntu server running squid and apache. I installed ebox and sarg. Ebox is working fine but when I try to access the squid-reports from the lan I get a network timeout error. Although... if I use links to access it from the server I can do it with no problem. Maybe its an apache problem or something else?
<a1fa> no
<a1fa> it probably has access list set to 127.0.0.1
<a1fa> or something along those lines
<rsr> how would I resolve this issue? where can I disable that?
<rsr> in apacheÂ´s site configuration?
<rsr> I do think youre at least partially right since after every apache reload I get this message: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
<heath|work> rsr, edit your host file
<rsr> heath|work: I saw in /etc/hosts that there was an entry 127.0.1.1 myubuntu... so I changed it to 192.168.0.252
<heath|work> 192.168.0.252 myubuntu.domain.tld myubuntu
<rsr> heath|work: I just want to access through the ip... so I dont need a domain name
<heath|work> rsr, apache needs the fqdn no matter how you are accessing it
<heath|work> hostname -f    should be the fqdn of the server.
<rsr> hostname -f returned myubuntu
<rsr> heath|work: I guess that isnt my problem....Im getting a network timeout
<heath|work> Lots of network issues can be caused by host name problems
<rsr> heath|work: but the other site on the same server works fine
<rsr> heath|work: it is https though
<heath|work> You will have problems with your cert for https if you redo your host name, but I do think you should give the machine a fqdn.
<heath|work> For all local stuff I use name.something.local
<a1fa> can anyone send me a link to vmwave patch
<a1fa> http://ubuntuforums.org/attachment.php?attachmentid=94477&d=1227872015
<a1fa> can anyone pastebin this patch please
<a1fa> i dont have login on the forums
<a1fa> hello
<a1fa> can anyone get that patch please and post it on pastebin
<ScottK> So instead of you taking a moment to create a login to the forums you expect someone else to go find this patch and hand it to you?
<akoimeexx> Anyone know of a good channel to get ircd-hybrid support on ubuntu server?
<a1fa> lol
<akoimeexx> (I get the irony of asking for irc server support on freenode. I get that. Need it for an internal network though)
<akoimeexx> Anyone?
<andol> akoimeexx: Have you tried the channel listed at http://www.ircd-hybrid.org/support.html?
<akoimeexx> Yeah, no activity
<andol> ok
<akoimeexx> I'm just having issues with getting oper to work.
<akoimeexx> Thought I had it configured correctly in the ircd.conf file, but apparently I'm mistaken
<CppIsWeird> i just got a sun server with an LSI Logic raid controller. how do i figure out if it supports raid 5?
#ubuntu-server 2009-07-03
<uvirtbot`> New bug: #394939 in apache2 (main) "apache2.2-common (2.2.8-1ubuntu0.9) left apache2-mpm-itk with unmet dependencies in hardy" [Undecided,New] https://launchpad.net/bugs/394939
<qiyong> karmic-updates and karmic-security are not available now?
<Guest14623> hello , i am looking for some help . I have looking for days for a solution .... Please can someone have a look
<Guest14623> http://paste.ubuntu.com/207882/
<bc> Guest14623: check `route -n`
<bc> Guest14623: the IP for eth1 should have a route to the default gateway
<bc> Guest14623: if that doesn't help, check your default iptables policies, sudo iptables -L
<axisys> !iscsitarget
<ubottu> Sorry, I don't know anything about iscsitarget
<axisys> anyone setup ubuntu server as iscsitarget ?
<axisys> i want to attach a storage to it and provision luns through iscsi
<axisys> !lun
<ubottu> Sorry, I don't know anything about lun
<axisys> !iscsi
<ubottu> Sorry, I don't know anything about iscsi
<axisys> !lustre
<ubottu> Sorry, I don't know anything about lustre
<axisys> how stable is iscsitarget on linux?
<jmarsden> axisys: DOes http://www.aspdeveloper.net/tiki-index.php?page=LinuxiSCSITargetOnUbuntu help get you started?
<axisys> jmarsden: thanks .. i found it too.. but looking for personal experiences
<axisys> jmarsden: i need to decide if I should use ubuntu or solaris for the iscsitarget server running on x2100
<axisys> i do have few x2100 servers running ubuntu .. but have not used any as iscsi target
<axisys> my goal is to attach the sun storage 6900 to the x2100 and then make iscsi luns as targets
<axisys> or i should say, make luns as iscsi targets
<jmarsden> OK.  I don't have the personal experience you need -- if you have several servers available to you, can you test one using Ubuntu and one using Solaris, and write up your results for the benefit of others, maybe?
<axisys> sure!
<scott_nwoktech> will the packages such as heartbeat 2.99 and RHCS in the server ppa work ok on jaunty? I assume there might be some issues with ais, pacemaker, etc but the others are pretty standard?
<Gorlist> good morning. Plesk was complaining due to file system not supporting user quota, for limiting hosting accounts. I added usrquota to my fstab for the parition and reboot - still no improvement?
<mattt> Gorlist: see anything when you do "mount | grep quot"?
<Gorlist> /dev/sda3 on / type ext3 (rw,usrquota)
<Gorlist> was reading a debian document, and they suggest running "quotacheck -F vfsv0 -c -a -v -m"
<Gorlist> then quotaon -a
<mattt> Gorlist: haven't touched quotas in a while, sorry :(
<Gorlist> no problems
<Gorlist> its not that important at the moment
<mattt> Gorlist: http://adjei.co.uk/lamp/plesk-hard-disk-quotas/ / http://koninkx.net/index.php/howto/4-plesk/6-enable-quota-on-plesk-debian seem to indicate you need to run quotacheck/quotaon also tho
<Gorlist> thanks, will go through it
<mattt> Gorlist: what are you using plesk for!  :)
<Gorlist> mattt, because i like it :)
<Gorlist> mattt, and its easy to manage in general :)
<mattt> eww
 * mattt has nightmares about websrvmng, mchk, etc. :)
<Gorlist> :) like everything it comes down to personnel taste. Rule of thumb is just work a few revisions behind what plesk releases
<Gorlist> as they beta test of the webadmins it seems
<Gorlist> so what do you use
<mattt> Gorlist: hey, this is better: http://kb.parallels.com/en/768
<Gorlist> thanks, hmm just installed quota which is doing its check now
<mattt> Gorlist: i worked for a hosting company that used plesk a lot, so i have quite a bit of experience w/ it ... it's not a bad product
<Gorlist> no, I can understand the complaints, but also know it does make life easier in the most part. Problem is the critics like everything always tend to have bigger mouth :)
<mattt> :)
 * mattt is afk
<Gorlist> mattt, that worked great. Had to install apt-get install quota first.
<Gorlist> (did that after the fstab) so it automatically checked. Then reboot for plesk
<Gorlist> ta
<pat_> hi all any recommendations on a asset tracking software ??? opensource only considered
<pat_> ??
<uvirtbot`> New bug: #395062 in samba (main) "samba nmbd uses the wrong ip adress to send user unkown" [Undecided,New] https://launchpad.net/bugs/395062
<keglevich> Does someone maybe know how can I disable that "update notifier" on Ubuntu Server 9.04 which is shown each time I login to ubuntu server via SSH? There is always a message shown like: "15 updates available, 9 are security updates" Is it possible to completelz disable these update messages in console?!
<Gorlist> im not sure to be honest, why not run the update?
<keglevich> it's a dedicated server for only few simple services...i don't want any packages to change in the next few years if not really necessary
<keglevich> as it is...it's running perfect
<keglevich> therefore i would like to disable those update notifiers
<keglevich> i found a lot of howto's to do this in desktop version...but can't find any for server version
<Gorlist> hmm
<Gorlist> suprized you've not gone with 8.04 LTS
<Gorlist> if you want it remain the same
<keglevich> the only problem with 8.04lts is outdated PHP version i need for my app
<keglevich> it should be at least 5.2.6
<keglevich> otherwise i would use it
<keglevich> and yes...8.04lts have really outdated VI/VIM versions...really hard to edit some scripts as they're not shown in colors as with those new versions
<keglevich> 9.04 works just fine...except those annoying update notifications
<e-jat> after trying https://help.ubuntu.com/community/OpenVPN
<e-jat> i fail to start my openvpn ..
<e-jat> can someone help me?
<uvirtbot`> New bug: #395105 in samba (main) "Could not install 'smbclient'" [Undecided,New] https://launchpad.net/bugs/395105
<maxaga> when i install kernel modules, should i do it from /tmp ?
<maxaga> or does the system still needs the directory where drivers were compiled ?
<patfrat> hello
<patfrat> i'm a french webmaster, using Ubuntu on 2 servers and my laptop in an enterprise
<patfrat> i need your help
<patfrat> i want to open a port : 5001 on an ubuntu server 8.04
<patfrat> it is closed when i test it with nmap
<patfrat> i have open it via ufw but nothing happened
<patfrat> can anyone help me ?
<patfrat> i used iptables, ufw .... nothing seems to open the port 5001
<patfrat> does anyone know how to open a port (5001) ? iptables, ufw doen't work for me, it still closed, closed, closed
<ivoks> ports are open by default on ubuntu
<ivoks> make that 'by default, there are no firewall rules'
<patfrat> not on ubuntu server
<patfrat> nmap localhost -p5001 > 5001/tcp closed commplex-link
<pmatulis> patfrat: there are no default f/w rules on the server
<patfrat> why iptables and ufw show me that 5001 port is open and nmap not
<pmatulis> patfrat: '$ sudo lsof -i4tcp:5001' ?
<patfrat> nothing
<pmatulis> there you go
<pmatulis> nobody is listening on port 5001
<patfrat> but on my laptop, my dev environnment, i have juggernaut listening
<patfrat> juggernaut 3612 root    6u  IPv4   7688       TCP *:5001 (LISTEN)
<patfrat> so, juggernaut is not active on my server
<patfrat> ?
<pmatulis> yeah so?  you're talking about the server
<patfrat> yes
<pmatulis> listening on 5001: laptop yes, server no
<patfrat> my laptop embed a server too, i test my work before submit it to the server
<ivoks> ?
<patfrat> but on the server, juggernaut is launched
<ivoks> did you start juggernaut on server?
<patfrat> yes but i will restart it
<ivoks> maybe it's configured to listen on different port
<ivoks> or different ip
<patfrat> on 127.0.0.1
<patfrat> but something is wrong ...
<ivoks> sudo netstat -natp | grep jugger
<patfrat> i will try another config
<patfrat> nothing
<ivoks> then it isn't running
<patfrat> ok
<ivoks> or, it's not listening on any port
<patfrat> i have 2 interfaces eth0 and eth1 with 2 ips
<patfrat> perhaps i have to set those ips to my juggernaut configuration
<patfrat> ?
<patfrat> i try it
<patfrat> yes that's it
<patfrat> bad config
<patfrat> 5001/tcp open  commplex-link
<patfrat> :D
<patfrat> thank you
<patfrat> i love ubuntu community :D
<uvirtbot`> New bug: #395096 in openssh (main) "scp fails when two remote files are copied to local directory" [Undecided,New] https://launchpad.net/bugs/395096
<luxos> buenas
<luxos> hola
<luxos> necesito ayuda
<luxos> alguien me puede ayudar
<luxos> help me
<uvirtbot`> New bug: #395042 in nagios3 (main) "Warning while setup of nagios3-common (dup-of: 355800)" [Undecided,New] https://launchpad.net/bugs/395042
<DormantOden> Hey can anyone tell me how i can stop my gui from loading automaticly? Its starting to bug me.
<uvirtbot`> New bug: #385475 in likewise-open5 (universe) "[Karmic] Likewise-Open 5 fails to authenticate users" [High,New] https://launchpad.net/bugs/385475
<Tom_Ass> DormantOden, I don't know, but maybe this can be of some help: https://help.ubuntu.com/community/UbuntuBootupHowto
<DormantOden> cheers Tom_Ass
<Tom_Ass> =)
<uvirtbot`> New bug: #395241 in mysql-dfsg-5.0 (main) "package mysql-server-core-5.0 (not installed) failed to install/upgrade: trying to overwrite `/usr/sbin/mysqld', which is also in package mysql-server-core-5.1" [Undecided,New] https://launchpad.net/bugs/395241
<ewanchic> Hello. I'm trying to setup netbooting using a DHCP3-server, TFTP, and apache. I'm sure everything is working...no errors, but, my workstation won't boot to the PXE file ("prelinux.0"). Can anybody help me?
<maxb> uh, shouldn't that be pxelinux.0 ?
<ewanchic> Just emphasising. I was at #Ubuntu...then I took a guess that there is an ubuntu-server. Glad I hit the jackpot ;)
<ewanchic> anyway, where can I start?
<ewanchic> oh wait a minute....I really need glasses...I'll double check that, brb
<ewanchic> maxb: Hahaha, It's always the spell errors. Well you we're right, and I was hoping that would fix it right there, but no go.
<ewanchic> Hello. I'm trying to setup netbooting using a DHCP3-server, TFTP, and apache. I'm sure everything is working...no errors, but, my workstation won't boot to the PXE file ("pxelinux.0"). Can anybody help me?
<axisys> how do I measure power usage by a server ?
<ewanchic> usraxisys: Get a Kill-a-watt: http://www.thinkgeek.com/gadgets/travelpower/7657/
<ewanchic> axisys: or a http://www.thinkgeek.com/gadgets/travelpower/7acf/
<axisys> ewanchic: thanks
<jeeves> how can I narrow down why I can't connect to my server via SMTP?
<Hasbro> Can you connect via ssh?
<Hasbro> Can you ping your server?
<Hasbro> ...
#ubuntu-server 2009-07-04
<Skaag_> is it possible to convert an ext3 fs to lvm?
<pmatulis> Skaag_: no
<Skaag_> actually I found an interesting doc about this
<pmatulis> really?
<Skaag_> http://tldp.org/HOWTO/LVM-HOWTO/upgraderoottolvm.html
<Skaag_> I've been looking in the wrong places earlier
<Skaag_> This article says you need at least 50% free space on the device, or an external drive
<pmatulis> this is a test system i presume?
<Skaag> well, the plan is to do it on a production machine, but I will definitely first learn to do this on a separate system
<pmatulis> i'm curious about it.  let me know how it turns out
<Skaag_> will do
<zende> I'm having problems with apt-get on a clean installation of ubuntu using vmbuilder
<zende> anyone here who could help?
<pmatulis> zende: ask and see
<zende> I get "E: Method http has died unexpectedly!" for "apt-get install" of any package
<zende> my connection is fine.  I installed git and curl using the configs of vmbuilder, and I can connect to the Internet without problem
<pmatulis> zende: pastebin the entire output of that install command; also pastebin your sources.list file
<zende> milo@staging0:~$ sudo apt-get install strace
<zende> Reading package lists... Done
<zende> Building dependency tree
<zende> Reading state information... Done
<zende> The following NEW packages will be installed:
<zende>   strace
<zende> 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
<zende> Need to get 162kB of archives.
<zende> After this operation, 340kB of additional disk space will be used.
<zende> Get:1 http://archive.ubuntu.com jaunty/main strace 4.5.17+cvs080723-2ubuntu1 [162kB]
<zende> E: Method http has died unexpectedly!
<pmatulis> no
<zende> milo@staging0:~$ cat /etc/apt/sources.list
<zende> deb http://archive.ubuntu.com/ubuntu jaunty main restricted universe
<zende> deb http://archive.ubuntu.com/ubuntu jaunty-updates main restricted universe
<zende> deb http://security.ubuntu.com/ubuntu jaunty-security main restricted universe
<zende> oops
<pmatulis> pastebin means go to pastebin.ca (say) and paste your stuff there.  then give us the url's to those pages
<pmatulis> (never paste in more than a couple of lines in the irc channel)
<zende> pmatulis: http://pastebin.com/maa6f788
<zende> understood, mistake
<pmatulis> zende: try '$ sudo apt-get update', do you get an error also?
<zende> pmatulis: no errors there, but I get the same error if I change the servers in the source list
<pmatulis> zende: do you have anything under /etc/apt/sources.list.d ?
<zende> pmatulis: nope, empty
<pmatulis> zende: are you using a web proxy of any kind?
<zende> pmatulis: nope
<pmatulis> zende: i think you've hit a bug then
<pmatulis> for instance, see bug 385144
<uvirtbot`> Launchpad bug 385144 in apt "apt-get dies with "E: Method http has died unexpectedly!"" [Medium,Fix committed] https://launchpad.net/bugs/385144
<pmatulis> zende: this is a very recent fix
<pmatulis> zende: it might be related to what you're seeing, might not.  but there is a PPA available for testing
<zende> pmatulis: I can't update the source list, so I'll see if I can set the PPA with vmbuilder and have it grab the fix when installing
<zende> pmatulis: is there any way I can apply the fix on the existing install?
<pmatulis> zende: the ppa is for karmic i just saw
<zende> pmatulis: why would I have the same problem across multiple suites (jaunty and hardy) and for the flavour virtual?
<pmatulis> zende: you also see this in hardy?
<zende> pmatulis: yes
<pmatulis> zende: can you pastebin the vmbuilder command you used to build the vm?
<zende> pmatulis: I would prefer to install hardy-virtual.  I only tried jaunty to see if it would fix it
<zende> pmatulis: sure
<zende> pmatulis: http://pastie.org/533806
<jamesrfla> My boss just got a domain from 1&1 and he is on a dynamic ip address and I see in the 1&1 control pannel where to put the ip address. Is there some kind of client I could use to update the DNS? We can't get a static ip.
<pmatulis> zende: sorry, i'm stumped
<pmatulis> zende: you may want to talk about it in #ubuntu-virt
<zende> pmatulis: I don't feel so bad then.  I tried and no one responded.  not exactly the best time of day/week
<pmatulis> jamesrfla: try ipcheck
<zende> pmatulis: thanks for the help though. I'll stay on it
<pmatulis> zende: np, and let me know if you figure it out
<zende> pmatulis: sure thing, have a good 4th
<jamesrfla> pmatulis: looking into it thanks
<jamesrfla> pmatulis: I don't have dyndns but this will still work?
<pmatulis> jamesrfla: should, but please read the 1&1 site (info on compatible clients)
<jamesrfla> okay will do. I never set up a real domain before so I am new to this
<jeeves> how can I find out why my postfix isn't accepting incomming SMTP connections?
<qman__> jeeves: check the mail logs, /var/log/mail.*
<mobi-sheep> How do one list and remove signed keys in command line?  (Got no GUI).
<rags> when using aptitude to install any package I get lots of "insserv" warnings and the installation fails...It starts with "Setting up ufw (0.23.3) ..." and then I get the warnings...any one seen something like this?
<jmarsden> mobi-sheep: GPG keys?  man gpg and see the --list-sigs and --delete-key options in particular.
<jmarsden> mobi-sheep: For keys used by apt, man apt-key
<mobi-sheep> jmarsden: Thanks.  I couldn't find it online anywhere so I figured to look at apt-key --help since there are too many on adding keys. ;)
<jeeves> qman__, you still here?
<domas> hi! what is the easiest way to build 32-bit jail with 32-bit ubuntu environment on 64-bit ubuntu server?
<domas> found it
<domas> works perfectly :)
<Skaag_> what's the equivalent of /etc/inittab in jaunty?
<Skaag_> ok I think I found it in /etc/event.d
<sandstrom> How can I reset all configuration for ufw?
<sandstrom> eg. the before/after rules in /etc/ufw
<sandstrom> and any other settings-files related to the ufw firewall
<Nafallo> sandstrom: purge the package, remove the left-overs (if any) and re-install it?
<sandstrom> how would I purge it?
<Nafallo> the same way you purge any package.
<sandstrom> I'm sorry, but I don't know how. Would you mind telling me?
<Nafallo> apt-get remove --purge ufw would be one way.
<UserPa> Hello
<UserPa> what do I do, I think my server is under some ddos attack?!
<dinger2006> dones anyone here use vtiger?
<OregonJim> Good day. I need help with Samba on an eBOX Ubuntu 9.04 server. It keeps reloading periodically and I don't know what to look at
<OregonJim> to find the problem. Any help?
<OregonJim> Pardon the question, but is anyone here listening?
<OregonJim> Please?
<DormantOden> hey, anyone able to help me get a vncserver to run at startup?
<DormantOden> Its taken me a whole day to get my gui to stop. xD
<uvirtbot`> New bug: #395578 in open-iscsi (main) "package open-iscsi 2.0.870.1-0ubuntu3 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/395578
<martin-> does jeos 8.04 have LTS too?
<martin-> I'm guessing it uses the same repositories as regular ubuntu server
<pmatulis> martin-: yes, it does
<stas> Hi, I have an issue with nginx if you can help me please
<stas> I put ssl on in my config
<stas> and after restarting nginx I get this error:
<stas> SSL_CTX_set_tlsext_servername_callback() failed (SSL:)
#ubuntu-server 2009-07-05
<jeeves> afternoon all
<jeeves> what is the simplest way of rsyncing ONLY the changes to a webserver's directories to a remote host?
<balloooza> how do I set up apache to redirect somthing that comes onto a domain (witch is set up to redirect to somthing out of my www folder to a differen folder: mysite.com > /var/website/ mysite.com/desktop > /var/eyeos/ (hypotheticaly, you do not need to click the links:) )
<balloooza> macd: do you know about apache (you might still be looking at this page)
<pwnguin> is there a standard system of deploying websites via debian packages?
<pwnguin> munin just installed to /var/www, but i see a sites-available, sites-enabled setup
<qman__> sites-enabled and sites-available are for the site configuration files
<qman__> you can set them up individually in sites-available and enable them with a2ensite
<qman__> you define where the site's actual files are in that configuration file
<qman__> a simpler classic configuration will also work, but I rather like the way it's set up in ubuntu
<pwnguin> i was just wondering if there's a policy suggesting where to put files
<pwnguin> that might be a bit more flexible than subdirs of /var/www
<qman__> that's what I usually do
<qman__> not sure if there's a standard
<pwnguin>  i see some draft debian policies
<ntshan> hi
<ntshan> anyone have experience running hudson on ubuntu server?
<ntshan> I have a small nettop machine that I installed ubuntu server on
<ntshan> and set up subversion
<ntshan> mkay
<dthacker> what is hudson?
<ntshan> it's a continuous integration server
<ntshan> when you check in changes to source code on your project, it runs the build
<dthacker> my googling has found other people using it, but I've no experience with it.
<dthacker> If you have a specific question, ask it here or in the forums.
<ntshan> cool...I was just wondering if there are any ubunty specific issues others have had
<ntshan> *ubuntu
<dthacker> http://www.sonatype.com/people/2009/02/the-hudson-build-farm-experience-volume-ii/    looks interesting
<ntshan> nice
<ntshan> I plan on using ant instead of maven as a build system though
<ntshan> mostly because my company uses it and I'm trying to test everything at home before pitching it to the company
<pwnguin> qman__: http://webapps-common.alioth.debian.org/draft/html/ch-issues.html
<chris_d_adams> hi guys - I'm running a server that I want to update to using ubuntu intrepid, instead of gutsy
<chris_d_adams> why might aptitude update error on me like this?
<chris_d_adams> http://gist.github.com/140877
<mattt> chris_d_adams: hmm
<mattt> chris_d_adams: have feisty/gutsy been EOLd?
<chris_d_adams> mattt: ah, after a bit more googling, i think that might be it
<chris_d_adams> this person had a similar problem
<chris_d_adams> http://forum.linuxmce.org/index.php?topic=8107.0
<chris_d_adams> sorry to sound dense
<chris_d_adams> but is it really just a case of changing all instances of http://gb.archive.ubuntu.com/ubuntu
<chris_d_adams> to http://old-releases.ubuntu.com/ubuntu instead?
<mattt> i don't think so
<mattt> i think the idea of old-releases is to allow you to install packages when still running an EOL'd version
<mattt> for you, you wish to upgrade ... right?
<mobi-sheep> Just curious -- In "sudo tasksel" -- There are Basic Ubuntu Server.  What does that do?
<chris_d_adams> mattt: yeah -  i have a couple of boxes running intrpeid
<chris_d_adams> and I totally forgot this one was running gutsy
<mattt> chris_d_adams: i'm not sure what the upgrade path is, if you can go straight from gutsy to intrepid ... i guess that's what you should be looking at
<mattt> chris_d_adams: perhaps you want to get rid of the references to feisty in your sources.list, and then replace the references to gusty w/ intrepid ... but if it's a live server please research first, as i have no experience doing that :)
<chris_d_adams> mattt: duly noted, thanks :)
<mobi-sheep> chris_d_adams: I think I heard this before.  You switch to the old-releases to ensure that all packages are fully updated/upgraded before you upgrade over to the next version.  I heard it many times on #ubuntu
<mattt> mobi-sheep: would make sense :)
<chris_d_adams> ah, this looks like it
<chris_d_adams> https://help.ubuntu.com/community/EOLUpgrades
<mobi-sheep> What is Basic Ubuntu Server?  Should I toggle it on?  I only want to run XBMCbuntu.
<mobi-sheep> And other servers such as print server.  Basic Ubuntu Server is too generic.
<mattt> chris_d_adams: awesome, i love step-by-step instructions :)
<chris_d_adams> indeed
<chris_d_adams> thanks for the help btw
<mattt> chris_d_adams: np, good luck!
<uvirtbot`> New bug: #394385 in php5 (main) "[karmic] php packages need update to 5.3" [Wishlist,New] https://launchpad.net/bugs/394385
<CoMp4c7> Does anybody knows why apache suexec is compiled to execute scripts in /var/www and not in /home?
<joshhunt> Hey guys
<joshhunt> i am trying to install the latest nightly of transmission through apt
<joshhunt> I have the correct repo, but apt-get wont get transmission-common from that repo. Instead, it gets it from the default ubuntu repo
<joshhunt> Is it possible to 'reorder' the priority of the repos?
<Anirban1987>  http://117.194.228.242/vhosts/ehcp/sysinfo/index.php?disp=dynamic  Is dedicated RAM of 256 mb enough for me ?
<RoyK> Anirban1987: that depends what you're going to do
<RoyK> Anirban1987: what sort of load?
<Anirban1987> http://img17.imageshack.us/img17/5854/serveryab.jpg . This is a screen shot of my home server. Now I want to shift to a VPS with the same set of apps installed. How much dedicated RAM should I get ?
<RoyK> what is the load?
<RoyK> is it a webserver?
<RoyK> a file server?
<RoyK> video streaming?
<RoyK> database?
<Anirban1987> RoyK : webserver... LAMP
<RoyK> 256 may suffice
<RoyK> depending on the database size
<Anirban1987> RoyK : Hav u seen the screenshot ?
<RoyK> the screen shot doesn't say much about the actual load
<RoyK> only that the system is quite idle and that it doesn't use all its memory
<RoyK> what is the price diff between the two?
<Anirban1987> RoyK : The memory is crossing 256 MB . Thats why I am asking...
<RoyK> on the console, type 'free'
<RoyK> pastebin the output
<RoyK> more memory means better caching
<RoyK> how much data is there to cache?
<Eviltechie> How do you install sun-java6-jre?
<RoyK> Eviltechie: FGFI http://ubuntuforums.org/showthread.php?t=455137
<Anirban1987> RoyK : http://pastebin.ca/1484696
<RoyK> see the buffers/cache line
<Eviltechie> E: Package sun-java6-jre has no installation candidate
<RoyK> it seems your box is only using ~130MB for processes/data
<RoyK> Eviltechie: which version?
<Eviltechie> 6
<RoyK> ubuntu version?
<Eviltechie> 9.04
<RoyK> hm. i thought it should be in there
<Eviltechie> There is one called sun-java6-jre-headless
<Anirban1987> RoyK : So can I settle for 256 MB of dedicated RAM and 0 MB of burstable RAM.
<RoyK> Anirban1987: should work - just set vm.swappiness = 100
<RoyK> Anirban1987: in /etc/sysctl.conf
<RoyK> Anirban1987: that makes the kernel swap out earlier, so that processes that aren't actually doing anything, in time, may be swapped out so that memory can be used for something useful
<RoyK> Eviltechie: from my ubuntu 8.04.2:
<RoyK> sun-java6-jre - Sun Java(TM) Runtime Environment (JRE) 6 (architecture independent files)
<Eviltechie> I'm on a vps
<Eviltechie> And the headless one is not working either
<RoyK> it shouldn't matter if you're on a vps or not
<Eviltechie> Apt-get is complaining about some language issue with pearl, and wget was missing
<RoyK> Eviltechie: which repositories are you using?
<Eviltechie> RoyK: Not sure
<RoyK> pastebin /etc/apt/sources.list
<Eviltechie> RoyK: Looks like my universe repos are commented out
<RoyK> try enabling them, apt-get update and retry installing the package
<Eviltechie> RoyK: Still no instalation candiate
<RoyK> which ones are you using now?
<Anirban1987> RoyK : There is no such entry like vm.swappiness (http://pastebin.ca/1484703) . Where shld I add it ?
<RoyK> Anirban1987: somewhere
<RoyK> just add it to the end
<RoyK> vm.swappiness = 100
<RoyK> also, these might be nice
<RoyK> kernel.panic = 60
<RoyK> kernel.panic_on_oops = 1
<RoyK> the former automatically reboots after 60 seconds in case of a kernel panic
<RoyK> the latter calls panic() in case of OOPS()
<RoyK> a kernel panic will stop the machine, so better reboot it if that happens. an OOPS _may_ stop the machine or certain services, so treating those as a panic is just as well
<Anirban1987> RoyK : If my VPS provider offers 0 MB burstable RAM , is that means that I have no swap file ?
<RoyK> the swapping is handled by the guest OS, not the host OS, so no difference there
<RoyK> that is, swapping is handled individually by both
<Anirban1987> RoyK : SO is that means that I have no swap file on the host OS ?
<RoyK> Anirban1987: are you the administrator of this system?
<RoyK> the host OS is the one running one or more VPSes
<RoyK> the VPSes are the 'guest' OSes
<Anirban1987> RoyK : Ya , I am the admin of a VPS. No access to host OS
<RoyK> then you don't have to care for the host OS
<RoyK> the guest OS should be treated like linux installed on bare iron
<RoyK> Eviltechie: are you using multiverse?
<bogeyd6> actually very look iron is used in making a computer
<bogeyd6> look = little
 * RoyK bitchslaps bogeyd6 
<Eviltechie> I don't think so http://pastebin.com/m1460ed9
<bogeyd6> bare metal would be a more accurate descriptor
<RoyK> Eviltechie: try adding it
<RoyK> bogeyd6: pedantic today, are we?
<bogeyd6> your big words anger and confuse me
<RoyK> :Ã¾
<bogeyd6> i do appluad your vast understanding of vm
<RoyK> bogeyd6: if you're here to fuck around and just that, perhaps there's a better place elsewhere?
<Anirban1987>  Do the amount of RAM eaten up depends upon the web hosting panel used ?
<RoyK> yes
<RoyK> but not a lot
<Anirban1987> RoyK : I am amazed why my home server with only LAMP and EHCP panel installed taking so much RAM !!
<RoyK> 130 megs isn't really a lot
<RoyK> Anirban1987: do a "ps axfv" to see how much memory each process is using
<RoyK> Anirban1987: the RSS column shows how much memory is really in use. DRS shows the memory the process has requested
<Anirban1987> RoyK : Check it out http://pastebin.ca/1484714
<RoyK> Anirban1987: try ps axfvwwwwww
<Anirban1987> RoyK : http://pastebin.ca/1484715
<RoyK> hm... summing up those processes makes them use 280MB or so
<RoyK> but then, I guess most of the apache processes share a lot
<RoyK> ps can't show shared (CoW) memory after forks - it just shows what the process can address, not if it's dedup'ed by the fork
<Anirban1987> RoyK : hmm... So how much dedicated and burstable RAM should I settle for ?
<RoyK> what is the price diff?
<RoyK> LAMP likes memory. even if it can run on 128MB or perhaps even less, it won't hurt to give it more
<RoyK> but again, it depends on your workload
<Anirban1987> RoyK : http://ideastack.com/vps.html Stuck btw Gold and Platinum ...
<Anirban1987> RoyK : And I must admit my budget is severely limited. Need to do as much optimization as possible
<RoyK> As long as an upgrade is possible/affordable, I'd start at silver and see if that works well
<RoyK> install sysstat and so on to monitor the system
<RoyK> if it's too slow, upgrade
<RoyK> 10GB of disk space is hilarious
<Anirban1987> RoyK : Ya, upgrade is possible . Giv me necessary web links for "sysstat" to install .
<RoyK> apt-get install sysstat
<RoyK> edit /etc/default/sysstat to enable it
<RoyK> start it with /etc/init.d/sysstat start
<RoyK> use the 'sar' command to view system activity
<RoyK> but then I'm off - catch you later
<Anirban1987>  How to use the "sar" command to view the amount of RAM consumed ?
<n0gear> how do i set up my network manually? Automatic didnt work in installation? only lo now
<n0gear> actually thats weird, but it doesnt even show eth0?!
<qman__> n0gear, use ifconfig -a
<qman__> you can configure your network in /etc/network/interfaces
<n0gear> hmmm it doesnt get ip addr from dhcp? i dont have a router and all other comps get an ip straight from ISP ... anything i could edit manaually?
<qman__> n0gear, /etc/network/interfaces is where you configure it to use DHCP or a static IP
<qman__> but, just for testing
<qman__> you can use ifconfig to set a manual ip, or you can use dhclient to try and pick up a DHCP lease
<qman__> first, use ifconfig -a to see if your interface shows up or not
<qman__> the default 'ifconfig' hides unconfigured interfaces, but -a shows all of them
<qman__> if it doesn't show up with -a, you need drivers
<n0gear> qman__: yes eth0 now shows. i put all the auto eth0 things to /interfaces
<n0gear> but for somereason it doesnt get ip from isp?
<n0gear> because i dont have router i dont think i can invent an ip address for the server??? need to get assigned from my ISP right?
<Tom_Ass> n0gear, how many IPs can you get from your ISP?
<n0gear> 5. Only 2 in use at the moment ... unless i've got 'visitors' on my WLAN. Whats the reason the autoconf didnt work on install
<DormantOden> hay, after I use useradd to create a user what default password do they have?
<Tom_Ass> DormantOden, you type in a password when you add the user, https://help.ubuntu.com/9.04/serverguide/C/user-management.html for more info
<DormantOden> lies
<Tom_Ass> DormantOden, then you can change it with "sudo passwd <user>", then you will be prompted to type a new password
<DormantOden> =P cheers
<Tom_Ass> np
<DormantOden> now i just have to remember what file I have to change bin/bash -> bin/false in =/
<DormantOden> any idea?
<Tom_Ass> and I think the recommended way to add users are in that link I gave you
<Tom_Ass> no
<Tom_Ass> idea
<Tom_Ass> =/
<DormantOden> its to stop people login in
<DormantOden> ...or getting to bash
<DormantOden> unless theres a new fangled way =P
<qman__> DormantOden, /etc/passwd
<qman__> you can also use usermod
<qman__> n0gear, you either need to configure the IP statically, or inform your ISP of the MAC address, they can't just know what box is yours ;)
<qman__> DormantOden, if you didn't set the password during creation, there is no password set
<qman__> and the user cannot log on
<DormantOden> ah, that explains why I couldnt login then :P
<DormantOden> kl, its all working nicley now
<DormantOden> =
<DormantOden> * =D
<n0gear> qman__: might i use dyndns address as a ip address?
<qman__> no, you need an IP
<qman__> DNS is just a convenience
<qman__> DNS can be used to host multiple websites on one IP, or other similar tasks, but every node needs an IP address, either on the net, routed, or NATed
<n0gear> damn, i think im screwed unless i get a NAT router
<Tom_Ass> n0gear, have you checked so you don't have any unwanted w-lan visitors using up all your IPs?
<qman__> n0gear, you can also use a linux box with iptables as a NAT router
<qman__> though that gets complicated
<n0gear> okay i disconnected wlan now. lets see if that helps
<Tom_Ass> it can be quite power consuming too
<n0gear> no luck
<Tom_Ass> :|
<qman__> in order to receive a DHCP address, the ISP has to identify you in some way, usually that means giving them your MAC addresses
<qman__> it depends on your ISP and connection type
<qman__> you should call and find out
<n0gear> yep. unfortunately customer service not open today :(
<qman__> ah
<Eviltechie> How do you setup subdomains with apache?
<qman__> by subodmains, do you mean dynamic subdomains or just a couple?
<Eviltechie> qman__:  What's the difference?
<qman__> what I mean by that is
<qman__> do you want to have it automatically create subdomains for you, or do you just want to create a few sites manually?
<Eviltechie> qman__:  Just a few
<qman__> for that, you configure your sites using a virtualhost configuration
<qman__> fortunately, ubuntu defaults to this kind of setup
<qman__> in the configuration file for the website, in /etc/apache2/sites-available
<qman__> you set each site's file like this
<qman__> <Virtualhost subdomain.domain.tld:80>
<qman__> instead of using an IP or just *
<qman__> set up multiple configurations, one for each site
<qman__> you can use the default one as a template
<qman__> then enable them with the a2ensite command
<qman__> for that to work, you need a working DNS setup, and you can't have any sites listening based on IP
<sseiersen> can I make ubuntu as a boot from lan server?
<sseiersen> to boot systems from the network?
<qman__> sseiersen, yes, look up LTSP
<sseiersen> ok
<qman__> IIRC the alternate install disc has this capability as an install feature
<Eviltechie> qman__: Like this? http://pastebin.com/m5a9f670e
<qman__> yes
<qman__> you create each of your subdomains that way, and enable them
<Eviltechie> qman__: Ok
<qman__> and if DNS works correctly, the sites will work correctly
<Eviltechie> qman__: The subdomain works, but the regular one doesn't. It mirrors the subdomain.
<qman__> did you make sure to point the two sites to different file paths?
<qman__> DocumentRoot
<Eviltechie> qman__:
<Eviltechie> 	DocumentRoot /var/home
<qman__> each site should point to a different root
<qman__> to the files for each site
<Eviltechie> qman__: They do. I was having this problem before when I tried this another way.
<qman__> hmm
<qman__> looks like there is another approach
<qman__> http://httpd.apache.org/docs/1.3/vhosts/name-based.html
<qman__> using ServerName instead of the virtualhost directive to define which site is which
<qman__> so
<qman__> in the main apache configuration, you set
<qman__> NameVirtualHost *
<qman__> then each site will contain
<qman__> <Virtualhost *>
<Eviltechie> First, how do I undo the sites avalaible thing?
<qman__> ServerName domain.tld
<qman__> oh
<qman__> a2dissite
<Eviltechie> Ok
<Eviltechie> Like that? http://pastebin.com/m3f727758
<qman__> yes
<qman__> and make sure NameVirtualHost * is used, but only once, not in each site
<Eviltechie> That did the exact same thing, mirrored the main domain off the sub domain
<qman__> preferrably in the main configuration, /etc/apache2/apache2.conf
<Eviltechie> I put this in httpd.conf, right/
<qman__> well
<qman__> preferrably the sites would be defined in individual site files
<qman__> and the NameVirtualHost * would be in the main configuration, either httpd.conf or apache2.conf
<qman__> but, if it's all in one file it'll still work
<qman__> the separation is only for organization and convenience
<Eviltechie> What is this namevirtualhost thing you speak of?
<qman__> NameVirtualHost *
<Eviltechie> Where does it go?
<qman__> literally, should be in the configuration somewhere
<qman__> but only once
<qman__> and not within a virtualhost section
<qman__> I would put it in apache2.conf
<Eviltechie> I just put it in httpd.conf
<qman__> that's fine
<qman__> apache must be restarted afterward, or at least have the configuration reloaded
<Eviltechie> Now the subdomain is mirroring off the main one
<qman__> try changing the main site to www.site.tld
<qman__> but place it first
<Eviltechie> How do I do that?
<qman__> like
<qman__> in the ServerName directive, change the name from domain.tld to www.domain.tld
<qman__> on the main site
<qman__> and leave the subdomain as sub.domain.tld
<qman__> and as long as the main site comes first in the configuration, it'll be the default
<qman__> so one who does not define www. will still get to the main site
<Eviltechie> Where is this directive?
<qman__> in the virtualhost configuration
<Eviltechie> And where is that?
<qman__> for the main site
<Eviltechie> Yeah
<qman__> inside the <Virtualhost *>
<Eviltechie> Oh
<qman__> you should have two of those, one for each site
<Eviltechie> Oh
<Eviltechie> Here is what httpd.conf looks like now http://pastebin.com/m46601263
<qman__> are all sites in /etc/apache2/sites-available/ disabled?
<Eviltechie> I don't know
<Eviltechie> I disabled the one I made
<qman__> you need to disable the default site too
<Eviltechie> But the default and default-ssl are in there
<qman__> a2dissite default
<qman__> yeah, you need to disable them both to do it that way
<qman__> if all sites are disabled, /etc/apache2/sites-enabled/ should be empty
<Eviltechie> I think it works now
<Eviltechie> Ok, all good. Thanks
<qman__> yep
<Eviltechie> Just one thing
<Eviltechie> [Sun Jul 05 18:06:13 2009] [warn] NameVirtualHost *:80 has no VirtualHosts  ... waiting [Sun Jul 05 18:06:14 2009] [warn] NameVirtualHost *:80 has no VirtualHosts
<Eviltechie> That happened when I restarted the server
<qman__> ah
<qman__> somewhere in the configuration "NameVirtualHost *:80' exists
<qman__> probably in apache2.conf
<qman__> look for it and remove it, should be all set
<Eviltechie> NameVirtualHost * <--Remove that?
<qman__> no
<qman__> you need that, but one that says *:80 should be removed
<qman__> a remnant from the default configuration
<DormantOden> anyone know how I can stop my server getting stuck on "Checking battery..." when shutting down?
<DormantOden> or even why it does?
<Eviltechie> qman__: The only instance is NameVirtualHost * in my httpd.conf
<dbz3222> hi there i'm trying to understand why the deadline schedule is in use in the 9.04 kernel vs the cfq one
<dbz3222> can someone explain why this is picked?
<qman__> Eviltechie, the error means it's in there somewhere, hang on a sec
<qman__> for FILE in `find /etc/apache2`; do echo $FILE; grep NameVirtualHost $FILE; done
<qman__> run that in a terminal, it'll help you find it
<dbz3222> qman__: what are you doing that for ?
<Eviltechie> qman__: That chucked out a bunch of files
<dbz3222> you can just run grep -R ....
<Eviltechie> qman__: It's in ports.conf
<Eviltechie> qman__: Should I just take it out?
<qman__> yes, you can comment it if you're unsure
<Eviltechie> qman__: Ok, no errors on restart
<danlii> I tried to install a dhcp server, but encountered this error message instead "dhcp3-server: Depends: dhcp3-common (= 3.1.1-5ubuntu8) but 3.1.1-6 is to be installed" - what can i do to resolve this?
<qman__> what method did you go about to install the dhcp package
<danlii> sudo apt-get install dhcp3-server
<qman__> then you need to check your repositories
<qman__> somehow you installed a newer version of dhcp3-common than is available from your current set
<qman__> so either you need to update your repositories, or you previously used incorrect ones
<danlii> Actually, I "upgraded" my system from Debian 5 just by changing the repositories and do aptitude dist-upgrade...
<ssm> ouch
<qman__> that's the problem
<qman__> you're pretty much screwed now
<qman__> you've got major version conflicts
<danlii> But removing and reinstalling dhcp3-common did the trick actually, so thank you for pointing me in the right direction. :)
<ssm> danlii: you _should_ probably backup, reinstall, and restore your data and configs
<qman__> yeah, that's likely not the only version conflict you have
<qman__> and some of them can be rather nasty
<danlii> ssm: Nah, too much trouble. I'd rather fix problems as i encounter them. ;)
<ssm> or at least, keep good backups :)
<danlii> Everything else seems to work.
<danlii> It's just my firewall, so there's not much to backup.
<ssm> danlii: good.  Now, make sure you have backups of your config and data :)
<ssm> ah
<dbz3222> so why should i be using deadline vs cfq on my server?
<Eviltechie> What's the group you add a user to make them an admin?
<Eviltechie> Is it sudo?
<pmatulis> Eviltechie: admin
<Eviltechie> pmatulis: It says that group dosen't exist.
<Eviltechie> useradd: unknown group admin
<pmatulis> Eviltechie: what was your full command?
<Eviltechie> # useradd -G admin ivan
<pmatulis> Eviltechie: try '$ sudo useradd ivan admin'
<pmatulis> adduser rather
<Eviltechie> ivan is not in the sudoers file.  This incident will be reported.
<pmatulis> Eviltechie: the user issuing the command *must* have access to root privileges
<Eviltechie> There is no admin group. I checked /etc/group
<pmatulis> then you erased it
<Eviltechie> pmatulis: The only user that has those privlidges is root
<pmatulis> Eviltechie: by default, the user created during install is a member of admin group
<Eviltechie> I'm in a vps, the only user that was created was root
<pmatulis> this is the user you should be using to have access to root privileges
<pmatulis> and what is a vps?
<Eviltechie> Virtual Private Server
<pmatulis> Eviltechie: how did you install it?
<Eviltechie> I set how much disc space, the root password, and clicked the install button. Then I waited 30 seconds, and sshed into the root account.
<pmatulis> i'm not familiar with VPS.  all i can say is that i don't think you have Ubuntu there
<Eviltechie> It's ubuntu, just not how I'm used to it.
<pmatulis> output to: '$ lsb_release -a'
<Eviltechie> No LSB modules are available. Distributor ID:	Ubuntu Description:	Ubuntu 9.04 Release:	9.04 Codename:	jaunty
<ajmitch> you could just add the admin group & add the %admin line back into /etc/sudoers
<Eviltechie> Ok, now for a silly question, where do yo type your password in evolution?
<ajmitch> no idea, I haven't used it for years :)
<pmatulis> Eviltechie: evolution is not a valid topic for this channel
<n0gearII> qman__: DUDE guess what was wrong with nor getting IP!?
<n0gearII> how do i update manually from cli?
<qman__> change your IP? ifconfig eth0 12.34.56.78 netmask 255.0.0.0
<qman__> change the IP and mask with the ones you're supposed to have
<n0gearII> qman__: ip problem is now ok! didnt realise i had 2 network cards on my comp :)
<n0gearII> but now i need to install updates manually. how do i do that?
<balloooza> hi, dose anyone here know how to get the kernel source to compile (or install I guess) the vmware server (2.0.0) on jaunty, the kernel-source-devel appears to be gone
<balloooza> helloooo
<ajmitch> then you pro0bably need linux-headers-generic or linux-headers-server, depending on which kernel you're using
<balloooza> ajmitch, thanks, I will see if it was what I needed
<ghostlines> hi all
<ghostlines> I'm telnetting to may postfix smtp server on ubuntu 9.04, and when i run the starttls command i get this error 502 5.5.1 Error: command not implemented
<ghostlines> anyone know why this may be
#ubuntu-server 2010-07-05
<billybigrigger> anyone here use nfs shares?
<giovani> billybigrigger: sure
<billybigrigger> giovani, what do you use for mount options in your fstab?
<Doonz_> hey guys im having a weird issue. I just had a power outtage that lasted longer than my UPS could handle. Anyhow the system came back up nicely but i have 2 raid arrays that arent mounted but when i try to mount the manually by running sudo mount -a it tells me that its either mounted or the mount point is busy. when i type mount it doesnt show up that its mounted and when i umount it it says its not mounted any advice?
<giovani> billybigrigger: uhm, hard,nosuid,udp off the top of my head
<giovani> billybigrigger: why do you ask?
<giovani> oh and sec=krb5i
<clusty> just finished setting up my pptp vpn server. how can I get access to smb and afp shares from outside once i connected through the vpn server?
<billybigrigger> giovani, because the wiki page for nfs looks outdated
<T3CHKOMMIE> hey guys, trying to make my own google docs thing with my own server any ideas?
<giovani> billybigrigger: outdated how?
<Doonz_> hey guys im having a weird issue. I just had a power outtage that lasted longer than my UPS could handle. Anyhow the system came back up nicely but i have 2 raid arrays that arent mounted but when i try to      debfx
<Doonz_>  mount the manually by running sudo mount -a ittells me that its either mounted or the mount point is busy. when i type mount it doesnt show up that its mounted and when i umount it itn says its not mounted      deegee any advice?
<giovani> T3CHKOMMIE: I think a few of the general colaboration suites share some of Google Doc's features
<giovani> i.e. Zimbra
<giovani> not that I've used them
<T3CHKOMMIE> giovani, thanks!
<giovani> but search "open source collaboration"
<giovani> fengoffice.com too
<T3CHKOMMIE> giovani, you know of anything kinda free? like does oppen office suport any web/cloud stuff?
<giovani> Zimbra is free
<giovani> as is fengoffice
<T3CHKOMMIE> hm,
<giovani> openoffice is just a desktop application
<T3CHKOMMIE> got it.
<giovani> so no web/"cloud" stuff
<T3CHKOMMIE> doesnt look like zimbra is in the repos.
<T3CHKOMMIE> im a bit worried about having zimbra crash my dovecot email server :S
<T3CHKOMMIE> thanks for the headstart giovani, gota jam!
<X-warrior> hello! I'm thinking to put some virtual machines in my server. But I was thinking, how it works to install a new OS in a Virtual HardDisk if i'm at console?
<clusty> X-warrior: you can create HDDs from CLI
<clusty> and enable VNC in the VM
<clusty> mount the iso image form cLI again
<clusty> fire up the VM
<clusty> and connection from a PC to the VNC
<clusty> that is how i am doing it with virtual Box
<X-warrior> clusty, so I need to create the virtualmachine in my desktop (for an example) and them configure a remote access system... shutdown it put in ubuntu server and start running. Right?
<clusty> X-warrior: look at VBoxHeadless
<clusty> VBoxManage
<clusty> ...
<clusty> read the doc
<clusty> it's nicely written
<X-warrior> clusty, ok, thanks I will take a look!
<X-warrior> clusty,  that is nice! i didn`t know it! thanks alot!
<clusty> X-warrior: i have done the whole shabam only a few times myself
<clusty> i prefer usually to config the VM graphically
<clusty> and upload tot he server
<clusty> X-warrior: just beware that the FOSS Vbox does not support VNC
<clusty> you want the PUEL version
<clusty> you gotta add another repo from oracle (ex Sun) :D
<X-warrior> clusty, I don`t have sure if I understand. Are u saying that the normal repo version don`t support this feature? So I need to add another repo from oracle?
<clusty> yes. last time i chacked (about 1 year ago) the ose version did not support
<clusty> http://www.virtualbox.org/wiki/Linux_Downloads
<clusty> pick the linux version you are running
<X-warrior> clusty,  yes i'm already at this page
<X-warrior> ;)
<clusty> the PUEL is free only for personal use
<Smooch> Hi
<Smooch> mm
<Smooch> Talk?
<cjs> I have  a virtual server that, due to some network misconfiguration, gives me a bunch of messages on boot such as "init: network-interface (eth2) pre-start process (491) terminated with status 1" and then just a blinking cursor: I can't seem to get a shell or login or anything else prompt. How can I recover from this?
<Smooch> !network
<ubottu> Wireless documentation, including how-to guides and troubleshooting information, can be found at https://help.ubuntu.com/community/WifiDocs
<Smooch> Hmm
<Smooch> Ok sorry
<Smooch> Have you tried restarting network?
<cjs> What, on the working host, or on the broken VM?
<cjs> Perhaps I wasn't clear: I have a VM that will no longer boot, and I can't figure out how to recover it. (This is a 10.04 minimal VM install.)
<Smooch> Is it openvz?
<cjs> Holding down shift or pressing ESC doesn't bring up a grub boot menu.
<Smooch> openVZ? or Xen?
<Smooch> VirtualBox even?
<cjs> It's standard ubuntu KVM.
<Smooch> Oh, sorry i have no experience with KVM
<Smooch> Do you have access to the node?
<Jordan_U> cjs: What happens when you try to boot? Have you tried booting with Super GRUB2 Disk?
<Smooch> cfs: Is this a node or just a computer/server running ubuntu and kvm?, do you have root access to the host?
<cjs> I boot the node, it gives me: "fsck from util-linjux-ng 2.17.2", "/dev/sda1: clean ..." and then messages similar to the one I posted above. Then a blinking cursor on the next empty line. The only keypress that seems to do anything is ESC, which repeats all that from the "fsck from ..." part.
<cjs> Yes, I've got full access to everything.
<Smooch> Ok well
<Smooch> I don't know much about KVM but, if you can some how mount the image?
<Smooch> That way you can edit the vms files
<cjs> Hm. I suppose I could try that. It seems a bit...frustrating that a linux boot could get into a state where the kernel loads and userland starts, but you can't recover the system.
<Smooch> Well if you can get into the vms files
<cjs> "VMS files"?
<Smooch> The vm itself, from the host
<Smooch> You can backup some files too
<cjs> Ah, you  mean the filesystem the virtual machine is booting from. Yes.
<Smooch> Yes
<Smooch> Like i said, don't know much about KVM
<Smooch> But if you have access to the file system :)
<cjs> Well, this doesn't really appear to be a KVM problem; it appears to be an Ubuntu server userland problem.
<Smooch> More than likely yes
<Smooch> fsck from util-linjux-member:ng 2.17.2, isn't that the boot image?
<cjs> As in, "WTF won't it go single user if something is wrong, rather than effectively wedging?"
<cjs> I would presume that the startup scripts run fsck fairly early on.
<Smooch> mhm
<Smooch> probably
<Smooch> Sorry, i can't personally help you
<Smooch> Someone else might be able to :)
<Smooch> and remove personally from that message
<Smooch> :)
<Smooch> well what i mean is
<Smooch> i don't know how to fix this certain problem
<cjs> Ha, looks like it's a udev/rules.d/70-persistent-net.rules that's on crack.
<Smooch> ah
<cjs> Nope, that didn't fix it. *Sigh*.
<Smooch> Hi kokozedman :)
<Smooch> Lol
<Smooch> What was your question?
<kokozedman> heheh
<kokozedman> the NTP does not seem to work: all servers have their own time
<kokozedman> which is causing a lot of problems
<kokozedman> i thought Ubuntu already came with NTP already working
<Smooch> https://help.ubuntu.com/10.04/server/C/NTP.html
<kokozedman> Smooch: page not found 404
<Smooch> whoops
<cjs> Ok, simple enough. When I edited /etc/network/interfaces, I had "auto eth1" followed by config lines, but forgot the "iface eth1 inet static" between them.
<Smooch> This one https://help.ubuntu.com/7.04/server/C/NTP.html
<Smooch> try running ntpdate ntp.ubuntu.com does it work?
<monsterb> https://help.ubuntu.com/10.04/serverguide/C/NTP.html
<Smooch> :P
<cjs> kokozedman: Was your local time very, very close to the servers when you started ntpd? If it's too far out, and especially if your hardware clock has a large skew, ntpd will not sync.
<cjs> BTW, "ntpdate -d <server>" will give you debug output indicating what time the remote server thinks it is.
<kokozedman> Smooch: yes the ntpdate works all the time, but after some days, it will be weird again...
<kokozedman> isn't it running automatically?
<kokozedman> i mean, isn't it supposed to be so?
<Smooch> kokozedman: If doing ntpupdate works.. why not set a cron job?
<Smooch> maybe set the timezone again?
<kokozedman> Smooch: i thought so, but isn't that supposed to be the case in Ubuntu Serverâ¦ listening to you talk makes me think that it's not the default behavior
<kokozedman> timezone is already setâ¦ but i have another problem with that also
<Smooch> I'm not sure if its the default behaviour actually
<Smooch> Something must be resetting the time zone
<Smooch> Are you connecting to another dns server? or through proxy?
<kokozedman> these are new servers, so i don't know what is that "something" that is causing the reset
<Smooch> How many servers are there?
<kokozedman> i am connecting to the server through a HTTP proxy (thru corkscrew) but it's the server itself which is the proxy
<kokozedman> 4 servers
<Smooch> and the server that its connecting thru a proxy has the right time zone?
<kokozedman> yes, all of them have the right time zoneâ¦ but it's not about the right timezone which is troubling, but the timezones that the applications actually see
<kokozedman> i have several CGI and Django applications on each servers
<kokozedman> and they all have a very weird time issues
<kokozedman> sometimes the TZ environment variable is set to "America/Chicago"
<kokozedman> and sometimes they are "Asia/Karachi"
<kokozedman> the latter one is the one that is correct
<kokozedman> the former one is totally incorrect
<kokozedman> and related to this timezone issue is the time that the applications receive
<kokozedman> rarely do the application get the right time, but most of the time, it's using the time in America (Chicago i suppose)
<Smooch> https://help.ubuntu.com/community/UbuntuTime ?
<Smooch> whoops
<Smooch> thats desktop one :P
<kokozedman> i've followed that many times already
<kokozedman> lol
<Smooch> try opening /etc/cron.daily/ntpdate ?
<Smooch> whats in there?
<kokozedman> it's a bash script
<Smooch> shouldn't be
<kokozedman> wait
<kokozedman> i don't have that
<Smooch> whats in  /etc/ntp.conf ?
<kokozedman> i only have ntp
<kokozedman> i only have /etc/cron.daily/ntp
<kokozedman> not ntpdate
<Smooch> try ntupdate
<kokozedman> i guess that has something to do with the 10.04
<kokozedman> command not found
<Smooch> apt-get install
<kokozedman> you mean ntpdate?
<kokozedman> apt-get install ntpdate?
<Smooch> mhm
<Smooch> sudo first of course
<kokozedman> i'm already root
<Smooch> thats fine then
<kokozedman> man! ntpdate is already the newest version.
<Smooch> enter man ntupdate does anything come up?
<kokozedman> but i don't have /etc/cron.daily/ntpdate with that
<cjs> kokozedman: For these applications, is the time zone supposed to be the correct one for the location of the server, or always the same regardless of where the server is located?
<kokozedman> an entry is found for man ntpdate, but not for man ntupdate
<cjs> (Although a better question is: why would you application care about what time zone you're using? Log stuff in UTC if you work across multiple time zones; it will make life much happier.)
<cjs> kokozedman: ntpdate is normally run just once at boot, and perhaps once in a while when you bork your system. Otherwise ntpd should be taking care of keeping things in sync on a continuous basis.
<kokozedman> cjs: it's supposed to be always "Asia/Karachi", no matter where the servers are locatedâ¦ the server are serving applications to Pakistan and it has to be honoring the time thereâ¦ but at this time they are having time pointed to Chicago
<cjs> kokozedman: In that case, set the TZ variable in your startup script.
<Smooch> where does the server ip look up to?
<Smooch> e.g what country/place do they say in whoius
<Smooch> *whois
<kokozedman> cjs: do you mind telling where is that startup script?
<cjs> You're the guys starting the application, not me! :-)
<cjs> Is this an app you developed, or is it something someone else wrote that you installed?
<cjs> Keep in mind, I'm talking about the *application* startup script. The idea is that the application overrides whatever it's given when it starts.
<kokozedman> cjs: i've already set the correct timezone (TZ) inside /etc/apache2/envvars â¦ when i do, it has the correct timezone for about 2 or 3 requests, and then it goes back to the weird Chicago one after
<kokozedman> i have developped it, i intended to receive the local computer's time and not care about what timezone is the script in, or is the time correct â¦ i just assume that it will get whatever time the system is in
<kokozedman> it has worked flawlessly in Gentoo Linux for about 4 years now
<kokozedman> and since i'm leaving control of the server to a less proficient person, i decided to change the system to Ubuntu Server to make things easier for the person
<cjs> Hm. Sounds like something is going wrong with apache or its startup scripts, then. I can't really help with that; I've not used apache in years, and never under Ubuntu.
<kokozedman> but now, Ubuntu's time is getting us crazy
<cjs> But you might consider reconfiguring things so that your application deals with the timezone, and doesn't depend on the environment, which is harder to control (as we've seen).
<cjs> Maybe changing back to gentoo would make things easier. :-)
<Smooch> Yeah
<kokozedman> cjs: lol hahahahaâ¦ we paid $75 for each servers to be switched to Ubuntuâ¦ no way we're paying that again to switch back to Gentoo!!!
<kokozedman> i just assumed that Ubuntu is stable enough to have weird problems like that
<kokozedman> but i was wrong then! :-/
<Smooch> Ubuntu is great actually
<Smooch> But sometimes, you have to compile things from source.. if you know what i mean ;)
<kokozedman> yes i knowâ¦ but i don't know why it's doing this kind of weirdness in the servers
<Smooch> Did you transfer it all to ubuntu?
<Smooch> Perhaps you should back it up and re install ubuntu
<kokozedman> i'm actually using a lot of Ubuntus in my VMware Fusion
<cjs> If you want stability, don't change stuff. :-/
<kokozedman> cjs: actually, i was sick and tired of Gentoo's package systemâ¦ and Ubuntu's update and security is super
<Smooch> Actually
<cjs> I'm not a big fan of Ubuntu, but it doesn't seem much less stable than anything else out there that gets updated regularly.
<Smooch> Maybe its the resolv.conf?
<cjs> kokozedman: Yes, that's one of the main reasons I use it.
<kokozedman> Smooch: what's about it?
<cjs> And why I live with stuff like installing 10.04 LTS may go and trash disks on your KVM virtual hosts.
<Smooch> Well, there the nameservers right.
<Smooch> If your ntp'ing to the server
<Smooch> perhaps ubuntus ntp server is getting the wrong ip
<Smooch> well the wrong location
<kokozedman> i don't think so
<kokozedman> it's using the OpenDNS
<kokozedman> all of them
<Smooch> Oh
<Smooch> Umm
<Smooch> I'v read tons of things saying that openDNS is not good
<kokozedman> oh?
<kokozedman> then, i'll use Google DNS then
<Smooch> try it :)
<Smooch> erm
<Smooch> I have a question of my own :)
<Smooch> er
<amstan_> kokozedman: openDNS lies actually, instead of giving you an error when a domain doesn't exist and letting your browser decide it lies and tells you that it exists, and points you at a server with advertisment on it
<Smooch> how come apt-mirror takes so much cpu?
<kokozedman> amstan_: i don't really consider that a harm ;) â¦ it's just business, they need to advertise to run the servers right?
<amstan_> kokozedman: except it's their business at our expense, it sometimes breaks things
<Smooch> true
<amstan_> when you're trying to do dns stuff for example, and you want to ping to check if a dns works, you'll always get a response
<kokozedman> yeah
<kokozedman> i didn't think that far :P
<Smooch> might make my own dns servers
<Smooch> would anyone be interested :P
<kokozedman> heheheh
<amstan_> Smooch: not really. i would probably get crappy pings
<Smooch> hehe
<amstan_> google dns is pretty decent these days, except that my ISPs DNS servers are faster(TekSavvy)
<kokozedman> is there a way to check that crontab syntax is correct?
<Smooch> send your crontab via pastebin
<Smooch> and ask if its correct?
<amstan_> kokozedman: put it on pastebin?
<kokozedman> hehehe
<kokozedman> lol
<Smooch> lol
<kokozedman> http://paste2.org/p/903943
<kokozedman> it is the last 3 lines which is causing things to not work
<Smooch> *; ?
<kokozedman> oh, i guess i see
<kokozedman> lol
<kokozedman> for the username
<kokozedman> hehe
<Smooch> hehe
<cjs> kokozedman: Why not just run your own DNS servers? It's as easy as "aptitude install bind9".
<kokozedman> cjs: what's wrong with Google's? i'm using that now
<cjs> It's yet one more external dependency to go wrong.
<GhostFreeman> How do I generate the UUID for a hard drive?
<cjs> Not to mention that it lies from time to time, as mentioned above.
<amstan_> cjs: to go wrong? DNS would be the last thing to go wrong
<cjs> GhostFreeman: hard drives don't have UUIDs. Perhaps you're thinking of a partition or something like that?
<amstan_> cjs: there's usually 3 DNS servers
<GhostFreeman> ok, a partition
<cjs> amstan_: DNS is one of the first things to go wrong. See above about Google's DNS lying to you.
<GhostFreeman> what is the weapon of choice.
<amstan_> GhostFreeman: you don't generate it, you just read it
<cjs> GhostFreeman: What kind of partition?
<GhostFreeman> I need to read it so I can add it to fstab
<amstan_> GhostFreeman: ls /dev/disk/by-uuid
<GhostFreeman> a Linux LLVM part
<cjs> GhostFreeman: Ah! You want to know the UUID of an existing partition! "blkid" is your very, very best friend, here.
<GhostFreeman> what is an example command for blkid
<GhostFreeman> the comments in fstab are very vague
<cjs> "blkid". (As root, though.)
<GhostFreeman> got it
<amstan_> cjs: meh.. my way doesn't need root
<cjs> amstan_: yes, but your way doesn't give the partition types as well.
<amstan_> cjs: so.. what about google lying?
<cjs> Oh, that was OpenDNS. Oops.
<amstan_> google doesn't do the advertisment on nonexisting domains
<Smooch> got disconnected :P
<GhostFreeman> once I edit fstab, how can I reload it?
<amstan_> GhostFreeman: mount -a
<cjs> GhostFreeman: It's not continuously "loaded" by anything. The mount command (and various others, such as fsck) look up data in it when they start.
<kokozedman> cjs: so, i'm good with Google's DNS then ;)
<GhostFreeman> thanks everyone
<amstan_> kokozedman: yes
<cjs> GhostFreeman: If you want to mount the filesystem you just added, just type "mount /foo" or whatever its mount location is.
<kokozedman> :D cool
<cjs> kokozedman: I guess. I just reckon, why rely on yet another external service when it's trivial to do yourself.
<amstan_> kokozedman: mount -a just reads the fstab and tries to mount anything not already mounted
<Smooch> cfs great point
<GhostFreeman> One last question: What's a good disk partition editor that's not complicated like parted?
<Smooch> js sorry
<Smooch> Gparted
<cjs> Heck, I even run separate resolving servers on my virtual hosts, even though they could use the one on the host host.
<amstan_> cjs: hosting dns will induce extra delays on dns lookups
<cjs> amstan_: ?
<GhostFreeman> ...that works in a shell
<GhostFreeman> (so no gparted)
<Smooch> fdisk
<amstan_> cjs: well.. the local dns server will have to check the database, and if not there already check with the upper servers, why not just skip the local dns and make all comps use those external servers?
<cjs> amstan_: you mean, resolving stuff yourself is slower than having someone else do it for you? Only if it's cached in theirs and not yours. If you both have it cached, using the local copy will be slightly faster.
<cjs> It's also a security issue, of course. You have to trust Google quite a lot to use their DNS.
<amstan_> but you have to trust someone either way
<amstan_> local dns doesn't magically make you not need to ever trust another dns server
<cjs> amstan_: Your characterization of a DNS lookup is not correct; walk through it slowly.
<cjs> amstan_: And the issue is not that you have to trust someone, it's that you have to trust Google *as well as* anybody else you'd also have to trust.
<amstan_> isn't a local dns server just a cache? so you have to tell that server to use another server to lookup the unknown domains?
<cjs> It's a decision you have to make, of course. If typing "aptitude install bind9" is really that much work, or the result uses up too much disk space, or whatever, sure, go ahead. But you are certainly (if possibly only in a very tiny way) increasing your changes of DNS resolution failing and security problems.
<cjs> Any resolving DNS server is just a cache. Google's is no different from yours (though they might be using something other than bind9).
<amstan_> ok.. so knowing that, what dns resolver do you give to your local dns server?
<cjs> But when you query their server on a.b.c.d rather than your own on 127.0.0.1, either way the server will go through the exact same process to resolve the name.
<cjs> amstan_: There is no DNS resolver for your local server. That's the point. Your local server is the resolver.
<cjs> It only ever asks for non-recursive answers, and follows the chain itself.
<amstan_> cjs: but where does it get its info from?
<kokozedman> cjs: how do i make the ntp (which is starting ntpd) service started on start-up?
<kokozedman> sorry, i didn't mean to highlight cjs
<kokozedman> :P
<cjs> amstan_: how does it know the root servers? /etc/bind/db.root. It's a set of "well known" data.
<cjs> kokozedman: If you just did standard apt-get of it, it should start itself. Check first for /etc/init.d/*ntp*, and then /etc/rc?.d/*ntp*
<amstan_> kokozedman: according to http://www.howtoforge.org/perfect-server-ubuntu8.04-lts-p7 it's enough just to install it
<kokozedman> amstan_: well, i think 10.0
<amstan_> kokozedman: same thing for this particular thing
<kokozedman> 10.04 have it installed by default
<kokozedman> right?
<amstan_> i don't think so
<kokozedman> no way man! i have not installed that service on my ownâ¦ but it's there
<kokozedman> in all servers
<kokozedman> i mean: /etc/init.d/ntp exists in all servers
<amstan_> idk then, i did not say i'm certain
<kokozedman> but here is what i noticed: when i start that service, i will not be able to run ntpdate
<kokozedman> and thing is: i can run ntpdate freely on ALL servers
<cjs> It depends on which flavour of server install, too. There's, e.g. "minimal" vs. regular, and minimal has that extra "Basic Ubuntu server" option in the package install screen in the installer which I don't know just what it does.
<kokozedman> which means, they have not been run at start-up
<cjs> kokozedman: Yes. You can run ntpdate with -d, to see the difference, but if you try to run it without that it tries to use the port that ntpd is already listening on.
<kokozedman> cjs: it's the normal
<cjs> And anyway, you always want to stop ntpd before running ntpdate, and start it again afterwards.
<amstan_> yeah, i just tought to check an existing install @hypertriangle.com and i get  5 Jul 00:41:51 ntpdate[7191]: no servers can be used, exiting
<Smooch> erm
<kokozedman> cjs: exactly!! i did not have to stop ntpd and ntpdate worked well
<cjs> Yes, but is ntpd still happy?
<kokozedman> if ntpd is running, then i'll get something like:  5 Jul 09:38:50 ntpdate[12209]: the NTP socket is in use, exiting
<kokozedman> what you mean?
<cjs> And by how much did ntpdate adjust the time?
<cjs> kokozedman: That message means that ntpdate didn't do anything.
<kokozedman> the point i'm trying to proove is that ntpd is NOT start at boot time
<cjs> Well, to prove that, reboot and then type "ntpdc -p".
<kokozedman> otherwise the first time i tried ntpdate, i would get that error because ntpd is already running
<cjs> Though I have six Ubuntu 10.04 servers here that say otherwise. :-)
<kokozedman> i'll have to wait for tonight to reboot, because people are using the services :P
<qman__> ntpdate does not work correctly, use ntpdate-debian
<cjs> kokozedman: Oh, BTW, do you use etckeeper? If not, you really want to. You really, *really* want to if you might have to come back to the installation after someone else has been administering it for a while.
<qman__> it's because of how the package is configured
<cjs> kokozedman: Pffft. Users. Don't let such unimportant things get in the way of your work.
<kokozedman> lol
<qman__> kokozedman, ^
<qman__> that problem stumped me at first as well
<kokozedman> qman__: i'll try thatâ¦ but please confirm: does ntpdate-debian run ON STARTUP?
<qman__> ntpdate is present but will not work correctly, at all
<qman__> ntpdate-debian runs periodically
<qman__> it's in cron
<kokozedman> qman__: thanks for confirming this problem
<Smooch> :)
<kokozedman> cool
<qman__> I'm also fairly certain it runs post if-up
<Smooch> you may see that i'm randomly doing emotions
<Smooch> its so i don't get disconnected
<qman__> so it would effectively run on startup
<kokozedman> Smooch: lolâ¦ why the disconnection?
<Smooch> kokozedman: irc servers auto disconnect idle connections some times
<qman__> not this one
<kokozedman> ??? not on mine
<Smooch> ok
<Smooch> also
<kokozedman> to the errors i see, it is actually your connection which is closing
<Smooch> does anyone know how to successfully setup a irc server with nickserv on ubuntu 10.04?
<qman__> I have not done it myself
<kokozedman> neither did i
<Smooch> not sure if i should reinstall a vps with centos of ubuntu for this
<kokozedman> why would you want to anyway?
<qman__> I've heard that unrealircd is best, but I can neither confirm nor deny
<Smooch> i need to create an irc channel for a commercial project
<kokozedman> ohâ¦ i see
<Smooch> gtg
<qman__> about your disconnection issues
<qman__> make sure your client is sane
<qman__> mIRC has a habit of doing that, but I can see you're not using it
<Smooch> collyquy mac
<Smooch> colloquy
<kokozedman> Smooch: running on ADSL?
<kokozedman> i mean ADSL router?
<Smooch> not right now
<qman__> yeah, some ADSL routers like to disconnect you when idle
<qman__> it's rather annoying, but usually configurable
<kokozedman> disconnection also happens at the ISP side, they reset your IP at times
<Smooch> normally cable router
<kokozedman> when that happens, you get disconnected
<kokozedman> i use an almost undisconnectible technique ;) :D
<kokozedman> i run my own kind of TCP implementationâ¦ so i don't get disconnected ever, even if the ISP will do their stupid resets
<kokozedman> qman__: what is the name of the packet again? i can't find ntpdate-debing
<kokozedman> ntpdate-debian*
<qman__> should be in your path, one moment
<qman__>  /usr/sbin/ntpdate-debian
<kokozedman> ??? who am i supposed to use that?
<KurtKraut> Smooch, you won't face any diference in seting up a IRC server with Ubuntu or CentOS.
<qman__> you just run it
<qman__> and it updates your local time
<chrismsnz> hey guys - anybody have any experience with running ipvs/keepalived on a recent version of ubuntu? I have reason to suspect that UFW is interfering with the operation of the load balancer
<qman__> based on the settings you have configured
<kokozedman> qman__: what about the cron? do i have to set that up manually?
<qman__> no, it is configured out of the box
<qman__>  /etc/cron.daily/ntp
<kokozedman> qman__: here is my concerns: will it run again at startup? will it continue to run in the background or just one shoot?
<qman__> it runs daily
<qman__> whenever all your other daily tasks run
<kokozedman> ok
<qman__> it also runs whenever your interface goes up
<qman__>  /etc/network/if-up.d/ntpdate
<Smooch> Hi
<kokozedman> lol
<kokozedman> Smooch: there is a ptunnel program which you can use to avoid being disconnected too much
<KurtKraut> Smooch, you won't face any diference in seting up a IRC server with Ubuntu or CentOS.
<kokozedman> it is sending ICMP packets rather than TCP packets
<Smooch> well
<Smooch> rebuilding vps with ubuntu 9.04
<kokozedman> and it doesn't care which IP or route or â¦ you're sending the packets, as long as it arrives you're connected
<Smooch> 10.04 = corrupted template
<GhostFreeman> I forgot the command to generate the UUID for a partition
<Smooch> going to use http://news.softpedia.com/news/Building-Your-Own-IRC-Server-With-Services-40772.shtml to setup the irc
<Smooch> server.
<Smooch> hi?
<Smooch> ?
<GhostFreeman> Should a newly-created linux partition have a lost+found directory in it?
<lifeless> yes
<GhostFreeman> oh
<GhostFreeman> ok thanks
<kaushal> Hi
<kaushal> I am using pxe image to install ubuntu server on all the servers
<ljungk> I'm trying to set up a mail server using postfix. my isp blocks port 25. will i still be able to make it recieve mail?
<kaushal> the issue is that it installs a generic kernel
<kaushal> I have both server kernel and generic kernel
<kaushal> basically i need to install server kernel
<kaushal> what changes i need to do on the pxe image to install server kernel ?
<Snadder> Anyone know if its possible to add a machine with a diffrent processor to a UEC setup?
<qman__> Snadder, UEC will run on pretty much any computer which has hardware virtualization
<Snadder> qman__, but in normal virtualization.. you can't have one cluster with diffrent processor types..
<qman__> Snadder, if by processor types, you mean x86 vs sparc vs mips vs alpha, then yes
<qman__> but if by processor types you mean intel core 2 vs intel i7 vs AMD phenom, then no
<Snadder> qman__, I mean.. if you upgrade to a faster x86 processor.. then you need to create a new cluster.
<qman__> not with UEC
<Snadder> qman__, NICE :-)
<qman__> UEC is more similar to VMWare than it is to traditional clustering
<qman__> the cloud bits are all handled in higher level software
<qman__> as long as the hardware is fast enough and supports the right features, it will work
<Snadder> qman__, how come really.. won't it be very ineffective to not run in instance directly on the hardware.. with a layer in between?
<Snadder> an*
<qman__> it does, using hardware virtualization features
<qman__> it uses a common set of processor extensions
<qman__> however, memory and addon device features are handled in software
<qman__> so that, regardless of the actual hardware, your virtual environment is the same
<Snadder> qman__, But if UEC runs on 2 diffrent x86 processors,  how is it then possible to move an instance from one type to another?
<qman__> the instances do not make use of features that are not common across all supported hardware
<Snadder> qman__, so it will be transparant to which type of processor it runs on?
<Snadder> Cool.
<qman__> yes
<Snadder> qman__, is it any other large benefits of using UEC compeard to virtual private server setups?
<qman__> UEC scales better
<Snadder> explain.. in what way?
<qman__> if you have lots of instances and lots of hardware, UEC can better manage what goes where
<qman__> where with regular VPS, you must decide ahead of time how to divide your resources
<Snadder> Ahh.
<qman__> which is fine for a few servers, but gets very cumbersome with a large load
<Snadder> How many servers do we need to get the benefits of UEC?
<qman__> well, it's not really a strict number, but UEC also requires a controller machine
<qman__> so you must evaluate for yourself
<qman__> but if you've got more than ten servers and more than 100 regular instances, UEC is definitely worth trying
<Snadder> We have app. 500 physical servers..
<qman__> then it is definitely worth looking into
<kaushal> qman__, hi
<qman__> try setting up a lab environment
<Snadder> But don't know how many of those we will virtualizing.
<qman__> see if it performs to your needs
<Snadder> qman__, is it possible to run UEC on hyper-v?
<qman__> UEC itself must be run on physical hardware
<qman__> because it makes use of the virtualization feature
<lifeless> not true
<lifeless> you can run it with qemu
<lifeless> its obviously slower
<qman__> really?
<lifeless> see kirkland's demo image as an example of doing this
<qman__> still, qemu is not anywhere near as fast as hardware virtualization
<qman__> and won't give you a good idea of how it will perform
<lifeless> of course
<lifeless> it performs like kvm :)
<lifeless> there really isn't any need to use UEC to assess *that* :P
<Snadder> We have some old vmware clusters we can run it on also.. if thats better.
<Snadder> Linux on hyper-v sucks..
<qman__> vmware is a bit faster than qemu, but it's still not going to give you an accurate picture of the performance
<qman__> however, it will give you an experience of how it behaves and how to use it
<Snadder> Yeah.
<lifeless> I believe there is a vmware backend, but we explicitly don't support it.
<qman__> running virtual machines inside virtual machines is naturally inefficient and complex
<Snadder> Ok.. I will try to get some hardware for it. :-)
<Snadder> qman__, lifeless how much memory is required to run UEC?
<lifeless> Snadder: a couple GB is best for the cloud controller
<qman__> I wouldn't attempt with less than 1GB, but more is always better
<lifeless> a hundred MB or so for the node controller on each node
<Snadder> Is 4GB enouch to run all 3 machines to get UEC up?
<rahman> Hi, I have a squid proxy running. When I do a "whatismyip.com" it says "Possible Proxy Detected: 1.1 apache:8888 (squid/2.7.STABLE6)". How can I prevent this? I want to make the proxy users to connect to internet with the proxy servers ip address. I don't want the squid to modify anything else in the http headers.
<Snadder> I can alternative use two physical machines with 4gb memory each.. or is one machine enough?
<lifeless> 2 is easiest
<lifeless> I documented how to do it on one on the help.ubuntu.com wiki though
<kim0_> rahman, google for X-Forwarded-for
<kaushal> hi
<kaushal> I am using ks.cfg http/tftpd/pxe server install Ubuntu 8.04 server over the network method
<kaushal> the issue is that it installs generic-kernel instead of server kernel
<kaushal> is there a way to fix it on the pxe image ?
<kaushal> Please suggest
<Snadder> lifeless, one psysical machine with Cloud controller.. another one with cluster controller and node controllers?
<lifeless> one with cloud/cluster, one with node controller (== one node)
<Snadder> Ah, ok.
<kim0_> lifeless, I had tried the one node installation coz that's only what I have and it was failing at registration (on 10.10)
<kim0_> lifeless, was there some known problem
<lifeless> kim0_: did you see the docs on help.ubuntu.com ?
<kim0_> I was following an extermal article
<kim0_> don't think it was on the wiki
<Snadder> lifeless, any docs you recommend to read before setting UEC up?
<lifeless> https://help.ubuntu.com/community/UEC
<Snadder> I got 2 psysical Opteron machines with 4gb memory each.
<lifeless> kim0_: https://help.ubuntu.com/community/UEC/Topologies
<kim0_> lifeless, thanks .. will give it another shot
<lifeless> Snadder: https://help.ubuntu.com/community/UEC/PackageInstall also for you
<Snadder> lifeless, I have debian already installed on theese machines.. can I fire up UEC without reinstalling?
<Snadder> I guess not.
<qman__> while I suppose it's theoretically possible, installing ubuntu will make things much, much simpler
<Snadder> Yeah.. I'll do that.
<rahman> kim0_: I am new to squid so I can be wrong but isn't "X-Forwarded-for" is to keep and use users real ip in the header instead of proxy servers ip?
<kaushal> can someone please guide me about my post on https://lists.ubuntu.com/archives/ubuntu-server/2010-July/004402.html
<kim0_> rahman, I'm no squid expert either .. you might wanna ask in #squid
<rahman> kim0_: Ok, thanks
<kim0_> rahman, in general .. I think you want to hide "Via, Forwarded, X-Forwarded-For and Client-ip headers" from your headers so the 2nd party doesn't know there's a proxy
<Snadder> lifeless, qman__ I only have 2x40gb scsi disks in each machine.. do you think its possible to run it in two partitions with those?
<lifeless> easy as
<lifeless> you can get by with a 2GB flash drive if you have too :)
<lifeless> (Don't try though - use the 40GB :)
<Snadder> lifeless, here it says 40gb is minimum.. but 200gb is sugested: https://help.ubuntu.com/community/UEC/PackageInstall
<lifeless> 'meh'
<lifeless> for a test environment - you will be fine
<lifeless> theres lots of caching can happen
<Snadder> Ok.
<Snadder> lifeless, so there is no point puttin in two 40gb in both machiines?
<huats> morning
<uvirtbot> New bug: #601803 in whois (main) "when whois and mkpasswd are build locally they have .mo file conflicts" [Undecided,New] https://launchpad.net/bugs/601803
<kaushal> checking in again for my query ?
<kaushal> can someone please guide me about my post on https://lists.ubuntu.com/archives/ubuntu-server/2010-July/004402.html
<DizzyDoo> Quick question from a Ubuntu Server newbie, how do I change my networking settings from using eth0 to eth1?
<kim0> DizzyDoo, /etc/network/interfaces ?!
<qman__> DizzyDoo, change in /etc/network/interfaces
<DizzyDoo> Right, I did that, apparently that's not the problem I have. I'll go troubleshoot some more as to why I'm not getting a connection
<qman__> if your question is how to change eth1 to eth0, it's in /etc/udev/rules.d/70-persistent-net.rules
<Gorlist> hi, quick question. I want to secure my tmp and var/tmp directorys. Is using a loopback just as good as making a new partition?
<Snadder> qman__, lifeless : do you know if iscsi is supported with UEC?
<lifeless> should be
<naftilos76> hi guys, i just need to confirm with you whether the cookies or the server-side sessions way is the most secure way to maintain on a website. I have read in the net but i am a little bit confused. Can you advise?
<RoyK> Gorlist: should work well
<Gorlist>  ;) okay
<RoyK> Gorlist: you can use the same filesystem for both
<Gorlist> would that cause problems with plesk control panel?
<Gorlist> also ive made is 1 gig, big enough?
<RoyK> that depends on how much writing there is to /tmp
<RoyK> plesk?
<RoyK> ubottu: plesk?
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<Gorlist> plesk control panel
<Gorlist> I might make two file systems
<Gorlist> just on the safe side
<RoyK> Gorlist: 1 gig might be on the low side - anyway, use something like nagios to monitor the filesystems
<Gorlist> if I increase the size, what should i have for the count e.g. "bs=1024 count=1000000"
<Gorlist> so say for 2 gig, do I just double the count?
<Gorlist> i understand
<Gorlist> confusing my self, bs is byte size and the count is the total size
<cjs> Damn I am just having the worst week ever. Another system falling to pieces.
<cjs> How do I fsck a filesystem that starts 2048*512 bytes into the block device on which it resides?
<lifeless> loopback
<Smooch> Hey
<Smooch> i'm having a problem setting up unrealircd and anope services on ubuntu 9.04
<cjs> losetup -v -o $((2048*512)) /dev/mapper/prod
<cjs> loop: can't get info on device /dev/mapper/prod: Inappropriate ioctl for device
<cjs> It's a block device that was created by cryptsetup.
<Smooch> lost connection
<Smooch> sorry if someone said something before
<cjs> lifeless: any thoughts? I have no idea why it's refusing to "mount" it.
<RoyK> Gorlist: to make 2GB files, bs=1M count=1k
<RoyK> erm
<RoyK> Gorlist: to make 2GB files, bs=1M count=2k
<cjs> Or I'm open to ways of convincing the VM using it to give me a command line of any sort, rather than refusing all input after telling me that fsck failed on boot.
<tola> Hi, I started up my Ubuntu Enterprise Cloud environment this morning which was working OK last week. Now every time I start an instance they stay "pending" for a long time and then immediately terminate. The only errors I can see in the eucalyptus logs are "shawn(): network state maintainance failed" and "vnetAttachTunnels(): bad input params". Can anyone suggest where I should start to diagnose this problem?
<RoyK> cjs: cryptsetup? you mean it's encrypted?
<lifeless> cjs: break=top
<lifeless> cjs: or whatever - see the debugging boot wiki pages
<tola> cancel that, I fixed it by restarting the cluster controller with clean=1
<Gorlist> ive made it 20GB
<cjs> RoyK: the partition underlying /dev/mapper/prod is encrypted. /dev/mapper/prod is the decrypted version.
<Gorlist> might seem excessive but never know on backups etc
<cjs> lifeless: Oh, sorry, you didn't see about my earlier issue. How do I get a grub menu? Holding down shift doesn't seem to work.
<lifeless> its a vm
<lifeless> set the parameters in the config file
<cjs> lifeless: Ah! Where is this config file? Under /etc/libvirt?
<cjs> Or are you talking about the grub menu file in the VM's partition?
<Snadder> Does UEC support IBM svc san controll?
<lifeless> cjs: somewhere
<lifeless> Snadder: if kvm does
<cjs> lifeless: Is it a grub config option or a kvm config option?
<lifeless> kvm, the kernel is booted outside the vm
<lifeless> kindof
<cjs> Well, that would explain my issues!
<RoyK> cjs: ah
<RoyK> cjs: do you have space somewhere to take a dump of /dev/mapper/prod ?
<cjs> lifeless: Hm. Are you sure it's booted outside of kvm? I don't see anything in the libvirt config that looks like anything diskwise, except the one raw partition it uses as the HDD.
<RoyK> if /dev/mapper doesn't support that ioctl call, moving the data out might be a way to go
<lifeless> pretty sure. IMBW
<Snadder> lifeless, is it possible to run UEC instances over nfs from another machine?
<cjs> RoyK: I think so, and I've already started a dump of that. If it doesn't fill up my entire disk, it should be done in a couple of hours. Then an fsck, then a couple of hours to copy back....
<lifeless> Snadder: ?! no idea.
<Snadder> lifeless, since I might not be able to get the ibm san working.. then I will be abit short with disk.
<lifeless> Snadder: you have 80g to work with, thats _tonnes_
<lifeless> to play with
<Snadder> ok
<lifeless> its really really important to plahy with it
<lifeless> get a feel for it.
<lifeless> *then* do planning.
<lifeless> you can't reason about how to deploy it until you feel how it works.
<Snadder> OK :-D
<Snadder> lifeless, reading a pdf named "ubuntu enteprise cloud architecture" from august 2009.. about how it all works.. should I maybe be reading the ubuntu.com links you gave me earlier instead.?
<lifeless> I think you should install it
<lifeless> and play :)
<Snadder> Ok.. I will do reading today.. installing tomorrow.
<Snadder> have booked 3 hours at the datacenter tomorrow..
<tola> Why does a eucalyptus instance set to 5GB capacity in the Ubuntu Enterprise Cloud web UI only have a 1.4GB root partition and then 3GB mounted to /mnt?
<RoyK> tola: perhaps asking on #ubuntu-virt may give you better answers
<tola> RoyK: thanks
<cjs> Boy, that was silly. It just wasn't clear from the help text that losetup *must* be provided with either a -f option or a loop device.
<cjs> Well, the error message didn't exactly help, there.
<blackthor> greetings.  is there anyone that could confirm that 10.04 LTS is running fine HP ML 150 G6 ?  on the HP partner page of canonical there is only info about 9.04 LTS  and the 150G6 isn't on it :(
<kaushal> Hi
<kaushal> is there a way to create Netboot images ?
<kaushal> I got a reply from https://lists.ubuntu.com/archives/ubuntu-server/2010-July/004402.html
<kaushal> How can i integrate the server kernel into the PXE Netboot image
<kaushal> can some one please guide me
<TREllis> kaushal: here's a good guide, http://www.ubuntu.com/system/files/u1/AutomatedDeploymentsWP-20090126.pdf
<kaushal> TREllis, Thanks
<kaushal> I have a working setup already in place
<kaushal> the issue is that it by defaults installs generic kernel and not server kernel
<TREllis> kaushal: are you using a kickstart file or preseed file?
<kaushal> ks.cfg
<kaushal> yeah kickstart file
<TREllis> kaushal: right, not sure for the solution if using kickstart. I would myself use preseed as it's the native way provide answers to the debian installer
<TREllis> and the second mail on that thread gave you the answer, "d-i base-installer/kernel/override-image string linux-server", if using preseed you need to include that line in the file
<kaushal> TREllis, i totally agree
<kaushal> but i dont use preseed method
<kaushal> can i customize the Netboot image ?
<TREllis> it sounds like you do not really want to "customize the netboot image"
<TREllis> it sounds like you are doing network installs and just want the correct kernel installed?
<kaushal> ok
<kaushal> yes
<kaushal> TREllis, is that possible ?
<TREllis> kaushal: not sure sorry, I would go straight for a preseed file and not a kickstart, then you can use the d-i option above
<kaushal> TREllis, ok. where can i seek help for my use case ?
<zul> morning
<skaag> I upgraded an ubuntu 10.04 server which has a really small /boot/ partition (only 46mb :-( ), and it has failed to boot
<skaag> now support have booted a microknoppix and I have mounted the original drive
<skaag> and I'm trying to find out why it failed the boot process
<skaag> I just upgraded from 2.6.32-22 to 2.6.32-23
<skaag> 2.6.32-22 worked fine
<pmatulis> skaag: try removing the old kernel to make space after booting with a ubuntu rescue cd (live or alternate)
<skaag> I removed and now all I have are those files:
<skaag> actually I don't want to list them here, too long, don't want to spam the channel
<pmatulis> skaag: how did you remove?
<skaag> I erased the files in /boot/ and updated menu.lst
<pmatulis> skaag: bad boy
<skaag> :-)
<pmatulis> skaag: you should always use apt to manage packages
<pmatulis> skaag: pastebin the contents of /boot
<pmatulis> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<skaag> http://paste.ubuntu.com/459447/
<skaag> pmatulis: I did upgrade the kernel with apt
<skaag> the thing is that because the /boot/ partition is so limited in size, for historical reasons, I mount --bind /boot to /boot.tmp
<skaag> I then do the upgrade
<skaag> and I then move files manually back to the real /boot/
<skaag> quite unfortunate, that I have to do this for every kernel upgrade
<pmatulis> skaag: geez, and why /boot so small?
<skaag> that's how that hosting company set it up for me :-(
<skaag> they claim they usually make it 100mb
<pmatulis> skaag: i would re-install if possible
<skaag> I'm going to abandon that server by end of this month
<skaag> but until then I must regain access to it for a little while
<skaag> just want to make sure it can boot again
<pmatulis> skaag: i now never use /boot less that 512 MB, got tripped up when using 256
<skaag> yes I know, I actually allot 1gb for my /boot/ partitions, just to be safe, and space is so ample... why not... :)
<pmatulis> skaag: 'xactly
<skaag> kernels are just growing in size..
<skaag> I've also just updated grub:
<skaag> http://paste.ubuntu.com/459448/
<skaag> I've mapped /dev and /proc properly, mapped /dev/sda1 to /media/sda3/boot/ and chrooted to /media/sda3 (root), so it's like i'm in my real ubuntu install
<skaag> so apt, grub, and all the utilities work like before
<pmatulis> skaag: great
<skaag> grub is installed on /dev/sda1, still, so I believe I don't need to reinstall grub itself to the boot sector...
<skaag> /dev/sda1 = /boot and /dev/sda3 = /
<pmatulis> skaag: how much room in /boot now?
<skaag> what would you recommend I verify now, before I reboot? :)
<skaag> /dev/sda1              46M   32M   12M  74% /media/sda3/boot
<skaag> 12mb free
<skaag> because there's just 2 kernels in there
<pmatulis> skaag: i guess reboot and see
<skaag> is there some magic I can do in grub to allow me to automatically regain access to the machine?
<pmatulis> skaag: how can you access a machine remotely that is not booted?
<skaag> I ask the support over there, and afer a very long time, they boot microknoppix for me ;-)
<skaag> I just wondered if there's something I can do such that if grub fails booting, it will enter some special mode where I can telnet into it
<pmatulis> skaag: no
<skaag> ok then
<pmatulis> skaag: this is where IPMI/DRAC/KVM comes in
<skaag> I'll just reboot and pray
<skaag> yah, I need to find a good US hoster with IPMI/KVM such as I have in europe
<skaag> with that, I don't need support at all, I just fix everything myself...
<pmatulis> skaag: yeah
<pmatulis> skaag: you can always reinstall a specific kernel
<skaag> maybe I should do that
<skaag> before I reboot
<skaag> just to be sure
<pmatulis> skaag: (meaning the latest one)
<skaag> how do I do this for 10.04
<skaag> latest kernel
<skaag> apt-get install --reinstall linux-image-2.6.32-23-generic-pae?
<bogeyd6> How can I find who built a particular package?
<pmatulis> skaag: linux-image should be enough but your command should hurt
<pmatulis> should not hurt
<skaag> bogeyd6: apt-cache show joe
<skaag> ok
<bogeyd6> hmm just says ubuntu developers as the maintainer
<skaag> bogeyd6: hich package?
<skaag> which
<bogeyd6> zoneminder
<bogeyd6> someone built it with a static control script
<skaag> this is what I get:
<skaag> Maintainer: Ubuntu MOTU Developers <ubuntu-motu@lists.ubuntu.com>
<skaag> Original-Maintainer: Peter Howard <pjh@northern-ridge.com.au>
<skaag> when I do apt-cache show zoneminder
<skaag> at the top
<skaag> you must be seeing this as well?
<skaag> ok rebooting...
 * skaag prays to the universe
<pmatulis> skaag: did the re-install do anything at all?
<skaag> it reinstalled, ran update-initramfs, depmod, etc. all the usuall stuff.
<skaag> and grub-update
<skaag> it looked good, and produced no errors or warnings.
<skaag> so I'm hopeful...
<pmatulis> skaag: yes, sounds good
<skaag> waiting for machine to become available again
<pmatulis> skaag: 32-bit right?
<skaag> yes.
<skaag> old machine...
<skaag> ok still won't boot into the OS
<pmatulis> bogeyd6: check the changelog on packages.ubuntu.com or download the source package
<skaag> I don't know why, can't see the screen
<pmatulis> skaag: could be another problem then, access again and *remove that kernel
<bogeyd6> pmatulis, unfortunately that wont fix the bugs for everyone else. im ironing them out right now
<pmatulis> bogeyd6: your question was how to determine the packager
<bogeyd6> pmatulis, yeah, that didnt change, and i havent asked another question since.
<pmatulis> bogeyd6: so your question is therefore answered
<bogeyd6> <pmatulis> bogeyd6: check the changelog on packages.ubuntu.com or download the source package   << assumed the download source package comment was meant to help fix my problem, not the developer
<uvirtbot> New bug: #601895 in bind9 (main) "Sync bind9 1:9.7.1.dfsg-2 (main) from Debian unstable (main)" [Wishlist,Confirmed] https://launchpad.net/bugs/601895
<trapmax> root-account login not working from direct console access.
<pmatulis> ok
<skaag> pmatulis: yah, and just go back to -22 yah?
<skaag> from -23
<pmatulis> skaag: if that's what was working before, yes
<pmatulis> skaag: were any other packages recently updated?
<skaag> nope
<skaag> not that I know of
<Mateo_> Hi everyone !!
<Mateo_> i have a problem with my vhosts ... i have added a conf file in site-available, i've made a a2ensite myconf  , but the domain direct me to another directory (fromanother site conf)
<reisi> any ideas on how to pam_unix.so actual log something with the debug option?
<reisi> we have a "small problem" of not getting su or logging as root in login working; it always results as Authentication failure. (as we really rarely need this it might had been broken during 8.04 -> 10.04 upgrade)
<Mateo_> reisi: i don't think you can use su with the last version of ubuntu
<Mateo_> i don't know if i'm right but you have to use sudo
<reisi> Mateo_: at least the documentation only specifies that only disabling action is not to set the passwd, and we have set the password
<reisi> sudo is not an option as we have to refactor the system file structure
<Mateo_> ok
<bogeyd6> you can use su
<bogeyd6> you just simple "sudo su" and it will su the root user
<bogeyd6> however
<bogeyd6> !noroot reisi
<reisi> bogeyd6: but the user will still be logged as we transfer his/her home dir
<bogeyd6> !noroot | reisi
<ubottu> reisi: We do not support having a root password set. See !root and !wfm for more information.
<reisi> !wfm'
<reisi> !wfm
<ubottu> Common Sense: Just because you can, does not mean you should (and especially recommend to others). Think before you do. "Works for me" does not mean it is ok. The latest version of everything is not always useful if you aim for stability. Please see http://geekosophical.net/random/worksforme/
<reisi> !root
<ubottu> Do not try to guess the root password, that is impossible. Instead, realise the truth... there is no root password. Then you will see that it is 'sudo' that grants you access and not the root password. Look at https://help.ubuntu.com/community/RootSudo
<bogeyd6> reisi, you just "sudo su" and type in your password
<reisi> bogeyd6: wont it be a problem that i'm going to mount my home dir from another disk while running the root shell?
<bogeyd6> only in that all the files you create are owned by root
<bogeyd6> you can chown -R user /home/folder
<reisi> hmm i'm not sure you are getting my point; we are going to MOVE /home from the current filesystem of / (root) to a new LV and mount the new LV as the /home
<bogeyd6> i think you are right
<bogeyd6> cuz to me i thought "i wanna copy everything from one directory to another"
<Mateo_> rhaaaa i really don't understand why it keep on direccting me to another directory ...
<reisi> not to cause any problems with, well anything i'm not aware i'd like to login as root (whose home is at /root, not under /home which we are moving)
<bogeyd6> reisi, see and i would say you just copy /home/ and not worry about using the ~
<bogeyd6> ala cp -R /home/ to /some/device/
<bogeyd6> then mount /some/device /home
<reisi> never do that with -R; always use -a; otherwise you'll lose all timestamps, owners, groups and rights
<bogeyd6> right right, sorry
<reisi> strange, now that i changed "auth required pam_unix.so debug use_first_pass" to "auth requisite ..." with a pam_deny.so as the last entry it works
<p1l0t> Why does changing /etc/network/interfaces have no effect on my network settings? I do not have NM installed
<p1l0t> Lucid 10.04 LTS server
<pmatulis> p1l0t: restart networking?
<p1l0t> It says failed to bring up eth0
<RoyK> p1l0t: pastebin it
<RoyK> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<p1l0t> Wish I could, but the server is not online
<giovani> serial console / ipmi
<RoyK> what is the exact error message?
<RoyK> giovani++
<p1l0t> Failed to bring up eth0
<RoyK> are you logged in?
<RoyK> if so, type 'ifconfig -a' to see what it says
<p1l0t> It shows eth0 being up with settings that are different from /etc/network/interfaces
<p1l0t> this is whats strange it seems editing interfaces has no effect
<giovani> p1l0t: ok, so, set the interface manually for now
<giovani> to get the machine online
<giovani> then we'll troubleshoot further
<pmatulis> p1l0t: using the old init script should work
<giovani> 'sudo ifconfig eth0 1.1.1.1 netmask 255.255.255.0'
<giovani> 'sudo route add default gw 2.2.2.2'
<giovani> replace 1.1.1.1 with your server's IP, 2.2.2.2 with the router/gateway, and change the netmask if required
<p1l0t> I have done that and now I can see my web page online, lol - but I can't access the internet from it...
<p1l0t> ping says network unreachable but yet derek.doesntexist.org:1013 will probably show you a picture of me departing from Block Island
<giovani> I'm betting you can, but you haven't set DNS
<giovani> so you can't resolve anything
<giovani> 'sudo nano /etc/resolv.conf' and add your nameservers if you want -- but we'll get this fixed anyway -- it's just temporary
<p1l0t> resolv.conf seems to be set properly
<giovani> and no -- your server isn't available to the internet
<p1l0t> Oh maybe I only see it on the local network
<giovani> so if you do a 'ping 8.8.8.8'
<giovani> does that work?
<p1l0t> try http://derek.selfip.net it works for me but maybe because I am on the local network with my netbook
<p1l0t> ping -c 1 8.8.8.8 says network unreachable
<giovani> you added the gateway?
<p1l0t> ummm lol maybe not
<p1l0t> ifconfig doesn't show anyway gateway info
<giovani> I can't help you if you're not following directions
<giovani> 10:10 < giovani> 'sudo route add default gw 2.2.2.2'
<p1l0t> ok I can ping google public dns now
<giovani> ok, so now your server is accessible
<giovani> so ssh into it
<giovani> and pastebin /etc/network/interfaces
<p1l0t> ok
<p1l0t> installing openssh-server give me one sec
<p1l0t> http://pastebin.com/W2YXuxRZ
<giovani> p1l0t: invalid syntax
<giovani> who gave you this format?
<kaushal> hi again
<p1l0t> where did my syntax go wrong?
<giovani> hwaddress
<giovani> requires "ether" after it
<p1l0t> hwaddr?
<p1l0t> oh
<giovani> but it's unecessary if you only have one interface
<giovani> it's only used to differentiate multiple nics
<p1l0t> I do have two physical cards
<giovani> so the line should read "hwaddress ether 00:0e:e8:e3:a9:fe"
<giovani> ok
<p1l0t> ok
<p1l0t> perfect
<p1l0t> giovani = you are WIN
<p1l0t> Thank You
<RoyK> p1l0t: why do you want to override the mac address?
<p1l0t> I just wanted to make sure it doesn't read the wrong network card
<RoyK> p1l0t: overriding the mac address won't help you there
<RoyK> see /etc/udev/rules.d/70-persistent-net.rules for the device mappings
<p1l0t> :) oh thanks wilco
<RoyK> basically, you never want to override the mac address unless you're doing something special
<RoyK> setting the mac address in /etc/network/interfaces, will only override the mac address of the given interface defined in udev
<p1l0t> I'm not doing anything that special just yet ;)
<RoyK> overriding the mac address is nice if you want to spoof a switch into hub mode :)
<RoyK> but then, you rarely want to do that
<p1l0t> Right now I am failing at trying to use my server as a proxy. (Most FBO's at local airports have free wifi but filter anything worth looking at.) I tried ssh -C -D 9999 me@mydomain but then when I set firefox to 127.0.0.1:9999 it says its refusing the connection
<p1l0t> oh maybe my router needs the port forwarded...
<p1l0t> nopes
<p1l0t> must be something I need to allow from the server side...
<RoyK> p1l0t: try -L
<RoyK> p1l0t: no, your router won't need anything
<RoyK> ssh -C -L 9999:localhost:9999 you@yourbox
<RoyK> or
<RoyK> ssh -C -f -n -N -L 9999:localhost:9999 you@yourbox
<RoyK> that implies taht yourbox listens to port 9999
<p1l0t> Makes more sense let me try that
<Daviey> hmm
<Daviey> p1l0t, Sounds like what you really want is a socks proxy..  ssh -D9999 user@domain.com
<Daviey> p1l0t, then you can set the proxy type as socks in firefox, as "localhost" and port 9999
<p1l0t> oh no space after -D
<p1l0t> Thats odd, now it stopped saying conection refused but all I get is a blank white page no matter what address I type in
<p1l0t> I am connected via SSH
<RoyK> I don't think spaces will matter
<p1l0t> No its not the spaces, but now it stopped saying connection refused but I just get a blank white page no matter what address I put in
<p1l0t> and firefox says done at the bottom too
<RoyK> is it squid running on that server or what is it?
<p1l0t> I don't even know what squid is
<RoyK> oh :)
<RoyK> what sort of proxy is it?
<p1l0t> ssh
<RoyK> erm - what do you proxy on the server?
<p1l0t> I'm trying to access the internet with firefox on my netbook via a ssh connection to my home server
<p1l0t> or I should say surf web pages via my home server
<RoyK> and what software are you using on your home server to do the proxying?
<p1l0t> I was trying to use ssh as a SOCKS proxy
<p1l0t> openssh-server
<RoyK> it's easier with squid
<RoyK> apt-get install squid
<RoyK> on the home server
<Daviey> p1l0t, Hmm.. Are dns lookups working for you?
<RoyK> ssh -C -f -n -N -L 9999:localhost:3128 you@yourbox
<Daviey> RoyK, Please don't confused the matter atm.. i really don't think he needs squid for this.
<RoyK> ok
<RoyK> Daviey: are you p1l0t ?
<Daviey> RoyK, huh?
<RoyK> Daviey: does he have a socks proxy on that host?
<Daviey> RoyK, Sorry.. you are confusing?  I'm not sure what you mean
<RoyK> Daviey: p1l0t asked about using an ssh tunnel to another box for proxying - afaik you need a proxy server on the destination box to do this
<Daviey> RoyK, no.. this is one of the magical freebies you get with sshd
<Daviey> RoyK,  ssh on it's own can act as a socks5 proxy
 * RoyK checks
<RoyK> tried with firefox, and no data
<RoyK> just empty page
<RoyK> Daviey: the ssh docs are clear, that yes, it should work as a socks proxy, but it doesn't work
<Daviey> RoyK: I use it daily.. with a default install of ubuntu server, it does.
<RoyK> I tried with firefox, and it didn't work too well
<p1l0t> I lost my wireless for a bit
<p1l0t> Today is full of fail for me
<RoyK> p1l0t: try with -D - if it works, use it, if not, install squid and use -L
<Daviey> RoyK: Okay, i've just tried it on a fresh install of ubuntu desktop with firefox, and a lucid and maverick server.. it works.
<Daviey> RoyK: If it's not working, then someone has changed a setting on the server, or you are doing it wrong.
<RoyK> Daviey: the server is unchanged - basic ssh install - my current client is OS X with openssh5.2p1
<RoyK> server is lucid
<p1l0t> -D stops it from saying connection refused but any web page loads up as blank and says done - I will have to try squid
<Gorlist> I found out how my server was comperised, it was via the tmp directorys. Ive done a reinstall and they've just dumped aload of files back in their, however tmp is set to nonexcute etc
<Daviey> RoyK: i recently used it in safari on osx.. that worked
<Daviey> p1l0t: what did you put as proxy settings?
<Gorlist> how could I back track to find whos doing this, and block their ips - and on top of that make sure that these scripts arin't being run?
<p1l0t> Daviey: 127.0.0.1:9999
<Daviey> Gorlist: Finding out who is doing it, is not a good way.. you really need to find out how they are getting in.. Is it a webserver?
<Gorlist> yes
<Gorlist> fresh install this morning
<Gorlist> and somehow their accessing the tmp /var/tmp and possible dev/shm (which ive yet to secure
<Daviey> Gorlist: check your auth.log to see if it is ssh
<Gorlist> rgr
<Daviey> p1l0t, What boxes in the firefox proxy settings are you putthing them in?
<p1l0t> all of them
<RoyK> Daviey: worked with safari, and firefox too, after some fiddling
<Daviey> p1l0t, erm.. not quite what you want
<Daviey> p1l0t, Only fill the SOCKS box
<p1l0t> ok I checked the use this for all box I'll fix that
<p1l0t> Daviey: WIN
<p1l0t> Thank you
<Daviey> p1l0t, super!
<Daviey> p1l0t, Keep in mind that you'll be doing DNS lookups locally, rather than over the proxy
<Gorlist> nothing in the auth.log apart from someone hammering the ftp
<Gorlist> better check my fail2ban qucikly
<Daviey> p1l0t,  firefox can be configured to do DNS lookups over the SOCKS5 proxy, if that is what you want.
<Daviey> Gorlist, last <-- will give you a list the last few shell logins.. should be an indicator.
<Daviey> Gorlist, What services are you running..  I now know you are running an ftp service.
<Gorlist> plesk, so that includes apache, mysql, qmail etc
<Daviey> Gorlist, Hmm.. i assume that is plesk shipped binaries of services, not ones from the ubuntu repo?
<Gorlist> test     ftpd5148     79.172.195.193   Mon Jul  5 10:14 - 10:14  (00:00)
<Gorlist> yes,
<p1l0t> Daviey: I do want
<Gorlist> right thats in "last"
<Gorlist> that is unknown
<Daviey> Gorlist, In that case.. i can't really help..  firstly you need to make sure the services that are being ran are up to date on security issues
<Daviey> <--- not a fan of plesk
<Gorlist> np, thanks. Well im doing the best I can but I cannot figure out how their doing it....
<Daviey> Gorlist, Hmm.. My first thought is possibly weak ssh password or a php based webservice.
<Daviey> Gorlist, Actually rule out ssh, as i doubt they'd be using /tmp
 * Daviey goes back to thinking http
<Daviey> Gorlist, the files in /tmp, who are they owned by... $ ls -l /tmp
<Daviey> Gorlist, you should see: -rw------- 1 www-data www-data 343 2010-07-05 11:12 somefile... for example
<Gorlist> good idea
<Gorlist> Daviey, -rw-r--r-- 1 www-data www-data 95493 2010-07-02 15:59 scan.txt
<Daviey> Gorlist, Yep.. that confirms it's an attack through one of your webservices
<Daviey> Gorlist, http...
<p1l0t> ok so now firefox wants to know what program I want to use to open a .php file....
<Gorlist> right
<Daviey> p1l0t, use vim.. everyone seems to love that :)
<Daviey> p1l0t, clear your browser cache and restart it.
<Daviey> p1l0t, Is this for every php based site, or one of your own servers?
<Daviey> Gorlist, Are you *just* running plesk.. or any websites?
<Gorlist> plesk + hosted domains
<Gorlist> compermised domain do you think?
<Gorlist> because just looking through the ftp logs one of the clients had a breached subdomain login after many attempts
<p1l0t> Daviey: sites that I have been using recently haven't tried any others
<Daviey> Gorlist, Almost certainly either a rouge php script, a vulnerability in the scripting (ie, injection) or a generic webservice with a major vulnerbility
<Daviey> Gorlist, If the FTP service has been compromised, it's easy enough for someone to then upload a php file with bad stuff in it - then execute it.
<p1l0t> Daviey: it only does it when I am using SSH as a proxy
<Gorlist> yep
<Daviey> p1l0t, did you clear your cache and restart your browser?
<Gorlist> Daviey,  do think the server is already compromised, should I reinstall now?
<Gorlist> then reset all of the ftps and step through it over night
<p1l0t> Daviey: I'lll try it now
<Daviey> Gorlist, TBH.. i never trust a compromised server.. Once someone has got it, you never really know what they've done.. If it was me, it'd reinstall
<Gorlist> okay will do that over night
<Gorlist> bummer
<Daviey> Gorlist,  But even so.. something is insecure.. so simply reinstalling and restoring from backup will put the vulnerability back
<Gorlist> well thank you for the help.
<Daviey> Gorlist, no problem.. Sorry it happend :(
<p1l0t> clearing cache didn't help php is definitely fail using ssh as a proxy
<Gorlist> yes I agree, I was going to restore, go through and reset every domain ftp passwordand check the php
<Daviey> p1l0t, Using a proxy and php sites is unrelated.. The php is executed server side and presented to you as html..
<Daviey> p1l0t, Is this doing it on *every* site?
<p1l0t> Daviey: yesand only while using the proxy
<Daviey> p1l0t, can you visit http://erk.daviey.com/test.php ?
<Daviey> with proxy on
<p1l0t> It wants to know what program I should use to open test.php
<Daviey> p1l0t, Okay.. I'm not convinced your browser settings are correct
<p1l0t> proxy off says test complete
<p1l0t> They should be 127.0.0.1:9999 for only SOCKSthen maybe I had http proxy set to that as well
<Daviey> p1l0t, p1l0t it should look like: http://socks.daviey.com/
<Daviey> where 4000 == the value you put for -D4000
<p1l0t> Yeah I had http proxy set to localhost:9999 as well
<Daviey> you don;t want that :)
<Daviey> p1l0t, Have you made it look like mine?
<p1l0t> Yes and it is working now 100%
<p1l0t> :) Thanks again
<Daviey> p1l0t, can you visit http://erk.daviey.com/test.php WITH the proxy enabled
<Daviey> and without it please
<Daviey> p1l0t, I just want to check something..
<p1l0t> test complete
<p1l0t> test complete off as well
<Daviey> p1l0t, erm... Something isn't right
<p1l0t> what's not right?
<Daviey> p1l0t, Your request came from the same IP address twice... which means it isn't going via the proxy
<p1l0t> :(
<p1l0t> Oh well I am at home right now
<p1l0t> I would probably have to go somewhere else and try it
<Daviey> p1l0t, ah yes.. you are ssh'ing to a server @ home?
<Daviey> and are @ home at the moment?
<p1l0t> yes and yes
<Daviey> p1l0t, Okay, that explains it.. Well it looks like it's all set then!
<p1l0t> but I will be going to the airport around 4ish (EST) I can try it there
<Daviey> p1l0t, Keep in mind this can probably not be used to get "free" internet.. if that is your intention.
<Daviey> (and i'm not purely speaking ethically)
<p1l0t> No, I just prefer to be more secure. (and not be filtered either)
<Daviey> ahh.. ok.. good
<Daviey> p1l0t, Ok, in the address bar put about:config
<Daviey> p1l0t, pressed "ok", in the filter type "socks"
<p1l0t> It says I might void my warranty lol
<Daviey> change the option for "network.proxy.socks_remote_dns" to true
<Daviey> p1l0t, Yeah.. that option means you do your dns lookups over socks when available.
<p1l0t> wilco
<p1l0t> network.proxy.socks_remote_dns = true
<Daviey> yup.
<p1l0t> I can't wait to try it, only three hours to go, lol
<zul> Daviey: ping can you have a look at bug #601087
<uvirtbot> Launchpad bug 601087 in eucalyptus "wsdl_generator downloads wrong file for eucalyptus-src-deps.tar.gz" [Undecided,New] https://launchpad.net/bugs/601087
<Mo__> hey guys trying to install samba on ubuntu and then bind it to active directory for a single sign-on. I have been messing around with likewise open source. i was wandering if any of you awesome people had any experience doing the same thing and can point me in the right direction. I am very new at this. Any help would be much appreciated
<drew-buntu> hey all, im having an issue with postfix binding to the wrong port
<drew-buntu> my config is correct
<drew-buntu> but postfix keeps wanting to bind to port 25 and thats the port the spam filter binds to
<drew-buntu> postfix is supposed to be binding to port 25125
<pmatulis> drew-buntu: is this for a private network?
<drew-buntu> public/production server
<drew-buntu> ive had no emails on this box since 3am
<Daviey> zul: i thought i already did an update for it
<Daviey> zul: oh, seems i didn't
<pmatulis> drew-buntu: the spam filter cannot bind to port 25, how would the mail come in?
<drew-buntu> its not
<drew-buntu> thasts the problem
<drew-buntu> postfix keeps wanting to bind to 25, and thats not the port in my cf
<drew-buntu> let me post my master.cf real quick
<drew-buntu> http://pastebin.com/JY4N4Rs6
<drew-buntu> tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      30334/master
<drew-buntu> and as you can clearly see, its binding to the wrong port
<drew-buntu> anyone?
<pmatulis> drew-buntu: where do you get 25125 from?
<drew-buntu> thats an abritary port i have postfix listening on to pass email from the spam filter to postfix
<pmatulis> drew-buntu: i don't see it
<umarmuha> guys i have a mixed environment windows+linux+mac. Trying to look for a single sign on solution so i can bind all my users to linux server or active directory. If anyone has any experience with this please send some helpful links. Thanks
<drew-buntu> umarmuha: likewise
<drew-buntu> macs already work with AD
<umarmuha> drew-buntu: excellent thats exactly the solution i was going to try out but wasnt sure if its legit. Thanks for the info bud
<drew-buntu> sure
<drew-buntu> i dont mean to be impatient
<drew-buntu> but i could use some help with this please
<X-warrior> hello! is it possible to disable some commands to a user? Disable who, ps, top, and others to some specific users?
<drew-buntu> if you chroot them, then they will not have access to most of those until you set up symlinks inside the jail
<giovani> drew-buntu: your question sounds very postfix-specific
<giovani> drew-buntu: I'd suggest #postfix -- but if you pastebin your main.cf I'll take a look for you
<giovani> also pastebin 'postconf'
<Krazyderek> having trouble getting a usb printer working, i've got something shared and installed on a windows client but nothing prints
<Krazyderek> someone want to help me make sure i have it installed right?
<giovani> Krazyderek: printing from a server? or you're trying to set up a print server?
<Krazyderek> @giovani print server, i installed cups, and the printer shows up after i create it in webmin but i'm not sure it's right
<guhcampos> I'm trying to setup apache to authenticate against an active directory domain through Kerberos, but I keep getting an "Unsupported key table format version number" error
<guhcampos> any help would be appreciated =)
<Krazyderek> gtg i'll try back tomorow
<Krazyderek> exit
<Yuein> hi is php, python, and perl installed by default on ubuntu?
<cloakable> no
<cloakable> Yuein: no
<cloakable> well, perl and python is, iirc.
<cloakable> php isn't
<Gorlist> evening, quick question - im trying to secure /dev/shm by setting it to "nosuid,noexec" etc, but it doesn't appear in my fstab like the online guides suggest?
<Gorlist> can I use a loopback file like ive done with tmp and var/tmp
<io> Hi I am getting the message 'No PAM profiles have been selected.'. I just purged a handful of packages that were not being utilized
<mikelifeguard> In my crontab, I have a MAILTO= line so I get emails in my actual inbox. But I have one job that should send email elsewhere. Anyone know how I can do that?
<dolittle> Guten Abend
<dolittle> Does anybody know if dhcp3-server supports secure dynamic updates to an windows dns-server?
<chrismsnz> Hey guys - has anybody had any experience running keepalived/ipvs on a recent version of Ubuntu with UFW?
<chrismsnz> UFW seems to be interfering with the load balancer and I'm just looking for some advice
<spartan07_> hey guys any recommendations on a small business server solution that runs on ubuntu? need something where I can gather all emails from co and have a centralized place for files and info sharing <running server 8.04>
<wurc> spartan07 checkout http://www.turnkeylinux.org/ Zimbra
<spartan07_> wurc, very nice thank you!! exactly what I was looking for
<wurc> Glad it helped
<giovani> wurc: interesting project
#ubuntu-server 2010-07-06
<Sorrell> Hey guys, I have a hardware question.
<genii> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<Sorrell> I have a few servers that have a single 1gb networking adapter and I was wondering if I should buy a new NIC with a multiple RJ45 jack on i or just get one with a single RJ45 head and run it with the motherboard input and the external card input
<Sorrell> also if you have any hardware suggestion I would love them.
<Coder7> Sorrell: that depends on what you need the extra jacks for
<CppIsWeird> Sorrell, really depends on what you're trying to do.
<CppIsWeird> Sorrell, i dont think you need servers with more than one ethernet interface.
<CppIsWeird> Sorrell, if you are desiring such functionality you should switch to a fabric infrastructure
<Sorrell> I am setting up a DNS server. They will be in that. One will be exterior and one will be internal
<CppIsWeird> Sorrell, make use of switches.
<CppIsWeird> Sorrell, MUCH cheaper.
<Coder7> Sorrell: if you are using bind, there is no need to have different physical interfaces.
<Sorrell> really, I didn't know that.
<Coder7> Sorrell: you can configure who gets access to which versions of the zone files based on source addresses
<Coder7> Sorrell: all of my DNS servers have multiple views, but a single interface
<Sorrell> I will have to look into that. Thanks Coder7  and CppIsWeird
<CppIsWeird> yw. but i think Coder7 knew what you were talking about. :-P
<Coder7> Sorrell: http://pastebin.com/KBF9unpp
<Sorrell> I know it wasn't a very good explanation.
<Coder7> that was a snippet of a bind config file
<Sorrell> ty
<Coder7> all 10.0.0.0/8 and 127.0.0.0/8 addresses get the inside view, everything else gets the outside view
<Sorrell> okay
<CppIsWeird> im on a windows machine puttying to a linux server. can i use scp to transfer a file from one to the other?
<qman__> CppIsWeird, use pscp.exe, it's included in the putty installation if you used that
<CppIsWeird> ok.
<qman__> the actions must be carried out from the windows machine, because windows does not have an SSH daemon
<qman__> but you can transfer files in both directions using it
<dale__> If pscp.exe isn't included in the putty installation, look for "winscp" on Google.
<CppIsWeird> what do these things mean [ ] in bash scripting?
<qman__> brackets are used for a number of things
<qman__> provide some context
<CppIsWeird> so i was just told to run ". eucarc" and someone called it "sourcing eucarc" can i get a little more explaination please?
<qman__> it basically sets a bunch of temporary variables
<qman__> you can also run "source eucarc" to do the same thing
<qman__> to see what variables they are, less eucarc
<CppIsWeird> so "sourcing" is not the same as "running" a batch file? or the eucarc is not a "batch" file, its a "source" file?
<CppIsWeird> bah
<qman__> well, there are no batch files
<CppIsWeird> replace batch with bash and ignore the windows connection
<qman__> but eucarc is not being run, so much as parsed
<qman__> more like a configuration file than a shell script
<CppIsWeird> okay. thanks. :-)
<Jordan_U> CppIsWeird: Sourcing is basically equivelent to copying and pasting the contents of the file into the shell, it runs the commands in the current shell rather than spawning a new one (which means among other things that variables set in the script persisist in the shell after sourcing it)
<CppIsWeird> ahh, okay.
<CppIsWeird> that makes more sense.
<giovani> I wonder if there isn't a better solution to the fragmented linux distro support channels on freenode
<debugview> hi, is it possible to install a GUI for ubuntu server if i only have SSH remote access?
<debugview> how would i access it like remote desktop to that of windows RDP?
<hallyn> vnc
<hallyn> you'd start vncserver on the server, and run vncviewer on the client to connect to it.  are you sure you need a gui?
<hallyn> (got a fast link from client to server?)
<debugview> hallyn, yup
<debugview> i wanted to run vmware on it etc
<debugview> hallyn, how would the vnc recognise the system then since its CLI only?
<Roxyhart0> hi there. somebody have any guide to intall a NAT in ubuntu server?
<debugview> Roxyhart0, try http://ubuntuforums.org/showthread.php?t=713874
<Roxyhart0> great thanks!
<debugview> hallyn, ping
<debugview> i am looking at NX wonder if its good
<hallyn> debugview: sorry, wandered away
<hallyn> debugview: vnc works quite well, id say just give it a shot
<debugview> ok
<debugview> hallyn, i dont need to install X and stuff right?
<debugview> or whatever KDE/GNome desktop etc
<hallyn> yoiu don't need kde/gnome, but you'll need to pick some window manager
<hallyn> fvwm isn't a bad one...
<hallyn> venerable
<hallyn> so yes you do need x i suspect
<debugview> hallyn, what are your opinions on http://www.nomachine.com?
 * hallyn takes a look
<hallyn> debugview: ah, nx
<hallyn> i haven't tried it, have heard good things
<hallyn> i won't recommend against it by any means
<hallyn> i just rarely use x remotely for anything...
<debugview> oh okie i will try vncserver and see how it goes
<hallyn> linux journal had a favorable article on NX, which was the first i'd heard of it i believe
<debugview> hallyn, sometimes i just hate using CLI for anything :D
<hallyn> :)
<debugview> i am shifting from windows 2008 to a linux variant
<debugview> so just trying out
<hallyn> debugview: i think your first instictmight have been right, NX might be most like what you want
<debugview> that leaves the installation portion to be desired :x
<hallyn> what do you mean exactly?
<hallyn> you want to minimize your work, or the work on the part of the servers?
<hallyn> (just curious)
<debugview> minimize my work
<debugview> i dont mind working with CLI but sometime editing conf files or what
<debugview> installing stuff
<debugview> i rather cut down the chase
<debugview> than trying to tinker around why X doesnt work because Y needs to be modified but Z have yet to be installed so Y cant work etc..
<debugview> a UI would very much cut that portion down
<debugview> of course your opinions might differ
<hallyn> maybe i should do a short blog post on the shortest (imo) way to get a remote gui on ubuntu server...  would probably get some arguments :)
<debugview> hallyn, please do and pm me your blog url so i can add it to my daily must read blogs list
<debugview> better not spam me with popups :<
<hallyn> if it were me, i would 'apt-get install tightvncserver vncviewer fvwm', start up a vncserver running fvwm (takes roughly 3 steps the first time), and then you're running
<hallyn> lol - "caching
<hallyn> "
<hallyn> ca-ching that is
<debugview> let me google what is fvwm
<hallyn> just an old window manager
<hallyn> installing gnome-desktop will probably give you exactly what you'd expect from a normal login screen.  so if your servers and net link can handle it, do that
<CppIsWeird> how do i mount a cdrom?
<hallyn> 'mount /dev/cdrom /mnt/cdrom'
<CppIsWeird> ty
<debugview> hallyn, heh a xeon server would handle that fine :(
<CppIsWeird> special device /dev/cdrom does not exist?
<hallyn> CppIsWeird: (you might need to dmesg to check which device was actually assigned)  do make sur eit wasn't already auto-mounted by yoru desktop under /media/?
<hallyn> dmesg| tail, it's probably /dev/sdc1 or somesuch
<debugview> hallyn, apt-get install gnome-desktop-environment  first yeah?
<hallyn> debugview: yup
<hallyn> (had to check aptitude real quick)
<debugview> hallyn, i guess it will install X dependencies if its missing?
<CppIsWeird> never mind, would help if i was in the right ssh window >_<
<debugview> CppIsWeird, hehe
<CppIsWeird> too many servers! they're here to SERVE us!
<debugview> destroy them with coffee
 * hallyn has done that...
<hallyn> debugview: yes, alldependencies should be auto-installed
<hallyn> debugview: mind you i've not tried it, but if not i'd call it a big bug
<debugview> hallyn, ha..cant expect much from linux :x even windows have their quarks
<hallyn> heh - i expect the world from it :)
<debugview> i was trying centos the other day
<debugview> and it was a horrible experience
<debugview> i had all the dependecies install and yet ./configure keeps saying its not installed :(
<hallyn> centos is based on pretty old rhel right?
<Shapeshiftr> ok, I need some help. It's a bit specific, but I think I'll be able to explain the general idea. I need to run an .exe (with mono) on 10.04 command line, while also being able to access the user@server1:~$ command line.
<debugview> i have got no idea seriously :x
<Shapeshiftr> how do I go about doing this?
<debugview> Shapeshiftr, erm open two sessions?
<Shapeshiftr> ..?
<Shapeshiftr> how?
<hallyn> Shapeshiftr: run 'screen' or 'byobu' (a themed screen) i think
<Shapeshiftr> hrm, i tried screen, but to no avail.
<debugview> what about dtach?
<hallyn> Shapeshiftr: the mono prog should just run persistently in the background?
<Shapeshiftr> 1) How do I switch between screens once on the .exe's command line? 2) will it stay open once I close putty?
<hallyn> control-a control-c to create a new screen
<hallyn> then control-a control-d detaches the screen
<Shapeshiftr> ctrl-c closes, right?
<Shapeshiftr> hmm?
<Shapeshiftr> detach?
<hallyn> sorry, control-a c
<hallyn> yes, so then you can log out that putty session,b ut teh screen session keeps going,
<hallyn> and you can log back in, and re-attach
<hallyn> using 'screen -r'
<debugview> yeah screen is basically the easiest to use
<hallyn> it stops me mostly having to worry about junk like 'nohup'  :)
<debugview> hehe
<Shapeshiftr> I tried nohup, lol, i think it failed.
<debugview> hallyn, btw the gnome-desktop installation is still ongoing
<debugview> my server definitely needs bluetooth..rofl
<debugview> i am so gonna bluetooth to my server from miles away
<Shapeshiftr> so, I typed in screen, then I started my .exe. now what?
<debugview> press Ctrl A
<debugview> then Ctrl D
<hallyn> i've just re-comissioned an 8-yr old laptop, so i'm running a very barebones 'dwm' window manager :)
<debugview> to detach back to your command line
<debugview> your linux commandline that is
<debugview> to resume type screen -r
<Shapeshiftr> ok, now to test.
<Shapeshiftr> :D
<debugview> if you have multiple screens you have to specify the number of the screen
<Shapeshiftr> D:
<debugview> screen -r 123456
<Shapeshiftr> no, didn't work?
<hallyn> btw you can name the session using 'screen -S myname'
<Shapeshiftr> screen -x shows all screens, right?
<debugview> Shapeshiftr, define not working...
<debugview> crash? etc...
<Shapeshiftr> one sec.
<hallyn> Shapeshiftr: screen -list
<hallyn> -x is something different
<debugview> hallyn, i wish i have the time to play around with DWM...but i guess it will need lots of configuration doesnt it?
<hallyn> debugview: i do reconfigure it, but on this laptop am using it stock, it's still very nice.
<Shapeshiftr> There are several suitable screens on:
<Shapeshiftr>         20853.pts-0.server1       (07/05/2010 09:50:30 PM)        (Detached)
<Shapeshiftr>         20065.pts-0.server1       (07/02/2010 11:26:48 PM)        (Detached)
<Shapeshiftr>         9048.pts-0.server1        (07/02/2010 10:52:47 PM)        (Detached)
<Shapeshiftr> Type "screen [-d] -r [pid.]tty.host" to resume one of them.
<Shapeshiftr> hmm.
<Shapeshiftr> type what?
<hallyn> but you do need to make sure you know the names of the progs you use...  often unrelated to the menu entry listing :)
<hallyn> Shapeshiftr: screen -r 2853 i guess
<Shapeshiftr> I want the 05 one, of course.
<Shapeshiftr> ok, that number?
<hallyn> Shapeshiftr: yes really i think any unique substring int he name will work
<debugview> yeah using a name is easier
<debugview> but i usually try one by one till i get the correct one
<debugview> its fast anyway
<Shapeshiftr> how do I close a screen, then?
<debugview> just exit your application then type exit
<qman__> exit the shell
<debugview> just like what you normally do when you exit your console
<qman__> exit, logout, ctrl+D, etc
<Shapeshiftr> oh, oh, right.
<debugview> Shapeshiftr, how's the mono support on linux already?
<debugview> the last time i tried it was still buggy
<Shapeshiftr> it's fine, I think.
<Shapeshiftr> the program i'm using was developed with mono support.
<hallyn> (you can also just do control-a K to kill the screen session)
<debugview> maybe i might go back using mono for linux
<hallyn> yeah mono is what i need to get netflix on linux one day right?
<debugview> or java
<hallyn> lol - or python :)
<debugview> hallyn, ok i am done with apt-get  install gnome-desktop
<qman__> I refuse to use mono on principle alone
<debugview> what else do i need to know?
<debugview> qman__, meh..man it up and chuck those principles aside :D
<qman__> mono does not offer anything for me
<qman__> besides, ignoring principles is the exact opposite of "manning up"
<debugview> qman__, i kid :<
<debugview> hallyn, are there any special "clients" that i need to view gnome desktop remotely after installing it via CLI?
<qman__> you need a VNC client
<qman__> I recommend tightVNC
<debugview> qman__, what's the noob level on that?
<debugview> i mean difficulty
<qman__> I'm not qualified to gague it
<debugview> alright
<qman__> since I'm the type who would never bother installing a GUI on ubuntu server
<debugview> lucky you :(
<debugview> i might stop using GUI once i get the hang of it
<qman__> it really does not provide any advantages
<debugview> tightvncserver - virtual network computing server software
<qman__> all the services, configurations, etc will all be done from the command line anyway
<debugview> i guess this should be th eone
<qman__> you'll just have some gnome-terminals open, doing exactly the same thing you would over SSH
<debugview> yeah i know i am just making my life easier, less stressful
<debugview> for starters
<hallyn> debugview: yes, that's the server, then you'll need the client (apt-get install xtightvncviewer) on the remote end
<qman__> GUIs have their place, but ubuntu server is not it
<debugview> hallyn, yea but i am using windows
<qman__> I don't understand how it could be any easier
<debugview> so i will get the windows equivalent
<hallyn> debugview: oh, then.  whatever is the windows vnc client :)
<hallyn> yeah
<debugview> qman__, yeah just for starters like i said no harm
<qman__> well that's just it, it makes things complicated
<debugview> in fact i am learning about CLI just by doing all this installing stuff am i? :D
<qman__> X opens a lot of potential security issues
<qman__> and uses considerable resources
<debugview> hallyn, do i need to configure any files for tightvncserver after installing it?
<qman__> the same goes for VNC
<hallyn> debugview: since you want to run the gnome desktop, i don't think so - it shoudl all jsut do what you want
<qman__> don't use VNC over the net, at least not without an SSH tunnel
<qman__> that's asking for trouble
<hallyn> agreed on the ssh tunnel for vnc!  was assuming your'e on a local link
<debugview> why? its not encrypted?
<hallyn> heh, no.
<qman__> no
<qman__> and the authentication is limited to an 8-character password
<hallyn> read the original paper.  it's an academic exercise :)
<qman__> cracking it is child's play
<qman__> there are bots that search the net for open VNC servers
<qman__> just like they search for SSH servers
<debugview> lets say i installed the vncserver already
<debugview> its using my root password to login right?
<qman__> no
<hallyn> debugview: so on the CLI bit - you said you wanted vmware so i think you must have GUI for that, but i'd suggest you look into libvirt CLI with kvm/qemu
<qman__> and you should not have a root password
<qman__> if you do, and you want to keep it, there are other things you need to change to secure your system
 * hallyn will abstain from getting into any arguments tonight about sudo vs. having a root password
<qman__> that argument aside
<qman__> many things are configured to allow root logins
<qman__> that should not be
<qman__> such as SSH
<giovani> heh
<debugview> qman__, yeah mine doesnt allow root login
<debugview> i have to do a sudo once i login using another account
<qman__> you need to disable those if you want to give root a password
<giovani> I'd love to discuss mass server management with qman__ sometime
<debugview> gosh tightvnc website is so freaking slow
<debugview> cant even download their client
<qman__> of course, using passwords at all is not really that good of an idea these days
<qman__> but you have to draw the line between security and usability somewhere
<giovani> well, you have protect your bios/bootloader somehow
<giovani> I've yet to see something other than passwords implemented
<qman__> that's really a moot point
<qman__> if your physical security is compromised, it doesn't really matter what you do
<giovani> neither of those is specific to physical security
<giovani> s/is/are/
 * hallyn draws out his broadsword
<giovani> sorry, I don't mean to hijack an otherwise mild conversation
<debugview> but then you cant login without providing a password
<hallyn> lol
<giovani> we can continue this after helping debugview
<debugview> what sort of authentication exists besides password?
<qman__> key-based
<debugview> but isnt that based on a password to generate the key file too
<qman__> no
<giovani> no
<qman__> it is randomly generated
<giovani> and sometimes the key is additionally encrypted with a password -- but, ultimately, the key itself is a far better method of providing remote access
<qman__> there are other types but key-based is arguably the strongest and most convenient
<qman__> but it's only secure as long as you keep your keys safe
<debugview> hallyn, ok i ran the vnc client and i entered my IP and it says connection failed? how do i know if its working on the server side?
<debugview> qman__, you mean like the german spy? :x
<giovani> I hear russian spies are really good at encryption
<giovani> :)
<qman__> ps ax | grep vnc
<debugview> 22918 pts/0    S+     0:00 grep --color=auto vnc
<debugview> root@27AO33:/home/sysadmin#
<qman__> well, unless the daemon does not contain 'vnc' in its name, it's not running
<debugview> ok that makes sense..now i will need to figure out how to run this tightvncserver after installing it
<qman__> I don't know enough about the server to say for certain, but there may be a configuration preventing it from starting in /etc/default
<Shapeshiftr> how do I delete the contents of a directory?
<qman__> like "IS_CONFIGURED=no"
<debugview> rm -R ?
<qman__> rm
<Shapeshiftr> mmk.
<hallyn> debugview: did you do 'vncserver' to start a server session?
<giovani> Shapeshiftr: do you want to delete the directory AND its contents? or just its contents?
<Shapeshiftr> And, lol, the reason why it wasn't working was because the program didn't have mono support in that revision >_<
<Shapeshiftr> just the contents.
<qman__> rm directory/*
<qman__> that won't remove hidden files though
<giovani> well, rm -r directory/*
<giovani> in case there are subdirs
<Shapeshiftr> that's fine, I created the directory.
<Shapeshiftr> and there are subdirs
<debugview> hallyn, yeah i did
<giovani> so rm -r then
<debugview> i did a netstat -an and there is a port listening on 5901
<qman__> the default port for most clients is 5900
<qman__> try specifying 5901
<debugview> sweet, its working
<debugview> \o/
<debugview> i am enlightened
<giovani> you are living dangerously ;)
<qman__> now that you have verified that it works, I suggest you immediately turn it off
<qman__> and use SSH tunnels instead
<debugview> ok a question that begs to be asked, how do i turn it off? :x
<debugview> i know its easy doing kill -9
<debugview> but is there a better way?
<hallyn> you can do 'vncserver kill :1', but
<qman__> that's the last resort way to kill processes
<hallyn> really what you want is to just prevent access to port 5901 directly using ipfilter i assume
<qman__> if you started it by running 'vncserver', do `ps ax | grep vncserver` to get the PID, then kill that PID
<hallyn> you don't need to stop the server
<qman__> really, it should be running as a daemon with an init or upstart script
<debugview> oh yeah
<Shapeshiftr> I can't sudo rm -r
<Shapeshiftr> nothing happens.
<debugview> root@27AO33:/home/sysadmin# tightvncserver -kill :1
<debugview> Killing Xtightvnc process ID 22930
<qman__> ShadeS, no output means it's working
<qman__> err
<qman__> Shapeshiftr, ^
<giovani> Shapeshiftr: you sure you want to run it with sudo?
<Shapeshiftr> but I looked at the directory in filezilla, and all the files are still there.
<giovani> and, you'll of course need to supply the directory as we instructed
<Shapeshiftr> i did.
<qman__> make sure it refreshes
<giovani> "rm -r /path/to/directory/*"
<Shapeshiftr> mmhm, giovani
<debugview> ok what is this SSH tunnel stuff? does it allows remote desktop like VNC too?
<qman__> no
<giovani> Shapeshiftr: trust me -- it's a simple command -- you likely didn't run it properly, or, as qman__ points out -- refresh FileZilla
<qman__> an SSH tunnel allows you to forward your VNC connection through an encrypted, authenticated channel
<hallyn> debugview: 'ssh -L 5951:localhost:5901 server.name' and then you can do 'vncviewer localhost:51"
<qman__> first, configure your VNC server to only listen on localhost
<Shapeshiftr> ah, refreshing wokrs.
<Shapeshiftr> *works
<giovani> sigh
<debugview> "Probably, the best way to secure Xvnc server is to allow only loopback connections from the server machine (the -localhost option) and to use SSH tunneling" according to google...i am gonna try it
<Shapeshiftr> yeah, really, giovani >_,
<Shapeshiftr> I'm quite the beginner with command line OSs
<giovani> I don't think FileZilla qualifies as a command-line tool
<debugview> i am really surprised ubuntu doesnt have a remote desktop built in like windows RDP
<qman__> ubuntu desktop does, it has uses VNC
<qman__> this is ubuntu server
<giovani> debugview: completely different target markets
<giovani> they're not competing OSes really
<qman__> on ubuntu server, the GUI only complicates things
<qman__> especially if you let it install NetworkManager
<hallyn> gah
<qman__> then you're in for a real mess
<hallyn> just removed that from my new xubuntu install a few hours ago
<giovani> xfce's bloat man
<giovani> stay away from that
<debugview> <hallyn> debugview: 'ssh -L 5951:localhost:5901 server.name' and then you can do 'vncviewer localhost:51" <-- is this for linux only?
<qman__> the only kind of ubuntu server that needs X is an LTSP server
<qman__> which is a special case
<qman__> debugview, that's the command when using the openssh client
<qman__> if you're using putty, you have to configure it
<hallyn> giovani: i did - removed gdm next, and am running dwm
<hallyn> but had to start somewhere, and server doesn't ahve wireless
<giovani> why did you even install xubuntu then?
<giovani> just do a minimal install
<giovani> you mean the server kernel doesn't
<giovani> you don't need to run the server kernel
<hallyn> <shrug>  i've only got 5 cds available to burn and this old laptop wont' boot off usb
<giovani> dwm's pretty old-fashioned
<hallyn> rock on
<giovani> try a newer, more awesome tiling window manager
<giovani> xmonad, awesome, stumpwm
<hallyn> i use wmii ocne in awhile
<hallyn> the nice thing about dwm is it's simple enough there's no thinking involved at all
<hallyn> i have considered trying awesome
<giovani> xmonad is pretty nice
<qman__> I haven't tried any of those
<qman__> I used to use fluxbox back when I ran gentoo
<giovani> qman__: what wm do you run?
<hallyn> hah - stumpwm  - i havne't run a lisp wm since i tried gwm in 1996
<debugview> hallyn, does the stuff i run over VNC terminate if i close the vnc session?
<giovani> haskell is where it's at
<hallyn> debugview: not if you terminate the client
<hallyn> if you terminate the server, then yes - unless you run screen in each terminal under vnc :)
<giovani> but stumpwm is pretty clean -- a few people at work use it
<giovani> particularly the emacs folks
<hallyn> giovani: i'm looking (obviously)
<qman__> and I've used iceWM, which I rather liked, but it's kind of broken in ubuntu
<giovani> hallyn: looking?
<giovani> qman__: all the good wms are broken in ubuntu
<qman__> on a day to day basis I just use regular ubuntu/gnome
<giovani> that's what happens when the user community goes mainstream
<giovani> yikes man
<giovani> how do you function?
<qman__> slowly
<qman__> ;)
<qman__> my desktop is still running karmic
<qman__> because I don't want the mess that is the new UI
<giovani> with lots of carpal tunnel with the mouse movement
<giovani> xmonad is pretty broken in lucid
<giovani> took about 15 minutes to fix it
<hallyn> dwm work sfine out of the box :)
<debugview> hallyn, yeah ssh tunneling work too
<debugview> connecting to localhost:5901
<hallyn> configs are still nice, but it's not broken
<giovani> hallyn: ratpoison worked out of the box
<hallyn> debugview: cool
<giovani> on lucid
<giovani> you could try that, it's what stumpwm is based on
<hallyn> debugview: note that the vnc session port is 5900+index, so server:1 = port 5901
<qman__> but yeah, I just haven't had much time to mess with it
<debugview> hallyn, roger
<hallyn> giovani: mind you i'm happy with dwm atm :)  but i'm looking at stumpwm pages out of curiosity
<qman__> I got gnome to a tolerable layout and just deal with the slowness
<giovani> hallyn: dwm is lame by comparison to anything new
<giovani> not customizable to the same level
 * hallyn chuckling
<giovani> glad I can provide entertainment :)
<qman__> my biggest complaint about it is firefox, though
<qman__> it gets worse with every new version
<giovani> qman__: what's "it" in this context?
<qman__> firefox
<giovani> your biggest complaint about firefox is firefox?
<qman__> er, the first it, being the gnome setup
<giovani> ah
<giovani> well firefox is slow no matter what wm you run
<qman__> everything else isn't too bad performance wise
<hallyn> well, i was happy with vimprobable for awhlie, but it broke on 64-bit so i'm using surf.  any better browser suggestions?
<giovani> I need firefox
<giovani> all those extensions I'm addicted to
<qman__> yeah
<qman__> as terribly bloated and broken as it gets
<qman__> nothing else offers the right featurs
<giovani> it's still got more functionality than any other
<giovani> so I use it
<hallyn> 'itsalltxt' is the only plugin i'm using these days
<giovani> I have like 75 extensions
<giovani> use every one of them
<hallyn> jinkeys
<qman__> also, it's the new fad to screw up the tab order, even firefox jumped on it
<qman__> don't upgrade to firefox 3.6
<giovani> tab mix plus ftw
<qman__> I used to use tabbrowser preferences
<qman__> but that one died off
<giovani> tab mix plus
<giovani> trust me
<qman__> my system is to the point where I just have to leave flash and java disabled
<qman__> firefox crashes every time it loads one
<qman__> I use other browsers to view flash objects
<giovani> that sounds abnormal
<qman__> it used to just crash sometimes
<giovani> try upgrading flash and firefox
<giovani> it really works fine for me
<giovani> once in a while a crash, yes
<giovani> but 3.6+ includes the plugin crash handling iirc
<qman__> I've been upgrading this same install since 7.10
<qman__> does lucid have 3.6 in it?
<giovani> yes
<qman__> ok
<giovani> you'll want to use 32-bit of course
<qman__> yeah
<giovani> adobe has stopped supplying 64-bit flash again
<qman__> oddly enough, this is my only 32-bit system left
<qman__> it's got a 64-bit processor, but support was bad three years ago
<giovani> all of my laptops/desktops are atoms now
<giovani> cloud computing ;)
<debugview> hallyn, ok i had fun with the gui i guess i can remove gnome-desktop-environment now
<debugview> is there a way to purge everything back to where it was before the install?
<giovani> sudo apt-get remove gnome-desktop-environment && sudo apt-get autoremove should remove everything that installed as a result of that
<giovani> but back to pristine new install condition? not that I'm aware of
<qman__> but will leave config files
<qman__> use purge instead of remove to delete those
<giovani> true
<qman__> but it'll still be changed
<debugview> changed as in?
<qman__> when you install that many packages, things are bound to get changed
<Shapeshiftr> ...
<qman__> it's a removal or a purge, not an "undo"
<Shapeshiftr> it's still not working.
<hallyn> debugview: so you don't need to run vmware?
<Shapeshiftr> I can't connect to the server.
<Shapeshiftr> I've updated to the mono-supported version.
<Shapeshiftr> still no.
<debugview> hallyn, i think i will skip it and i will try to install the software manually myself instead of loading windows inside ubuntu server
<hallyn> excellent
<Shapeshiftr> debugview, can you think why it wouldn'
<Shapeshiftr> t be working? even out of screen?
<debugview> Shapeshiftr, what is not working?
<dolittle> Is there a way to perform secure dynamic dns-update with dhcp3-server on an ad-based dns-server?
<Shapeshiftr> that server i was trying to get up.
<qman__> dolittle, "secure dynamic updates" use AD authentication
<qman__> that is a feature that is not implemented in any open source DNS/DHCP softwares I know of
<hallyn> Shapeshiftr: no error msgs in the screen session?
<Shapeshiftr> nope.
<Shapeshiftr> I'm talking to the creator, too, to see if it's a coding issure.
<Shapeshiftr> *issue
 * hallyn out for awhile
<chrismsnz> hey guys - anybody here have some experience with supervisord?
<p1l0t> So in my auth.log I have seemingly brute force attempts at getting root from shanghai China via SSH2
<p1l0t> Is there a way to limit attempts from IP to like 2 per day...
<qman__> yes
<qman__> see the iptables recent module
<qman__> if that's difficult to implement with an existing firewall, there is also fail2ban
<qman__> of course, disabling password authentication on SSH is even better
<p1l0t> How would one connect then?
<qman__> key-based authentication
<p1l0t> Oh so only my cell phone or my netbook could connect..
<qman__> only a device containing a valid key for the user they are attempting to log in with
<twb> Under what circumstances will 8.04's mount believe that an LVM snapshot of its root filesystem is
<twb> mount: unknown filesystem type 'silicon_medley_raid_member'
<twb> The nightly backup has failed that way twice in the last month.  (The other nights, it succeeded.)
<twb> Google suggests it's a misbehaving fakeraid controller.  The fakeraid should be off, but I've told the proximal monkey to check for a "more off" option in the BIOS.
<netwidget> New to Ubuntu, Linux, and networking.  Setting up home network on server 10.04 with all DHCP.  DSL is DHCP.  does dynamic DNS allow me to set up static  IP in server?
<twb> netwidget: "dyndns" and similar services allow you to have a fixed DOMAIN NAME (e.g. fred.nurk.name) with a (potentially rapidly) changing IP.
<twb> I don't know of any other "dynamic dns"
<netwidget> So if I registered a domain of say home.lan with dyndns would I then be able to use home.lan say in Bind9 to resolve nameservers and hostnames?
<netwidget> That is Bind9 configured on the server?
<twb> dyndns replaces running your own bind
<twb> You shouldn't be running bind on a home network unless you're a bearded unix veteran who can't see his toes for the beer gut
<netwidget> twb - Thx for the imagery.  So if I set up DDNS with domain of home.lan and my servers hostname is servermain, how do I get host computers to find home.lan.servermain?
<jmarsden> You don't, it would be called servermail.home.lan :)
<twb> Note that ".lan" is not (yet) a valid top-level domain, so that'd only be for internal, not public, use.
<netwidget> jmarsden - I assume you meant servermain.home.lan?
<jmarsden> Indeed.
<netwidget> twb - Yes it would only be for private LAN.  I am trying to simply keep the LAN talking on the client/server level using resolved naming without assigning in ip addresses
<twb> netwidget: well, if it's for internal use, dyndns doesn't make sense.
<twb> Since you're using .lan, I guess you have an OpenWRT router?
<netwidget> Not sure what the OpenWRT router is but the .lan was just an example.  My uses for the home LAN are file server, printer server, web development server (testing).  No public access just private access to net.  How do I get client computers to see server (by name) and vs versa to mount drives and create mount-points?
<jmarsden> twb: I think netwidget wants a DHCP server to assign IP addresses "dynamically", and to have the host A records auto-added to DNS by the DHCP server.
<twb> jmarsden: yeah.  That's why I asked about OpenWRT, because it runs dnsmasq and it Just Does That
<twb> jmarsden: so all he'd have had to do is edit /etc/hosts and /etc/ethers on the router and/or configure dhclient3 to have: send host-name "servermain";
<netwidget> twb, jmarsden, - I have a basic DSL account (non static), I have a Netopia 3347 modem/router from ISP set to DHCP for WAN and LAN sides. Wireless is turned off because I have a second Linksys WRT300N router sending wireless and is used as a switch for cabled ether.  Server is cabled to Lynksis.  Linksys is also set to DHCP both sides.
<jmarsden> twb: OK.  Without it, he'll need to set up dnsmasq or some equivalent on the server, instead.
<twb> Right
<twb> It's not hard to set up dnsmasq, I just didn't feel like going through it
<twb> jmarsden: the main point is that because dnsmasq serves both DNS and DHCP, it automatically knows how to integrate them -- cf. isc dhcp + bind
<jmarsden> Makes sense.
<rahman> Hi,  I installed openldap on 9.10 server but when I do "slapadd -l example.ldif"   I get this: "Available database(s) do not allow slapadd"  here is ldap.conf : http://pastebin.com/fzZPZbcL
<netwidget> Was planning on moving server to DSL router (direct cable) and run the Lynksys as a nested lan from the server.  Don'
<netwidget> Don't know if that will required port forwarding on the DSL router and wether that will interfere in the dnsmasq?
<jmarsden> netwidget: Your internal machine naming and name resolution are only within your LAN, so the router shoudn't need to care about them.
<twb> Basically your internal DHCP and DNS servers need to care
<twb> But if they're on your all-in-one appliance router, then you're probably screwed
<jmarsden> twb: Well, so you disable them in the router and add them to your server.  But yes.
<twb> Yeah.
<twb> Where "screwed" means "do it a different way"
<netwidget> So than I should install the dnsmasq services on the server and set dhcp range in /etc/dnsmasq.conf?  other than configuring the nameservers and resolving hostnames in conf files on server do I just the DHCP ranges of the routers for no conflicts?
<jmarsden> Turn off the DHCP server in the router completely.
<huats> morning
<netwidget> Are you referring to the DSL router (connection to ISP)?
<netwidget> jmarsden:  Since the Linksys wireless is going to provide wireless connectivity to the LAN, I assume that it needs to have a static IP address from the server and have DHCP turned on for the nested LAN.
<jmarsden> netwidget: Probably; if you can put it into "Access Point Mode" and then set its LAN IP manually, that should be fine.  You don't want it doing any routing, if I am understanding you correctly.
 * jmarsden is off to bed...
<netwidget> jmarsden, twb: Thanks for the help.
<jmarsden> You're welcome.
<taneli> grub not finding hdd's; only grub rescue prompt is shown
<twb> taneli: are the disks in a software RAID array?
<taneli> yep
<twb> Grub doesn't support that properly
<twb> You need to boot a live CD or similar, and reinstall the grub MBR
<twb> You MAY be able to get it working by swapping the order of disks in the array
<twb> Basically, what happens is that grub is very stupid and records the disk number (according to the BIOS), so when the first disk fails, and the BIOS renumbers the disks, grub MBR loads of /dev/sdb, which is now /dev/sda, and the MBR tries to bootstrap /dev/sdb, which no longer exists.
<taneli> nice
<twb> (I'm assuming you're having the same problem as me.)
<taneli> propable
<twb> It happens to me about once a month with servers I have in South Africa and Israel, which is a bloody nightmare to fix
<taneli> nothing helps to get it stable?
<twb> Fortunately, extlinux doesn't have this problem!
<twb> taneli: like I said, swapping the disk order or putting a blank drive in the first SATA slot *might* help.
<twb> taneli: it depends on how "clever" the BIOS is
<uvirtbot> New bug: #602155 in samba (main) "sambadidn't install" [Undecided,New] https://launchpad.net/bugs/602155
<taneli> twb: how can i tell grub, that my / mountpoint is on lvm-partition
<twb> You don't tell grub that
<twb> You tell your RAMDISK that.
<twb> Typically something like root=/dev/mapper/VGraid-LVroot
<RoyK> taneli: iirc you can't boot off lvm, I think you need a separate /boot partition to use lvm as root
<twb> grub2 *can* boot with /boot on LVM.
<twb> But it's probably a dumb thing to do
<twb> s/probably/usually/
<twb> I'm netbooting a 10.04 image, using casper to merge the read-only NFS root filesystem with a tmpfs ramdisk
<twb> Most of it's working, but /home (a read-write NFS mount) isn't ever mounted during boot.
<twb> How do I debug upstart enough to find out what's wrong?
<twb> (I suspect it's because an event like "net-device-up" is never generated, because it's up BEFORE init starts.)
<alvin> twb: Are you talking about lucid or karmic?
<alvin> In Lucid, my NFS mounted home is up 'late' after boot. I just have to wait a bit before logging in.
<twb> lucid
<twb> alvin: I *need* it to come up before gdm
<alvin> Ah, did you use the undocumented 'bootwait' option?
<twb> I don't *think* it comes up at all, let me check.  It's hard to tell because plymouth eats /dev/console when gdm starts
<alvin> You can check mountall in /var/log/boot.log See bug 504224
<uvirtbot> Launchpad bug 504224 in mountall "NFS mounts at boot time prevent boot or print spurious errors" [Medium,Fix released] https://launchpad.net/bugs/504224
<twb> The last thing in boot.log is init-bottom (from the ramdisk)
<twb> I'll try nobootwait, anyway.  I'll also stick a single in there and disable /etc/init/gdm.conf, so I have a bit more visibility about what's happening
<twb> I *was* getting the 504224 in some other builds, but I don't think I'm getting them now
<twb> alvin: even with nobootwait, I see it bitching about rpc.statd not running
<alvin> Might be bug 484209
<uvirtbot> Launchpad bug 484209 in nfs-utils "/etc/init/statd.conf: race with portmap startup" [Medium,Fix released] https://launchpad.net/bugs/484209
<twb> In this current boot, rpc.statd is definitely running when I look for it, and at that time "mount -a" gets me a /home
<twb> I'm running lucid with all patches from -security applied, so hopefully bugs marked as "fixed" shouldn't affect me...
<alvin> I don't think 'fixed' means that there is an actual fix in the repositories. All these bugs apply to me too. NFS has been flaky for some releases now.
 * twb rants
<twb> The point of avoiding non-LTS releases is that Ubuntu fixes stuff like this by the time I get here
<alvin> Well, in my experience, Lucid IS more stable than the two previous releases, but most certainly not more stable than hardy. Technologies like mdadm, lvm and NFS show regressions. Maybe I'm ranting too, but I'm not sure about the direction ubuntu is taking.
<twb> The direction of "annoy twb"
<twb> Just because it's a desktop distro they think it's OK to put desktop users first...
<taneli> twb: btw, the problem was a lvm-snapshot. after removing the snapshot the server got back up as expected
<twb> taneli: oh, not that bloody issue
<pmatulis> that's pretty much fixed
<twb> taneli: anything that looks for a UUID will see both snapshot and origin as matching.
<twb> Maybe grub was too dumb to prefer the origin
<taneli> twb: the funny part is: it wasn't a snapshot of my Volgroup-root, but totally different lv
<twb> taneli: OK, then I don't know
<pmatulis> the snapshot/grub2 problem exists in debian as well and a fix has been released.  please see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574863
<uvirtbot> Debian bug 574863 in grub-pc "grub-pc: grub-probe unable to find mapping for /boot on LVM with a snapshot LV" [Grave,Fixed]
<twb> pmatulis: ty
<twb> OK, if I patch all the upstart jobs to dump their scriplets to /var/log, I can see mountall.conf invoking mountall --daemon, which is what appears to run mount and appears to be bitching about rpc.statd not running.
<twb> mountall-net.conf looks for the mountall daemon in order to send a -USR1 to it, but by that time there's no such process -- mountall --daemon has already exited.
<twb> Let's try patching a spinlock into mountall-net...
<twb> No joy; "status mountall" doesn't give a nonzero status for "I've already finished".
<twb> And "status mountall" did completely the wrong thing; it started plymouth (despite "splash" being absent from the boot parameters) and similar nonsense.
<pmatulis> twb: i'm not following what you're doing but is there a bug about it?
<twb> pmatulis: there's no bug report
<pmatulis> twb: why don't you file one?
<twb> Because it's a massive pain in the arse to use launchpad, so I only do it when there's no alternative
<twb> i.e. when I've found and solved the problem and it's ubuntu-specific and now I just need my patch accepted into the archive.
<twb> I'm booting with boot=casper and netboot=nfs, which works in 10.04 as it did in 8.04, except that my -olock,rw NFS mounts /home and /srv filesystems aren't mounted.  They're mounted if I manually invoke "mount -a" after booting with single.  They're listed in fstab immediately after it's generated, at boot, in /usr/share/initramfs-tools/casper-bottom/12fstab
<twb> s/listed/appended to/
<twb> If I prevent gdm starting, on vt7 I can see complaints about rpc.statd not running (which is needed for NFS locking), and tracing /etc/init/mountall-net.conf shows that when it starts, the mountall(8) program isn't running.
<pmatulis> twb: you seem to have a good grip on the matter.  i'm still not sure why you think reporting the last few comments on LP is such a big deal
<twb> Because it wants me to either use a browser and "log in", or to manually compose the email (cf. reportbug).
<twb> Basically, I don't want to reward Ubuntu for breaking reportbug on their distro
 * twb RTFS' mountall(8)
<twb> Or, I would, if it was part of upstart...
<twb> Ah, mountall is its own package, and isn't in Debian.
<twb> Hm, what's the technique for making /tmp a tmpfs in 10.04?
<twb> Never mind, looks like it was /etc/fstab before, so changes to the init process won't affect that
<apw> kirkland, about ?
<kirkland> apw: yup
<zul> smoser: ping debian has a newer python-boto fyi
<apw> i have a lucid system which i am trying to start existing VM's (qemu/kvm) and am getting an apparmour error all of a sudden
<apw> kirkland, any ideas what the heck causes that ?
<apw> 'error: error calling aa_change_profile()
<apw> from libvirt
<kirkland> jdstrand: ^
<zul> wild stab in the dark... apparmor? :)
<apw> zul, heh .. yeah ... but  .... yeah ... but ... yeah ... but ... no
<kirkland> apw: jdstrand will be able to answer you effortlessly;  i'll play 20 questions to get there
<apw> shame he is not on my timezone
<twb> Huh, I read aa as libcaca
<twb> apparmor makes much more sense :-)
<twb> "#include <nih/macros.h>"
<twb> Is that "nih" as in "not invented here"?
<apw> kirkland, crap cannot make new VMs either
 * apw is going to reboot just in case
<twb> Ha, it is.
<twb> Looks like another glib-esque "I like C but I wish it had [...]"
<twb> 21:20 <alvin> Ah, did you use the undocumented 'bootwait' option?
<twb> alvin: reading mountall.c, I think I misread you.  Are you talking about a mount option (as opposed to a /proc/cmdline option)?
<informatix1> hello
<informatix1> hello
<alvin> twb: Yes, _netdev doesn't work and I used bootwait, because otherwise the boot will stall and/or /home will not be there when I want to log on.
<alvin> twb: It's a mount option
 * twb tries
<informatix1> have setup up a website on ubuntu but can't get to the site from outside the local network
<uvirtbot> New bug: #601501 in apache2 (main) "Apache should tap into the shared-mime-info database" [Undecided,New] https://launchpad.net/bugs/601501
<panfist> i've been trying to get openldap up and running unsuccessfully following the server guide
<panfist> i'm trying to start over, so i did aptitude remove --purge slapd ldap-utils
<panfist> i noticed that there were still files in /etc/ldap , so i removed the directory manually
<panfist> after re-installing the packages according to the guide, it seems i'm missing some usually included schema files; my /etc/ldap/schema is empty
<Jeeves_> panfist: isn't that in schema.d?
<Jeeves_> Oh, no.
<Jeeves_> It isn't
<sommer> good morning all
<panfist> good morning
<panfist> ok now i'm scared...because dpkg -S cosine says that the package slapd contains /etc/ldap/schema/cosine.ldif and cosine.schema , but when i do sudo apt-get install slapd ... those files are not installed
<apw> kirkland, ok seems its a 2.6.35 issue ... would you expect kvm lucid userspace to work with 2.6.35 kernels
<_chris__> heja
<_chris__> i added a crontab , can i somehow see if it was executed ?
<_chris__> syslog ?
<kirkland> apw: um, yeah, it damn well better ... hallyn, do you know anything about this?
<kirkland> hallyn: have you tried kvm in 2.6.35?
<Pici> _chris__: Check /var/log/auth.log
<_chris__> Pici, ah ok i see thanks
<panfist> i've installed slapd every which way but i'm not getting files that are supposed to be included according to this http://packages.ubuntu.com/lucid/amd64/slapd/filelist
<twb> alvin: OK, so if I add bootwait, the system just hangs around forever and I never get a root shell
<joschi> panfist: does `dpkg -L slapd` produce any output?
<twb> joschi: it's openldap-server, IIRC
<panfist> yes. actually, dpkg -L slapd|grep schema shows exactly the files that are not on my system
<twb> panfist: install debsums and/or cruft and ask them if your package is tits-up?
<alvin> twb: unfortunately, that doesn't surprise me. There is a bug in karmic (should be fixed in lucid) that prevented booting when NFS mounts were not mounted fast enough (due to network, etc,...) That's bug 470776
<uvirtbot> Launchpad bug 470776 in mountall "retry remote devices when parent is ready after SIGUSR1" [Medium,Fix released] https://launchpad.net/bugs/470776
<panfist> well...it shows the files that i want
<twb> Oh, my mistake.  Apparently it is "slapd".
<joschi> twb: you probably mixed that up with openldap-utils
<twb> alvin: hmm, maybe I should put my spinlock back into mountall-net (which generates the SIGUSR1)?
<alvin> twb: another (fixed in lucid) one is that you can't mount NFS drives at boot when you have a static network configuration. I switched all servers to DHCP and haven't switched back yet.
<twb> alvin: it's all fixed DHCP here
<alvin> twb: I don't know much about the internal workings, sorry. Just experiencing a lot of trouble and looking for workarounds.
<twb> (That is, dnsmasq only responds if you're whitelisted in /etc/ethers)
<alvin> twb: here also
<twb> alvin: no worries; you've been a lot of help already, I was a bit too obtuse to catch on
<joschi> panfist: are the files still missing when you reinstall slapd?
<panfist> yes
<twb> joschi: a reinstall won't replace conffiles, at least
<twb> The other stuff should come back
<joschi> panfist: `aptitude purge slapd && aptitude install slapd` should do the trick
<panfist> specifically, i purged it before and saw there were still files in /etc/ldap so i manually removed the dir, now reinstalling doesn't seem to be complete
<joschi> I had a similar problem with postgresql some time ago
<twb> joschi: you should check that he has a backup before recommending something that radical
<twb> e.g. maybe he's logging in with LDAP still
<joschi> twb: hm, I don't think slapd works correctly when the schema files are missing
<twb> Maybe it hasn't restarted since
<twb> Just saying: be paranoid
<joschi> twb: at least some base files like core.schema/core.ldif *must* exist
<panfist> joschi how the hell did you know that would work? i could have sworn i have executed those commands over and over, not in that exact order i guess
<twb> Repeat grumble about having to realign the LCD's ADC all the time due to "helpful" framebuffer console
<joschi> panfist: educated guess ;)
<joschi> panfist: aptitude will (well, in most of the cases) reinstall config files after a package was purged
<panfist> so apt-get skips those after a package was purged? isn't that a bug?
<joschi> panfist: you've probably run `apt-get remove slapd` instead of `apt-get remove --purge slapd` which will also remove the config files
<twb> alvin: hum, 470776 claims to be fixed in mountall 2.0, and I have 2.14
<joschi> oh, I see there's a "purge" action in apt-get too. so forget my last comment, panfist
<panfist> i can verify in my history, i did `sudo aptitude remove --purge`
<panfist> i dunno if that's the same as `aptitude purge`
<incorrect> hi, what is the magic key press to get the grub menu these days?
<twb> hold shift during boot
<twb> Hope that your USB keyboard is initialized before GRUB, etc.
<incorrect> hmm shift not working,
<twb> No, wait, the problem I was having was that the USB keyboard definitely WASN'T enabled in the bios, and the onboard keyboard was nearly dead
<incorrect> this is via a RAC
<incorrect> oh grief i hate grub2
<twb> Tell me about it
<panfist> i'm stuck on the initial configuration of ldap according to the server guide https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html
<twb> Like os-prober's "oh hai, you updated your kernel while your USB rescue key was inserted, so I have added its boot entries to the list"
<panfist> i've done a find and replace of dc=example with dc=myexample and dc=com with dc=lan ;
<incorrect> ah /etc/default
<panfist> when i get to the part where i add frontend.example.com.ldif , i get a `ldap_add: Naming violation (64)`
<panfist> hmmmmmmm could my mistake be in not changing the file names from example.com to my domain name? i don't see how the file names would be relevant in this part of the configuration
<alvin> twb: I presume you are looking at the mountall source. Isn't bug 470776 fixed in your version? I thought it was. It was a major problem for me. It still is in karmic, but it's gone in Lucid.
<uvirtbot> Launchpad bug 470776 in mountall "retry remote devices when parent is ready after SIGUSR1" [Medium,Fix released] https://launchpad.net/bugs/470776
<joschi> panfist: no, the file names do not matter. their content does on the other hand ;)
<panfist> i've pasted the contents here
<panfist> http://dpaste.com/215112/
<twb> alvin: I'm not sure if it's fixed
<twb> Just because a patch is made doesn't mean the patch fixes the problem ;-)
<joschi> panfist: have you created the backend configuration?
<joschi> e.g. created dn: olcDatabase=hdb,cn=config
<panfist> yeah, the command to add the backend completed successfully
<panfist> `sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif`
<panfist> nevermind....i executed the wrong command that takes the frontend ldif file as the argument
<twb> OK, how does mountall(8) know it needs rpc.statd for /home...
<twb> Rather: s/how//
<panfist> nevermind my nevermind....i executed the correct command and i get the same error message, a naming violation
<hallyn> kirkland: no i have not
<alvin> twb: Interesting question. I think bug 547139 describes that issue.
<uvirtbot> Launchpad bug 547139 in nfs-utils "mountall tries to mount NFS filesystem before statd starts" [Undecided,Won't fix] https://launchpad.net/bugs/547139
<kirkland> hallyn: jdstrand: apw is reporting some kvm/libvirt/apparmor issues with 2.6.35
<twb> alvin: that was the third hit :-)
<hallyn> wait what is stock maverick kernel?
<joschi> panfist: check the configuration DIT (cn=config...) with ldapsearch
<apw> kirkland, hallyn, jdstrand, yep booting same machine back to the latest lucid kernel resolves the issues
<kirkland> apw: what's Maverick's target kernel version?
<kirkland> apw: 2.6.35 i presume/
<twb> "Since you say the NFS filesystem does eventually get mounted"
<apw> kirkland, indeed so
<twb> alvin: I don't have that behaviour
<hallyn> well then yeah, i've used kvm there
<twb> Unless "eventually" means hours, not minutes
<apw> kirkland, this of course gives us interesting issues with the lts backports kernel for server
<hallyn> with no problems
<alvin> I do. I have to wait a while, but eventually the NFS filesystem gets mounted. Mind you, in Karmic it was much worse. booting without manual intervention was impossible.
<hallyn> kirkland: apw: is there a bug with more details?
<alvin> you could try the undocumented 'nobootwait' option
<kirkland> hallyn: well, i presume apw is testing a preview kernel that's not in Maverick yet
<hallyn> right, i can d/l kernel and bisect so long as it's in maverick git tree
<apw> hallyn, not as yet
<alvin> twb: nobootwait should start your system and eventually, your mounts will be there. The downside is, that services that depend on the mount points being there will fail.
<twb> alvin: presumably nobootwait *or* bootwait is the default, right?
<alvin> I think so
<twb> I tried with neither, and with "bootwait"
<alvin> Hmm, nobootwait is probably the default
<twb> In the first case, I get a shell and /home isn't mounted after an hour; in the latter case it hangs, I get no shell, and it isn't back after at least five minutes.
<alvin> man mount only lists _netdev
<twb> alvin: probably because mount(8) was written by util-linux or Debian, and bootwait is some Ubuntu nonsense
<alvin> Well, I've read that debian will eventually adopt upstart, so they'll probably change the manual :-). upstart is doing a good job on my phone, but on ubuntu-server, I have to wrestle with it.
<twb> I doubt it
<alvin> twb: Is /var/log/boot.log saying something about /home ?
<panfist> joschi ldapsearch with no arguments returns something like #filter: (objectclass=*); search: 2; result: 32 No such object
<twb> alvin: with -obootwait, I don't get a shell, so I can't check
<panfist> ldapsearch cn=config returns the same results except #filter: cn=config
<twb> (There are volatile units, so /var/log in't preserved after a boot.)
<alvin> twb: Hmm, a console that shows boot messages would be nice too.
<twb> Well, I got that by throwing out gdm for a while
<alvin> and it's saying nothing about NFS mounts?
<alvin> Stuff like: mount error(101): Network is unreachable
<twb> It's bitching about rpc.statd not being ready
<twb> Like always
<alvin> Not even "mountall: mount /home [951] terminated with status 32"?
<twb> Lemme reproduce it again
<alvin> I don't see the rpc.statd errors in boot.log here. Let me check some other machines
<twb> mount /home [675] failed with status 32
<alvin> Hmm, 'failed'. Not 'terminated'
<twb> Lemme check again
<twb> I'm transcribing because the machine's way over >there<
<alvin> My logs are full with 'terminated' messages, but the filesystems do get mounted
<twb> mountall: mount /home [675] terminated with status 32
<twb> I get *one*
<twb> Then it sits there forever spinning its nipple-nuts
 * Pici blinks
<alvin> Aha, there is a difference. I get each 'terminated' message twice (besides DNS resolution errors)
<alvin> Hmmm, false alarm. I just checked a lot of other machines. The messages appear between 1 and 3 times for each NFS filesystem.
<alvin> but no rpc errors
<joschi> panfist: http://www.zytrax.com/books/ldap/ch6/slapd-config.html is a good introduction IMHO
<joschi> panfist: http://www.zytrax.com/books/ldap/ in general
<twb> alvin: sticking --verbose in boot (per #upstart) shows me what events are arriving, which should help significantly
<panfist> thank you joschi... brb, reading
<twb> OK, why isn't netconsole working?
<twb> netconsole=@/,@10.128.0.1/
<twb> ARGH, because it's compiled as a module and probably modules can't be accessed before mountall goes stupid
<twb> I'll just roll a new ramdisk with that manually insmodding....
<twb> OK, that'll work
<smt-mobil> hi, im running a (hardy) server with multiple vhosts, i have one vhost (a subdomain) proxied to another machine, wich works fine for http, but: how can i proxy ftp request to that subdomain too?
<smt-mobil> tried mod-proxy-ftp but the ftp server on the server seems to fetch all ftp requests
<smt-mobil> 1 ip only
<joschi> smt-mobil: that's because there's no mod_proxy_ftp in apache httpd ;)
<joschi> smt-mobil: http://www.ftpproxy.org/ should help. there's also a package for this in hardy
<twb> http://mywiki.wooledge.org/FtpMustDie
<joschi> smt-mobil: but remember that FTP doesn't know a Host header like HTTP/1.1
<smt-mobil> i know that, if it would know it, it would be quite easy, and there is a module called mod_proxy_ftp
<smt-mobil> hmm i guess i will have to use another port for that and forward it right away to the other machine
<twb> joschi: but FTP can act as an open relay
<twb> joschi: so you'd just set up a local FTP server that acted as an open relay from the LAN to the internet, but not vice-versa
<joschi> twb: ?
<twb> Er, yeah, ignore that.  It'd require the FTP client to be clever
<lau> is it possible to use ec2-bundle-vol in order to create an ubuntu ami image of a current ubuntu running machine ?
<lau> or do I need first an ami running machine ?
<Jeeves_> Does anyone know why my libvirtd would consume this much memory?
<Jeeves_>  1599 root      20   0 1139m 847m 2948 S    0 10.6   8:06.92 /usr/sbin/libvirtd -d
<hallyn> hm, yes, having odd apparmor refusal trying to create a VM with virt-manager
<hallyn> (in maverick)
 * hallyn installs auditd to help himself out
<jdstrand> hallyn: is this a getattr denial?
<blackxored> hey guys
<blackxored> pasting
<blackxored>  i'm becoming lame, i used to know how to do this, but obviously i'm doing it wrong, i want this setup i want my machine to work as a gateway for my phone, i want all traffic originating from my phone to be proxied by the tor and polipo setup i've got, i want to make some iptables rules to make dports 80 and 443 coming from <phone source ip> to be i belive redirected to the 8118 port and i want to take responses aka secondary connectio
<blackxored> ns or an
<blackxored> <blackxored> ything back to my phone, how can i achieve thi
<hallyn> jdstrand: i think so, but i realized i haven't upgraded in a few days, so am waiting on upgrade, will reboot and re-test
<hallyn> jdstrand: btw, 0.8.2 should be tagged now
<hallyn> (havent' seen much activity about how it's going)
<jdstrand> hallyn: if you see a getattr denial, that is a know issue... I think fixed in the latest maverick kernels
<hallyn> jdstrand: ok cool then after reboot it should just work :)
<jdstrand> hallyn: oh, you asked about me merging 0.8.2. I haven't thought about it at all. if it is required, we can look at it
<blackxored> anyone? i've tried iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8118 didn't worked, and also iptables -t nat -A POSTROUTING -s <phone_ip> -p tcp --dport 80 -j DNAT <mypc_ip>:8118,. either
<apw> hallyn, kirkland, finally got booted back into that kernel ... bug filed:
<apw> https://bugs.edge.launchpad.net/ubuntu/+source/virt-manager/+bug/602308
<uvirtbot> Launchpad bug 602308 in virt-manager "virt-manager cannot start VMs on lucid with v2.6.35 maverick kernel" [Undecided,New]
<kirkland> apw: thanks
<kirkland> jdstrand: ^ looks to be apparmor/libvirt issues
<apw> an hour for the fsck after a crash held me up
<lau> I tried the ec2-bundle-vol with the --no-inherit option but get rsync execution failed any idea ?
<lau> I am trying to create an ami image from a kvm running machine
<blackxored> any of you, knows how to setup those iptables rules???
<uvirtbot> New bug: #602308 in virt-manager (main) "virt-manager cannot start VMs on lucid with v2.6.35 maverick kernel" [Undecided,New] https://launchpad.net/bugs/602308
<hallyn> jdstrand: after upgrade i still have the problem (checking apw's bug to see if it is the same)
<hallyn> yup, same thing!
<hallyn> (so i marked it confirmed)
<hallyn> jdstrand: i'm leaving soon for lunch, but i'll look at bug 6023808 in detail this afternoon if you don't get a chance or want to
<apw> hallyn, fun!
<jdstrand> hallyn: you might ask jj about it if it is a kernel bug
<hallyn> will do (though he seems to be out)
 * hallyn back later
<mdeslaur> hallyn, jdstrand: libvirt bug is a dupe of #599450
<jdstrand> mdeslaur: I asked that initially, but thought it was fixed in the latest kernel? I guess by your bug's status it is not
<jdstrand> kirkland: that is most likely a kernel issue
<jdstrand> kirkland: (which is known)
<kirkland> jdstrand: k -- reassign the bug to the kernel package?
<kirkland> jdstrand: cool
<kirkland> jdstrand: it's apw reporting it
<jdstrand> kirkland: we need hallyn to confirm it is a dupe of #599450
<LowValueTarget> is the sun-java-jre in the ubuntu repos the server version?
<falktx> hi guys
<falktx> can someone help me with a tomcat thing?
<falktx> just need to set ip restrictions
<falktx> from what I read on the net,
<falktx> I need to edit /etc/tomcat6/context.xml
<falktx> and set ...valves.RemoteAddrValve
<falktx> allow="x.x.x.x"
<falktx> the thing is even when I set it to allow my ip, i'm still blocked
<falktx> i'm currently testing the block="x.x.x.x", just to check if tomcat is working properly
<falktx> (using ubuntu 10.04 btw)
<hggdh> jiboumans, ttx: I may be late today to the meeting, have to get to my bank and work out a fraud against my bank account
<jiboumans> hggdh: ack - we'll push the agenda item back if need be
<jiboumans> good luck
<hggdh> jiboumans: thank you, I will need luck :-(
<Krazyderek> can someone walk through a printer install and share over a local network with me?
<shtylman> does anyone know if you have to do anything special to get a netboot(ed) ubuntu to output to an ILO console? I have console=ttyS1,115200n8 in the pxe cfg default file
<shtylman> but there is no output on the ILO terminal
<panfist> i'm trying to set up openldap server according to the server guide here... https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html
<LowValueTarget> can somone recommend a good irc server?
<LowValueTarget> to host an internal one
<panfist> i can set it up fine if i use dc=example,dc=com like in the docs, but as soon as i replace that with dc=foo,dc=bar i can't get passed the 6th command in the guide (sudo ldapadd ... frontend.ldif)
<falktx> he, no one is able to help...
<giovani> LowValueTarget: can you elaborate on the purpose?
<LowValueTarget> giovani: I want a secure, internal means of a "chatroom" for our support engineers. Figured IRC on an internal network would be best.
<LowValueTarget> there may be better solutions
<cloakable> jabber
<LowValueTarget> cloakable: jabber allow group chat?
<cloakable> LowValueTarget: yes
<Krazyderek> printers anyone?
<Krazyderek> the problem i'm having is that the guide on https://help.ubuntu.com/10.04/serverguide/C/cups.html doesn't match up with what i'm seeing after i install cups
<SpamapS> Krazyderek: it may need an update
<Krazyderek> i just installed it though
<SpamapS> Krazyderek: can you be specific? It makes it easier if you phrase things in the form of an open ended question.
<Krazyderek> after i sudo apt-get install cups everything goes fine, then i use nano to add the serveradmin email address
<Krazyderek> there is no line for it so i just creat one in the .conf file
<luist> when i start apache i get this warning: * Restarting web server apache2     [Tue Jul 06 17:36:46 2010] [warn] NameVirtualHost *:80 has no VirtualHosts   is it something to worry aboiut?
<SpamapS> luist: do you mean for there to be name-based virtual hosts on your server?
<luist> SpamapS, hm... i think so... im running gitorious
<SpamapS> luist: do you have <VirtualHost xxx> tags in your configs?
<hallyn> mdeslaur: kirkland: it looks mostly the same.  only diff is that on my system all the failures were for '/', not for longer pathnames.
<hallyn> mdeslaur: kirkland: apw: oh, yeah there are a very few other pathnames in mine, so confirmed it's a dupe
<panfist> i'm trying to set up openldap server according to the server guide here... https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html
<panfist> i can set it up fine if i use dc=example,dc=com like in the docs, but as soon as i replace that with dc=foo,dc=bar i can't get passed the 6th command in the guide (sudo ldapadd ... frontend.ldif)
<apw> hallyn, sounds good feel free to dup it over
<luist> SpamapS, yes...
<hallyn> done
<cloakable> panfist: Are you editing that file correctly? it contains references to dc=example,dc=com
<panfist> i saved the html, did a global replace for dc=example -> dc=foo, dc=com -> dc=bar, and example.com -> foo.bar
<panfist> then i loaded the edited html back in my browser and worked from there
<cloakable> Hmmm
<panfist> i thought such a global find and replace would be pretty much fool proof
 * cloakable bites tongue
<luist> SpamapS, http://pastie.org/1033012 this is it
<cloakable> Don't be lazy, have a look through the ldif, and learn how it works :P
<panfist> i dunno how much you know about openldap, but if i did an aptitude purge slapd, rm -R /etc/ldap and start over, would that get rid of any configuration from the last go-around?
<panfist> i.e. would that truly be starting from scratch?
<panfist> i've gone over both the backend and frontend ldifs, and while i wouldn't say i'm really know what's going on, i don't see anything that would raise any flags. i'm also reading this http://www.zytrax.com/books/ldap/ in the meantime
<Krazyderek> if man cups says browsing options are yes and no, and the default is off, then is no = off?
<cloakable> panfist: also, rm -r /var/lib/ldap
<panfist> i'll try that
<cloakable> panfist: depending on if you want to get rid of the database too
<lau> my /etc/apt/preferences looks like http://paste.ubuntu.com/459929/
<lau> sudo apt-cache policy returns lxc -> 0.6.5-1 (the lucid version)
<SpamapS> luist: the bits after VirtualHost have to match the bits after NameVirtualHost
<lau> but I want to keep lxc -> 0.6.3-1 (the karmic version)
<SpamapS> luist: so you need to either change it to NameVirtualHost *, or VirtualHost *:80
<lau> when I sudo aptitude full-upgrade , lxc prompt for upgrade
<lau> what did I miss ?
<luist> SpamapS, ok... *:80 fixed it :)
<SpamapS> luist: ^5
<zul> damn i should update mysql-cluster
<uvirtbot> New bug: #602379 in openssh (main) "package openssh-server 1:5.3p1-3ubuntu4 failed to install/upgrade: subprocess new pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/602379
<mathiaz> jjohansen: running the maverick kernel on lucid is a good idea?
<jjohansen> yeah
<jjohansen> it is going to be supportted, there is a backports ppa give me a minute to find it
<mathiaz> ttx: o/ - how is bordeaux doing?
<ttx> It's doing well !
<ttx> City center is nice on those summer days
<mathiaz> ttx: :)
<zul> hi ttx
<ttx> zul: o/
<smoser> jdstrand, are you around?
<smoser> i
<jdstrand> smoser: yes
<smoser> i'm looking for some crypto understanding
<hallyn> rot13 ftw
<smoser> jdstrand, are you at all familiarl with what a eucalyptus/ec2 manifest looks like or contains ?
<smoser> http://pastebin.com/Q55wxrq1
<jdstrand> smoser: I'm not, no, but I am looking at it
<smoser> well, heres an over view of what i  understand/know.
<smoser> you crate a tarfile (generically payload).
<smoser> then ec2-bundle-image, which tars, chunks, and encrypts it
<smoser> i think it stores the key and initialization vector for decryption in the manifest file
<smoser> encrypted with both the user's key and amazon's public key
<smoser> so, now my question
<smoser> we upload these things, and they only contain our filesystem images.
<smoser> i want to share those filesytem images.
<smoser> since i'm already storing this in s3, i'd like to re-use those bundled files.
<smoser> (does my understanding above make sense  ?)
<ShadeS> who hollard my name
<smoser> jdstrand, ^
<jdstrand> smoser: yeah, I was looking at it
<smoser> :)
<smoser> sorry. sorry to nag
<hggdh> darn, it was difficult even to get money at the branch :-(
<jdstrand> smoser: I don't feel like I understand what they are doing well enough. you hinted at public key crypto, but I see AES-128-CBC which aiui is used in symmetric key setups (ie, shared secret)
<jdstrand> kees, mdeslaur, sbeattie: are you guys familiar with the eucalyptus encryption stuff ^
<mdeslaur> not really, but I'm taking a look
<smoser> fwiw, most of what i've learned is from reading euca2ools source
<mdeslaur> smoser: what's your question?
<smoser> ok. my question is
<smoser> a.) would there be security consequences to making our manifests and payload data public
<smoser>  (i'm fairly sure the answer is 'no', as ec2-upload-bundle has a '--acl public-read' flag)
<smoser> b.) given what is there, is there a way that I could re-use the published manifests (such as that pastebin) to allow users other than Canoincal user and amazon to read the payload.
<mdeslaur> smoser: I hope not, since the first thing google gives me when searching for "ec2_encrypted_key" is the manifest you pasted an hour ago :)
<smoser> awesome.
<smoser> in fear of that i ramdomly changed some of the encrypted_key and encrypted_iv data
<mdeslaur> smoser: to answer that, I would need to know why they're encrypted in the first place. I can't answer your question.
<smoser> our images themselves have no reason to be encrypted
<mdeslaur> smoser: they are only encrypted in case the image contains confidential data?
<smoser> but you can publish private AMIs that would then live in S3.
<smoser> i think so, yes.
<mdeslaur> smoser: where does the manifest file live?
<smoser> next to the parts in s3
<smoser> bucket
<smoser> ie: bucket/name.manifest.xml bucket/name.part.00
<smoser> ...
<mdeslaur> and the AES key used to decrypt the image is itself encrypted using your key and amazon's public key?
<smoser> which, by default, is set only to be readable by the owner and 'za-read' , which is the EC2 user that then provisions the system.
<smoser> mdeslaur, thats what i think, yeah.
<erichammond> mdeslaur: Yes.  Either the author or the Amazon system can decrypt the image.
<smoser> one way or another , there are 2 parties privey to the data there. you , and amazon.
<erichammond> with their corresponding private keys.
<erichammond> smoser: There was a presentation at a security conference a year or two ago which talked about possible attacks on ssh host keys if the EC2 image is publicly available.  I chatted for a while with the authors to make sure that my AMIs were not affected (the images were not public) but I don't know if it is an issue for the AMIs published by Canonical.
<smoser> erichammond, you have any  more information on that ?
<mdeslaur> smoser: so, how were you expecting to share this with other if the AES key is encrypted with your host key?
<erichammond> smoser: Looking
<smoser> i cant see how that would be the case.
<smoser> but, as obvious to most, i'm quite illiterate
<smoser> mdeslaur, i could share the key, or use a constant key.
<smoser> i dont care about the contents of the payload. i *want* to make them public (i think)
<mdeslaur> smoser: but then everyone's payload is encrypted with the same key
<mdeslaur> smoser: that might be an issue
<erichammond> smoser: It had to do with knowing the starting state of the machine and the general time at which the system started.  Given this, they thought that it might be possible to substantially reduce the key space.
<smoser> "everyone's payload" ?
<mdeslaur> smoser: also, you would have to remove the AES key that is encrypted with your host key
<mdeslaur> smoser: well, what would people be doing with these images?
<smoser> ok. maybe better explanation.
<smoser> right now, we upload these images to ec2 as "bundles" (with manifest ... encrypted as described above).
<smoser> we also publish (on uec-images.ubuntu.com) the image so people can download them.
<smoser> but, we're already paying for storage in 4 regions (in order to create amis that people can run) on EC2.
<smoser> i'd like to just let people get at that data so they can "download" that way
<smoser> also, i would use them in the publication of our EBS images.
<p1l0t> Ok so I am getting repeat brute-force attacks on my server trying to guess the root password... I want to set up RSA key identification. I'm kinda of new to this though... I have to run ssh-keygen on the server right? and then copy one of the keys to any client machine that wants to connect right?
<CppIsWeird> i just tried installing ubuntu-xen-server and it says it cant be installed because one of its dependencies cannot be found, xen-tools.
<erichammond> smoser: http://www.slideshare.net/astamos/cloud-computing-security around pages 62-68.
<erichammond> smoser: The authors were accessible and may have done further research.
<jdstrand> erichammond: I haven't read that, but if it is anything like the blackhat one I saw last year, this is a different problem. ie, with an EC2 image, the instances are all identical and often starting on the same host, without anything special going on with the rng
<smoser> hmm..
<smoser> slide 66
<smoser> "random.seed"
<smoser> what is that ?
<jdstrand> oh, hehe
<jdstrand> that was the one I saw at blackhat ;)
<p1l0t> !rsa
<jdstrand> smoser: it is the seed file used to reseed the system after a reboot
<jdstrand> smoser: err... s/system/rng/
<smoser> path ?
<smoser> oh. i se
<jdstrand> smoser: in lucid it is /var/lib/urandom/random-seed
<jdstrand> smoser: which is used by /etc/init.d/urandom
<jdstrand> the point in the paper is that between the seed always being the same in an image, and the hardware being idential, and the same host being used on multiple guests, your entropy pool is reduced
<jdstrand> afaik, it is still a theoretical attack, but makes sense
<p1l0t> Can I suggest adding https://help.ubuntu.com/community/SSH/OpenSSH/Keys to ubottu under !rsa
<SpamapS> very interesting about the random generation
<jdstrand> (fyi, 'man random' talks about how the seed is used)
<erichammond> smoser, jdstrand: It seems that potential security risks could be reduced by setting the random-seed (randomly) when the public image is copied to create a new AMI.  Then the contents of that AMI should not be available to the public.  The random-seed will be changed once the system boots and the user is able to access it.
<erichammond> There may still be some issues with EBS boot as users might be able to "stop" the instance before it finishes booting (not sure if this is possible) and look at the contents of the EBS volume.
<SpamapS> erichammond: ultimately without good local random number support, you have to assume you are at a moderate level of communication security.
<panfist> i'm trying to set up openldap server according to the server guide here... https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html
<panfist> i can set it up fine if i use dc=example,dc=com like in the docs, but as soon as i replace that with dc=foo,dc=bar i can't get passed the 6th command in the guide (sudo ldapadd ... frontend.ldif)
<giovani> panfist: can you pastebin exactly what commands you're running, and the output?
<panfist> is it possible to copy the stuff that's already entered into my terminal into a text file? (not just history but the output too?)
<giovani> yes
<giovani> select and copy
<panfist> text console
<panfist> select how?
<giovani> meaning not an xterm/ssh session from an xterm?
<panfist> there is no x
<CppIsWeird> i just tried installing ubuntu-xen-server and it says it cant be installed because one of its dependencies cannot be found, xen-tools.
<giovani> then no
<giovani> you should be sshing in
<giovani> from a desktop
<giovani> so you have control over the terminal
<panfist> i see
<panfist> let me see what i can do
<panfist> what about gnu screen copy mode? i'm looking into it
<smoser> erichammond, i surely want to get to the point where our images are publicly available (as we do with the uec-images.ubuntu.com)
<smoser> and, jdstrand , erichammond , fwiw:
<smoser> $ ls /mnt//var/lib/urandom/random-seed
<smoser> ls: cannot access /mnt//var/lib/urandom/random-seed: No such file or directory
<smoser> where /mnt is an image from uec-images
<erichammond> smoser: Right, it's not installed on the default image which is just as much a known starting point as having a large, fixed set of data on a public image.
<smoser> i'm not sure that i understand the attack.
<erichammond> It is generated during boot time using theoretically non-random information and then that is used to generate the ssh host key.
<smoser> that random seed initially be created by a (possibly bad) random number generator
<erichammond> If an attacker can guess the ssh host key, then there is a mitm attack and ssh sessions are no longer secure.
<smoser> ah. so if that non-random information is bad enough, the seed could be guessed.
<smoser> which could reduce the space from which the host key was generated.
<erichammond> smoser: exactly.
<erichammond> smoser: If, when you build the AMI for EC2, you start with the uec image and then set a random-seed which only you know before registering the AMI, then Ubuntu on EC2 would be more secure.
<smoser> i dont follow that
<erichammond> smoser: But this requires that you not let the public download the contents of the AMIs.  The public should only be allowed to run them.
<smoser> as, if there is no random seed in the image, it is at least partially unknown. i'm guessing created by timestamp or something.
<smoser> so that, given X instances, only some portion of them will have a given ramdom-seed.
<smoser> but, if i create the same random-seed file in all our images, then *all* will have that.
<erichammond> smoser: Even when there is a random seed, it is modified by the boot time info.
<erichammond> No random seed = known public random seed.
<erichammond> Private random seed is secure.
<erichammond> Er, I hesitate to say anything is completely secure, but based on my understanding it is *more* secure :-)
<smoser> hm... right. there is obvioulsy a reason its being kept
<erichammond> what is being kept?
<smoser> well, random-seed is being kept. in "normal operation" to seed the random number generator
<smoser> as putting some random-ish value there is better than essentially '0' at boot time all the time.
<erichammond> The more sources of randomness you can inject into the system, the more random the result.  It is kept between boots so that some randomness from the last time the system was run can be included into the current boot.
<smoser> right
<smoser> thats what i was saying.
<erichammond> Unfortunately, if it is known then it does not help add any randomness, so the only source of randomness available to the instance is the boot time.
<smoser> its being kept, because its considered better to keep it.
<smoser> right.
<erichammond> You've got far better security experts at your disposal than me.  I just raise this point for it to be investigated and thought about for improving the EC2 images.
<erichammond> Also as it might affect your decision to make the AMIs downloadable.
<smoser> yeah. it is affecting my decision. :)
<smoser> but i would really like for them to be downloadable.
<smoser> basically, i was going through, and trying to reduce my "publish to ec2" time.
<erichammond> I'm happy with the availability of the UEC images for use with EC2.
<smoser> which consists of instance-store and ebs volume publish.
<smoser> the ebs volume was pulling from the uec-images, which is horrifically in ap-southeast-1
<erichammond> Once you sort out the security issues you might publish a best practice document describing how folks can generate their own random-seed before registering an AMI (if it turns out that is the best option).
<smoser> and i thought "Wait, i've already *got* the data over there in the form of the instance-store bundle"
<SpamapS> I wonder if EGD would be useful in this case
<erichammond> smoser: Since it's your account, you can download and decrypt the AMI bundle.
<erichammond> smoser: See ec2-download-bundle and ec2-unbundle
<smoser> yes, by pushing my key to the instance
<erichammond> true
<smoser> which is worse :)
<SpamapS> this affects puppet too
<SpamapS> puppet instances have to generate unique client certs to auth to the puppet master
<erichammond> Glad to hear you're sensitive about protecting the Ubuntu AWS keys those as they affect the entire user base if compromised.
<smoser> SpamapS, why would egd be any better than /dev/random ?
<SpamapS> smoser: it pulls from sources that are at least a little less predictible than the virtual interrupts cited as problematic in the slide deck linked earlier
<SpamapS> the problem with egd is the system really has to be busy
<smoser> but early in first boot, there would be no randomness
<smoser> ie 'w' and 'last' and 'vmstat' would be very un-random at that point.
<SpamapS> so its fine if your AMI starts up your web app and starts serving traffic, but not so much if you need to start out by ssh'ing in and doing something. ;)
<smoser> i must be missing something.
<smoser> why would EGD be superior to /dev/random
<SpamapS> another source of randomness which sounds nuts but its not is to join the tor network. ;)
<smoser> unless /dev/random was known-broken (and harder to service)
<SpamapS> smoser: the jitter on a virtual instance IRQ is probably a lot more uniform than the IRQ's from an actual system booting up
<smoser> ah. ok. so you could be seeding the EGD with possibly higher level sources of randomness than the kernel would have.
<SpamapS> http://true-random.com/  lets ask Amazon to put some of these in their dom0's ;)
<SpamapS> smoser: Rackspace could offer that as a value add. :)
<smoser> fwiw, the there was a thread on lkml (i think) suggesting the use of network data would reduce the randomness
<smoser> as it could be then seeded by someone throwing well defined network traffic at the instance.
<smoser> anwyay
<smoser> this is all well over my head , or what i care to learn at the moment.
<SpamapS> this has been a problem on all kinds of devices
<smoser> i suggested once (maybe someone would point out a reason that it would be a bad idea) was a virt-random module that basically passed through /dev/random requests in a guest to the host.
<SpamapS> I don't know how smart phones are doing it now, but Palm Treo's would always warn you that their crypto sucked.
<smoser> so that the idea of "the guest has no suitable randomness" would be false
<smoser> and that you could install whatever source of "more real random" you wanted in the host
<SpamapS> you just need to have something locally that will get you 4kbit of "better than average" randomness.
<SpamapS> another way to do it is to use perfect forward secrecy methods of communication to use the bad key only for the purposes of obtaining a higher quality key..
<panfist> giovani here's my success with dc=example,dc=com http://dpaste.com/215242/
<SpamapS> but that won't protect you if there is a permanent man in the middle.
 * SpamapS really hates the security rabbit hole sometimes
<panfist> giovani and here's my failure with dc=foo,dc=bar http://dpaste.com/215243/
<panfist> sorry if it's ugly
<SpamapS> sort of mitigates it completely if you just restrict SSH in your default profile though.
<panfist> both examples show me purging the package, removing /var/lib/ldap, reinstalling and following the guide through to ldapadd ... frontend.ldif
<giovani> panfist: well, you'll need to pastebin your ldifs as well -- because that's likely where the problem is
<giovani> backend/frontend*.ldif, that is
<panfist> the ldifs are copy-pasted directly from the site, and you can see it works at first, then in the second i have included in the pastebin the sed command i used to change the files from dc=example,dc=com to dc=foo,dc=bar
<panfist> i can pastebin the actualy files...1 sec
<panfist> backend.foo.bar.ldif http://dpaste.com/215246/
<panfist> frontend http://dpaste.com/215247/
 * cloakable has found your problem
<cloakable> dn: cn=example,ou=groups,dc=foo,dc=bar
<cloakable> objectClass: posixGroup
<cloakable> cn: example
<cloakable> gidNumber: 1000
<cloakable> Actually, hmm.
<cloakable> No, that seems to be correct
 * cloakable misread the dn
<panfist> i thought there might be a problem with my choice of dc...one of my original DCs was over 8 charactrs but i repeated my experiment actually using dc=foo,dc=bar with the same problem
<panfist> then i went to go read the RFC that describes the rules for domain names in LDAP and i didn't see anything wrong there
<panfist> RFC 2247 and RFC 2377
<panfist> sooo where should i go to 'escalate' this? the forums? file a bug report?
<peeps[work]> anyone here using an offsite backup service?
<CppIsWeird> i just tried installing ubuntu-xen-server and it says it cant be installed because one of its dependencies cannot be found, xen-tools.
<giovani> peeps[work]: yes
<peeps[work]> giovani, which one do you use, and how do you like it?
<giovani> peeps[work]: I'm using s3 at home -- it works fine, it's cheap given the replication you're getting
<giovani> no minimum fees -- so when I have like 1GB to back up, it costs me a few cents a month
<panfist> giovani so i guess you gave up on my problem? any advice where I can go from here?
<giovani> panfist: I didn't 'give up' -- just swamped at work -- I didn't see anything wrong, although I've never tried using "invalid" TLDs in an LDAP dc -- it's probably fine, but, it would be worth trying with dc=foo,dc=com
<giovani> other than that, I don't know -- sorry
<panfist> i appreciate your time. i'll give that a try next.
<giovani> panfist: yeah, sorry to make you jump through hoops only to give you a non-answer :\
<giovani> I searched a bit to see if anyone was using 'invalid' tlds in production
<giovani> but couldn't find anything but examples, which aren't necessarily being used
<panfist> well i already have the dc=foo,dc=com files, it will only take me a moment
<giovani> true
<panfist> this ldap server is going to be for a sneakernet so i didn't even think about using a valid TLD
<giovani> panfist: yeah, I don't think it's likely to be the issue -- but it's worth trying
<panfist> didn't work
<panfist> is there a particular forum you'd recommend that I post this on? i posted the issue before, but without very detailed terminal output with no results on the ubuntu server board
<giovani> panfist: well I'd recommend heading to the ldap channels on freenode
<giovani> where you'll get ldap experts
<giovani> rather than people who have just used ldap as a small part of their job
<panfist> twice i have ventured in there and the advice i get is "don't follow the how-to, learn ldap from scratch"
<giovani> ah
<panfist> i'll try again and see what happens. again, thank you very much for your time
<giovani> sorry I couldn't be of more help
<giovani> or any, really
<panfist> at least now i have the proper output to show exactly what my problem is
<giovani> panfist: it's likely that these scripts, or something specific to the howto is to blame
<giovani> so they're probably right about learning it from scratch
<serverhorror> panfist:  the ldap base dn doesn't have any (whatsoever) implications regarding being a TLD or not...
<micahg> anyone run zabbix-server-mysql?
<p1l0t> Does ssh-copy-id copy the public key or the private key? I assume the public key...
<p1l0t> n/m i guess it copies whichever one you tell it to :P
<p1l0t> q
<erichammond> p1l0t: According to the manpage ssh-copy-id does not copy the private key.
<erichammond> I wasn't aware of that command.  I've been using one I wrote a very long time ago which I named "ssh-trustme" :)
<p1l0t> lol a great name
<CppIsWeird> i just tried installing ubuntu-xen-server and it says it cant be installed because one of its dependencies cannot be found, xen-tools. if i install xen-tools from source will the ubuntu-xen-server package see this and install?
<CppIsWeird> if i install xen-tools from source will the ubuntu-xen-server package see this and install?
<qman__> CppIsWeird, not unless you compile it into a package, name the package xen-tools, and give it a version number the ubuntu-xen-server depends on
<qman__> if you must compile from source, you're better off installing the distribution package first, and then installing the source version to /usr/local or /opt or something
<giovani> CppIsWeird: my understanding is that xen support has been almost dropped from ubuntu
<giovani> in favor of KVM
<jmedina> what appens with xen?
 * jmedina uses xen everyday in ubuntu server
<giovani> jmedina: it's not actively supported anymore, it appears
<giovani> https://bugs.launchpad.net/ubuntu/+source/xen-tools/+bug/538917
<uvirtbot> Launchpad bug 538917 in xen-tools "xen-tools is not available in lucid" [Undecided,New]
<giovani> that was from months ago
<giovani> and xen-tools still isn't in lucid
<qman__> it gets left up to universe/multiverse, I guess
<qman__> if someone wants to update the packages, they'll update, otherwise nothing will happen
<jmedina> but it is so easy to install xen-tools, you dont even need to compile, they are only bash and perl scripts
<jmedina> here the steps
<jmedina> http://tuxjm.net/docs/Administracion_de_Servidores_Virtuales_con_Xen_y_GNU_Linux/html-multiples/ch04s06.html#id608240
<jmedina> it works in hardy and lucid
<giovani> jmedina: well, the fact that it's a depend, and missing implies that support is dropping
<qman__> yeah
<giovani> and that it may be completely untested, since you can't even properly install it through apt-get
<qman__> the fact that the package is missing means that you can't just apt-get install it
<jmedina> ah ok I understan
<jmedina> for lucid I prefer to compile xen 4.0.x and kernel 2.6.31.13 with PVOPS
<jmedina> it is not that hard
<jmedina> I alwasy compiled xen by hand, since dapper
<giovani> yeah, the point is simply this: working != supported
<jmedina> but I never was, well only by community
<peeps[work]> giovani, i'm still looking into amazon s3.  are there any particular tools you use to keep your data synced up, or do you upload files manually or what?
<jmedina> for this "unsupported" things I prefer to go upstream
<jmedina> I like KVM but my customers still have a lot of servers withouth hardware virt support
<serverhorror> peeps[work]:  there's an rsync based tool. but I forgot the name (of course). It'll encrypt your backups and all (incremental, full, differential - if scripted properly from the command line...)
<serverhorror> peeps[work]:  duplicity :)
<serverhorror> peeps[work]:  (if you want to look into an alternative from S3 you might want to use rackspace and their cloudfiles storage. Not quite as cheap but your trust level might be better with them - and no, I'm not an employee nor affiliate of rackspace...)
<p1l0t> So RSA authentication now works... All I have to do is turn off password authentication for SSH
<p1l0t> somewhere in sshd_config I imagine...
<p1l0t> PasswordAuthentication no /*without the # maybe*/
<serverhorror> p1l0t:  sudo grep -ri password /etc/ssh/sshd_config
<p1l0t> serverhorror: thanks
<serverhorror> or rather without sudo. sshd_config is IIRC world readable. Though I have no idea why that actually is the default...
<KeyBoardx86> Hello everyone
<everyone> hello KeyBoardx86
<KeyBoardx86> Is anyone here that it migh help me with a good tutorial to setup a Ubuntu Server as a PDC, right now I'm using a Windows 2008 server running DHCP Server, DNS Server and Active Directory , and I would like to change to Ubuntu server with the same services
<qman__> KeyBoardx86, good luck with that
<qman__> samba 3 is on a hybrid windows NT/2003 level
<serverhorror> KeyBoardx86:  impossible, samba can't act as an AD yet
<qman__> wait for samba 4
<p1l0t> Does it really need to be a PDC? You could do all the other things anyway
<serverhorror> PDC _is_ perfectly fine. What you can't get from it is the actual AD stuff.... (http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html#id2564237)
<qman__> yeah
<qman__> basically, it runs Windows NT style domains
<KeyBoardx86> Well what I would like to do is a server that can act as Windows 2008 server
<qman__> but supports all the other features on a level with 2003/2008
<serverhorror> KeyBoardx86:  define "Windows 2008 Server"
<KeyBoardx86> 'cuz right now I have 3 server, 1 is running Untangle, the other 2 runs Windows. (one is a PDC server and the other one is a File Server)
<qman__> you need to specify what features you need, specifically
<p1l0t> KeyBoardx86: You can do dhcp, dns and share folders and whatnot
<serverhorror> KeyBoardx86:  are you refering to a file/print server? if so. Just install samba point it to the "real" windows server to handle authNZ and be done. Otherwise: impossible...
<qman__> if you use group policy at all, you're SOL
<KeyBoardx86> ok , let me try to specify, sorry for my english .. I'm from Colombia
<KeyBoardx86> in the first server (Windows 2008 that is acting as PDC server ) I'm running, Active Directory, DHCP Server and DNS Server...
<p1l0t> Your english is fine
<qman__> yes, but what are you using AD for? what features do you need?
<KeyBoardx86> that's the one that I want to replace with Ubuntu Server but I'm afraid that I will not able to add the second Windows Server (that is acting as File Server)
<serverhorror> KeyBoardx86:  (My Opinion) Honestly, if you do have Active Directory in place with Windows stay with that for the AD/DNS part. Use Samba for file/printer/whatnot sharing. But keep the Active Directory on Windows - that'll save you a lot of headaches (and possibly your job)
<KeyBoardx86> I'm using AD to create the organizations and users
<qman__> then, the short answer is, it can't be replaced with linux (yet)
<KeyBoardx86> serverhorror, thx for the advise
<KeyBoardx86> mmm Ok... gotta
<qman__> samba 4 will be able to do that
<qman__> but it's still in alpha stages
<qman__> incomplete, buggy, unsupported
<KeyBoardx86> samba 4 will be abel to act as AD?
<jjohansen> mathiaz: https://launchpad.net/~kernel-ppa/+archive/ppa
<qman__> yes
<KeyBoardx86> cool, well so I believe I have to wait for that
<KeyBoardx86> does anyone here have heard about eBox?
<p1l0t> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<KeyBoardx86> so eBox an webmind will be the same almost?
<KeyBoardx86> !webmind
<qman__> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<serverhorror> KeyBoardx86:  only mention I found is in the ubuntu server guide. But I don't have an especially high opinion on those GUI interfaces to manage a server....seems all so cpanel like. I rather go with puppet and the recipes crafted to the requirements _I_ (read: my company has) have...
<KeyBoardx86> Does Ubuntu-server comes with its own GUI Interface?
<qman__> yes, I am also not fond of these types of systems
<qman__> no
<clusty> hey
<serverhorror> qman__:  no?
<qman__> you can install one, but there is no point
<KeyBoardx86> Ok, well guys thx anyway for all the information...
<serverhorror> qman__:  well...that depends :)
<KeyBoardx86> so I might need to wait for Samba 4
<clusty> i cannot access my smb share (bad password). do i still need to set a separate smb psswd?
<clusty> i thought these days it used the unix password
<qman__> serverhorror, he asked if it comes with one, and it does not
<serverhorror> clusty:  depending on your configuration, (smb passdb backend - but the way you phrase your question the answer for your problem is probably yes, see "man smbpasswd")
<qman__> clusty, you have to set one with smbpasswd
<qman__> it synchronizes it with the unix password
<qman__> but it doesn't automatically create it
<serverhorror> qman__:  right, but the server doesn't come with ldap/krb either :)
<clusty> qman__: as in if smbpasswd will change my unix password
<clusty> ?
<p1l0t> no
<qman__> once an smbpasswd is set
<qman__> every time you change your unix password, it will change your smbpasswd too
<clusty> thanks
<clusty> that was it
<clusty> qman__: does it do it through PAM?
<qman__> libpamsmbpass
<qman__> is what provides the feature
<clusty> great
<clusty> thanks
<serverhorror> smbpasswd...it does that? I guess I really need to (a) streamline our server OSs and (b) reread all the (config) manpages. *sigh* again it's been only 2 or 3 years since I last updated the basic stuff :)
<jmedina> it is possible to build a AD-like solution with lucid
<qman__> truthfully, I'm surprised we still have this problem
<qman__> but it won't create an smb password for you
<qman__> it will only update one
<jmedina> you can integrate samba+openldap for domain controller using NTLM (almost deprecated in win7) and then you run kerberos to do SSO
<jmedina> almost everything is in the server guide
<qman__> it is actually deprecated
<qman__> you have to change some security settings in the policy and registry
<jmedina> if you want someehing easiers trye zivios
<serverhorror> qman__:  probabyl because it wouldn't make any sense to initially set a password for uses having a hash in /etc/shadow upon installing samba
<serverhorror> s/uses/users
<jmedina> qman__: yeap, I have some squid3+AD systems, and they all use AD integration using samba+winbind+kerberos
<qman__> serverhorror, that's true, but users added after the fact don't get smb passwords, or at least didn't last time I set one up
<serverhorror> qman__:  can't comment on that. I can't even remember whether our ldap server initially was woody or sarge :) (yeah, sorry it's debian I'm looking for a corner to hide in our office...) :)
<qman__> jmedina, yeah, I had a windows 2000 printer server because I couldn't get samba to make the magic print$ share work right, and soon as I got a windows 7 client, it was an event getting it to play nice
<serverhorror> qman__:  hmmm I've recently tried to write an article for linuxgazette.com. And I have a print$ config (with all the whizzbang Printer Config Windows Wizard in XP/Vista/7 working....)
<serverhorror> qman__:  but it's 0045am here. If you want me to I could send you a paste of the config parts plus some comments "tomorrow" depending on the time zone of course :)
<qman__> I think it had more to do with the specific printer drivers than the share configuration
<clusty> do you guys have experience with making samba advertise it's shares via avahi?
<serverhorror> nope sorry
<qman__> I don't really know anything about avahi
<clusty> made it advertise AFP
<jmedina> I just know how to disable it
<clusty> :D
<qman__> mine all just show up as windows shares
<clusty> for once i need avahi
<serverhorror> I just know that I usually kills everything I use with .local (or .localdomain or something like that)
<clusty> only thing to do, is to figure out how to make my DNS zone file proper :D
<clusty> thanks for your help
<qman__> I once had to get a windows AD DNS zone up on a BIND server, because the windows server crashed
<qman__> the zone was invalid, had to fix a few records
<serverhorror> hmmm why would I even want to deal with "if the primary (or unique) key does not exist: insert the new row _or_ if the primary (or unique) key does exist: do nothing" <- couldn't i just insert, and if it chokes ignore that stuff? (sorry some blog post just came up)
<qman__> only if you can be certain that an invalid insert won't change anything
<qman__> now, and forever into the forseeable future
<clusty> serverhorror: guess it's uncool not handling an error
<clusty> cause your insert could choke cause server is down
<serverhorror> qman__:  the way I read those 2 requirements, the second could never happen, since it would violate a unique constraint. Thus throwing some error back to the application. So I simply insert and if my database tells me constraint violation I'll just catch that exception and do whatever is appropriate...
<serverhorror> clusty:  what happened to "it's better to ask for forgiveness than for permission" (something like that - not a native english speaker so I might as well missquote)
<serverhorror> clusty:  and hopefully any sane language will let me (somehow) differentiate between a host unreachable, port unreachable, no route and/or uniq constraint violation....
<serverhorror> <rant>don't know about PHP thou...</rant> :)
<clusty> serverhorror: well if we are speaking hyphothetical, you  could run a big fat sql script
<clusty> you don't it choking in the middle
<serverhorror> hmm yeah right that's a point :)
<serverhorror> but I have rollbacks and transactions :)
<oettinger> Hi
<clusty> i know for a fact PG can ignore errors and just go on
<oettinger> Does anyone have time for a dist upgrade question?
<anyone> oettinger:  definitely maybe
<oettinger> :) sounds good.
<oettinger> I just did a "sudo do-release-upgrade" on our web/database server
<oettinger> It looks like everything went well (so Yay ubuntu). But...
<serverhorror> .oO(drumroll)
<oettinger> I was hoping that my php would be upgraded to 5.3.x
<oettinger> but a phpinfo() and "$ php -version" still shows 5.2.x
<serverhorror> apt-cache policy php5 php # will tell you where it installs from. And apache needs to _restart_ to get the new php version
<qman__> my one server running lucid is on php 5.3.2
<qman__> and that was upgraded from hardy
<oettinger> jacob@trabant:~$ apt-cache policy php5
<oettinger> php5:
<oettinger>   Installed: (none)
<oettinger>   Candidate: 5.2.10.dfsg.1-2ubuntu6.4
<oettinger>   Version table:
<oettinger>      5.2.10.dfsg.1-2ubuntu6.4 0
<oettinger>         500 ftp://mirror.hetzner.de karmic-updates/main Packages
<oettinger>         500 ftp://mirror.hetzner.de karmic-security/main Packages
<oettinger>      5.2.10.dfsg.1-2ubuntu6 0
<oettinger>         500 ftp://mirror.hetzner.de karmic/main Packages
<p1l0t> !flood | oettinger
<ubottu> oettinger: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<clusty> no flood kick?
<oettinger> nope. But a warning i think :) (irc noob)
#ubuntu-server 2010-07-07
<clusty> oettinger: shitty beer's fault :D
<serverhorror> oettinger:  well http://packages.ubuntu.com/search?keywords=php5 tells me that's the latest karmic version available... 5.3.2 is in lucid
<oettinger> Yes, i thought so.
<clusty> change mirror
<clusty> might solve the issue
<serverhorror> it won't
<oettinger> Could be. I think the server uses the hosts internal mirrors
<p1l0t> ls
<qman__> it means he's running karmic
<serverhorror> I know that hoster, and the mirror is in sync...
<p1l0t> oops lol using to many keyboards at once
<qman__> if he wants 5.3 he needs to upgrade again, to lucid
<oettinger> Do another release upgrade?
<qman__> cat /etc/issue to verify
<p1l0t> AGAIN
<oettinger> cat /etc/issue -> Ubuntu 9.10
<oettinger> "Well there is your problem"
<p1l0t> AGAIN
<serverhorror> oettinger:  make sure everything is fine with a reboot before upgrading (uptime is overrated compared to the trouble a faulty boot config will give you especially with a hoster where you don't have any out of bands management)
<qman__> yeah, if you didn't reboot after the upgrade, you need to
 * serverhorror reboots afert any and all updates
<serverhorror> just to make sure...
<qman__> you only need to reboot after kernel updates and release upgrades
<oettinger> Will do. Thank you for you help. Will (hopefully) post my success story a bit later
<p1l0t> after updates too?
<ScottK> Just kernel updates
<qman__> and if you use uptrack, that takes kernel updates out of the equation
<SpamapS> crap
<SpamapS> launchpad is readonly now.. doh
<p1l0t> !language | SpamapS
<ubottu> SpamapS: Please watch your language and topic to help keep this channel family friendly.
<p1l0t> lol
<SpamapS> I meant carp!
 * SpamapS loves fish is all
<serverhorror> qman__:  not exatly correct. rebooting makes sure all my init scripts are fine. everything is initialized properly. /tmp (and whatnot is cleaned out properly). There isn't some rogue pxe boot server around. The BIOS config is still fine and isn't set to PXE boot. .....
<p1l0t> I only reboot after upgrades
<qman__> yeah
<serverhorror> p1l0t:  yes upgrades.... :)
<qman__> you certainly can, but you don't need to
<serverhorror> did I mention I'm quite conservative regarding config changes/up[(d)|(gr)]ades :)
<qman__> kernel updates and distribution upgrades are where you need to
<ScottK> serverhorror: Rebooting when it's not needed is more risky than not rebooting.
<serverhorror> no wait. conservative isn't the right word... paranoid (too strong).....
<qman__> my router is still running jaunty because I haven't had an opportunity for the downtime
<serverhorror> ScottK:  why? pls explain. I want to know on the earlist occasion if something failes. And unfortunately monitoring can't catch everything
<p1l0t> Yeah some of the ancient machines I run ubuntu server on I am afriad to boot because they might turn to dust
<qman__> uptrack certainly makes things easy
<ScottK> serverhorror: rebooting always stresses the system and so doing it when you don't need to has risks (they are small).
<serverhorror> ScottK:  of course there are exceptions (hot DB caches being an example)
<ScottK> There are also some updates that require services to be restarted, but if you subscribe to Ubuntu Security Notices (and you should), you'll know which those are.
<serverhorror> ScottK:  accepted. But if that stuff fails, I'd rather have it fail while I have a maintenance window scheduled anyway (and expect failure) rather than at 2am. Support Contracts will fix failing hardware, but won't give me any piece of mind during night :)
<ScottK> Certainly.
<ScottK> In that case it may make sense in your situation.
<serverhorror> funny detail: we don't have any on-call contracts with the employer. So having things fixed (or broken) during maintenance windows is a lot better. Since stuff that is broken will stay broken and won't cause "unexpected" downtimes. (sounds harsh but I found customers react a lot better to 8h of downtime when they expect it than 5min of unexpected downtime)
<p1l0t> Could be a month, if they expect it then its status_quo
<oettinger> ahh of course. The last run took me from 9.04 to 9.10
<p1l0t> AGAIN
<oettinger> :) yes yes yes. It is running.
<p1l0t> When is the next one anyway Oct?
<p1l0t> it's Oct and Apr or something right?
<SpamapS> Never rebooting a system is a huge risk IMO. It makes one think twice about rebooting, and if you have a sudden unexpected power failure, you're stuck with systems that may not come back up in your worst crisis.
<SpamapS> After hitting the "this FS hasn't been checked for X days, lets mark it dirty and fsck for 3 hours" time bomb a few times, I learned my lesson and started scheduling server restarts every 120 days.
<SpamapS> p1l0t: next what?
<p1l0t> Next release
<p1l0t> Yeah it's Maverick Meerkat (10.10) October 10th
<p1l0t> Is it better to stick with LTS then to upgrade to something with an earlier EOL?
<SpamapS> depends on what you plan to do
<SpamapS> The next LTS will be out around the same time maverick is EOL
<oettinger> Success! Thank you again.
<SpamapS> Most server types would rather have a stable known platform and therefore run LTS.
<p1l0t> That's what I'll do at work, maybe at home I'll be risky
<p1l0t> Because my home server is just for messing around and learning
<oettinger> Have a nice timeofday(/you)
<p1l0t> You too oettinger
<SpamapS> yeah its a good idea to keep your "messing around box" up to date.. you'll be ready for any changes that come in the next upgrade from LTS -> LTS
<qman__> SpamapS, that's what UPS and generators are for ;)
<chewbranca> any idea how to have an init script run a daemon as a specific user?
<p1l0t> My UPS is only good for twenty minutes :(
<p1l0t> sudo apt-get install generator
<qman__> haha
<SpamapS> qman__: I refer you to livejournal's experiences with UPS and generators :)
<qman__> where I'm at, power failures are expected
<qman__> the electric company doesn't exactly have a good reputation
<SpamapS> I expect every single piece of my systems to fail.
<p1l0t> Plus UPS keeps the supply stable... This is especially important if you run a server at a machine shop where people power up whatever whenever with no warning
<qman__> yeah
<giovani> thank god NYC has reliable power
<maek> when I install from disk by hand there should be a seed file someplace correct? where is that file?
<giovani> maek: I don't believe one is generated
<maek> giovani: ok, I wasnt sure. find / -name *seed* didnt turn up anything but the docs have a good example
<giovani> maek: I just did the same thing to make sure there wasn't one :)
<maek> giovani: thanks
<maek> I want to automate network installs. is FAI or rolling my own the only option I have?
<giovani> well d-i should handle the install
<giovani> what features are you looking for?
<maek> well Im used to cobbler for redhat
<maek> it lets you add a system with some info like mac and network info, what profile to use etc etc then it generates a kickstart file from a template
<maek> d-i is what you use in preseeding right? debian-installer? or is that a seperate tool?
<giovani> ah, I haven't used cobbler
<giovani> we write our own pxe configs, and use kickstart at work for redhat
<giovani> yeah, debian-installer is for preseeding
<maek> cobbler maybe over load. I only really have 1 kind of system to install so only 1 preseed file
<maek> giovani: you should check out cobbler for managing kickstarts its slick
<maek> it manages pxe and all the dhcp entries for hosts
<giovani> maek: what does it buy me over plugging the machine in and sleecting which image I want in the pxe menu?
<giovani> I mean, dhcp is already handled -- no need to reinvent the wheel
<maek> if you installs are that clean cut then not much, just some resuable ness in your kickstarts because they are templates
<maek> you can use snippets
<giovani> ah
<giovani> yeah, we just use kickstart to get the machine usable and on the network
<giovani> then rdist out to it
<maek> I just liked that I only had to type in 1 place to add a machine to kickstart and it did everything else
<giovani> no point in reworking the kickstart constantly
<maek> yeah true
<giovani> yeah, so cobbler is server-side handling
<maek> so sorry to being dumb, is debian-installer a tool or just the d-i bit in the seed files
<maek> s/to/for
<giovani> maek: you can use kickstart for ubuntu
<giovani> debian-installer is the installation tool, like anaconda for redhat
<maek> giovani: do I want to do that?
<maek> giovani: thanks
<giovani> maek: I don't know
<giovani> I don't mass-deploy ubuntu, so I'm not up on which is superior
<maek> giovani: I mean is it legit, can I do what I could do with preseed?
<giovani> I'm sure the wiki has some hints though
<giovani> I think preseed is the best supported method
<maek> giovani: makes sense.
<giovani> configs are simple
<twb> preseed also isn't so fugly
<gundehest> Hi, i have just installed ubuntu server and configured SAMBA, im about to copy some files over but the troughput is horrible. Its now 17KB/sec. it takes 15min to copy 12MB over :S and i have gigabit network cards in both machines.
<gundehest> anyone awake?
<Mithos> gundehest:  i dont know the issue with your system, but FYI: we arent always awake and will answer you when we get to it :P
<lifeless> win 65
<twb> There's no 6.5 release; they're only up to 6.1
<MarchHair> What's the current "best practice" for a small office (5 users) migrating to linux workstations & server (file & print)?
<MarchHair> I'm guess CIFS for file sharing over NFS, but I'm curious about "disconnected operation." (laptops, etc.)
<twb> Either will do if it's homogeneously unix
<MarchHair> Is there a generally accepted method of handling the disconnects & reconnects that come with laptop use?
<MarchHair> I'm not necessarily looking for synchronization, just a way to easily mount/umount...
<qman__> NFS gets really hairy when the server goes down, I assume frequent disconnections would be the same
<qman__> CIFS would be the better option there, that or sshfs/sftp
<MarchHair> that's what i was thinking too.
<qman__> when my NFS server goes down unexpectedly, I have to `sudo umount -l` my directories
<qman__> and nautilus usually crashes, requiring a reboot
<MarchHair> I've been looking for something that can mount/umount some shares,maybe tie that into laptop suspend or something...
<MarchHair> thinking about a workgroup or projects share, not home directories.
<qman__> this isn't my home directory
<qman__> nautilus just completely hangs, even if you bring the share back up
<qman__> have to kill -9 it, and if I just launch it again, desktop icons are missing, and a few other annoying bits
<qman__> until I reboot, or at least log off/restart X
<qman__> in any case
<qman__> sftp is quite a good solution there
<qman__> if you use something like nautilus anyway
<qman__> because you can mount your shares through the 'connect to' menu, then add them to the favorite places
<qman__> and a simple click mounts it, clicking the eject button dismounts
<qman__> I suppose CIFS would work the same way
<qman__> I guess the point is, easiest depends a lot on client software
<MarchHair> That's a interesting idea. Don't even try to set up a "smart" script. Be dumb an let the user attach when they need to.
<qman__> the downside to that is, at least with nautilus, I don't really understand where/how it mounts them, so you can't just interact with scripts or the command line easily
<qman__> sort of an all-CLI or all-GUI choice to make
<MarchHair> Yup. I don't understand that either. I've gone hunting, and there's obviously some Gnome-VFS magic going on, but I can't track it down.
<qman__> one thing when doing this, make sure each user has a unique UID/GID
<qman__> if you just install all the systems, and add one user, they'll have the same UID
<qman__> it won't make much difference with sftp and cifs, but if you use nfs it will
<qman__> not sure about sshfs, probably not
<qman__> nfs is intended to be used with networks that have directory services
<MarchHair> yup. that's true. that's another nail in the NFS coffin. I'm trying to do this without building up a full infrastructure.
<giovani> qman__: are you hard or soft-mounting your NFS?
<giovani> I mean NFS and CIFS are horrible protocols
<qman__> I'm not sure what the difference there is
<qman__> it's in /etc/fstab and I'm using the kernel client
<giovani> qman__: if you don't specify either, then it's hard-mounted
<MarchHair> giovani: what would you use instead?
<giovani> hard-mounting NFS hides the lower-level errors/disconnections from the upper layers
<giovani> this is helpful if you expect frequent disconnects
<giovani> but if you want the higher-level apps to fail properly, then soft-mounting is what you want
<giovani> MarchHair: AFS
<qman__> 192.168.1.8:/home/public	/home/public	nfs	auto	0	0
<twb> soft mounting assumes the high-level app will correctly deal with the error
<giovani> twb: indeed
<giovani> he's getting nautilis hangs with hard-mounts
<twb> Yeah, well, that's it working as advertised :-)
<qman__> it doesn't happen very often, only when the server crashes
<giovani> twb: heh
<giovani> qman__: sure
<qman__> but it's quite annoying when it does
<giovani> use a better network fs
<giovani> Coda, AFS, anything decent
<twb> giovani: a better network filesystem won't hang *nor* return an error when the backend store disappears?
<twb> Or are you just talking about having a distributivity/caching, so it happens less often?
<giovani> twb: well, a better-engineered distributed network fs won't, no
<giovani> AFS handles caching on the client properly
<twb> It's no good if the file isn't already cached
<giovani> and with a distributed fs you're less likely to encounter the downtime in the first place
<giovani> caching is only one component, like I said
<giovani> Coda and AFS are both distributed
<twb> Distributed in the sense that the same data is stored on multiple hosts?
<twb> I don't remember reading about that when I looked into AFS
<giovani> sure
<giovani> it's configurable
<giovani> Coda's better at that
<twb> It was more like /afs/foo.org is always stored on foo.org, and nowhere else.
<giovani> Coda is optimal for high-latency high-downtime links
<twb> Coda and AFS are also harder to set up and less widely tested than NFS/CIFS, of course.
<twb> If this is just for a LAN, I'd recommend qman__ to instead work out why the server's crashing and fix that
<giovani> and yet they're much better
<giovani> servers crash, it's inevitable
<qman__> it's not a regular thing
<twb> giovani: sure; you can either have the thing nobody likes, or the thing nobody uses :-)
<qman__> had a NIC fail a couple months ago, etc
<giovani> twb: you'd be demonstrating extreme ignorance
<twb> giovani: yes, but if the server crashes for five minutes each year, he probably doesn't give a shit
<giovani> to claim that "nobody uses" AFS or Coda
<giovani> twb: but he'd learn to use a better protocol
<giovani> so when he wants to implement something at work
<giovani> he knows something more than NFS
<qman__> I don't have the budget for multiple servers at this point, so distributed wouldn't provide any advantages
<qman__> but a more graceful handling when it crashes would be nice
<qman__> one that doesn't require rebooting
<giovani> qman__: they have advantages besides the ability to be distributed
<giovani> qman__: why are you having to reboot?
<qman__> because all of gnome gets messed up after nautilus crashes
<twb> giovani: it's just that you sound like a weenie
<qman__> desktop icons missing, other weird bugs
<giovani> qman__: so maybe just restart X?
<qman__> effectively the same, I still have to close all my programs
<giovani> twb: just someone who's used NFS, and knows it sucks, and encourages people to learn the better options out there rather than stick with an old standard
<qman__> I still haven't rebooted since my server last crashed, about two weeks ago
<giovani> qman__: technically if the NFS server is brought back up, your session should be resumably
<giovani> resumable*
 * MarchHair quietly ducks under the table as the fight he innocently started kicks into high gear...
<qman__> it hard locked, never figured out exactly why
<giovani> and twb, these symptoms he's describing are EXACTLY what caching prevents
<qman__> ran zip on it and it just choked
<twb> Shrug.
<giovani> hard locks from a network outage are a classic issue with NFS
<giovani> we've probably lost countless dollars to them at work
<giovani> just saying, when you use NFS in the real world, this stuff bites you in the ass
<qman__> giovani, it usually takes a few hours to bring the server back up, since if it crashes, it's configured to fsck the RAID, and if it's a hardware failure, well
<giovani> qman__: yikes -- do you know what the cause of the crashes has been?
<twb> qman__: buy a UPS
<giovani> even if they're infrequent
<qman__> the most recent one, no idea
<qman__> I have a UPS
<giovani> a UPS?
<qman__> it'll last about an hour and a half
<giovani> how does that prevent server crashes?
<twb> Oh, you mean a software crash
<qman__> yes
<twb> What the fuck are you running on your NFS server that it EVER crashes?
<giovani> well if it's his home network, presumably if he lost power, his desktop would also lose power
<qman__> the one before that, the NIC failed and I had to shut it down and replace, forgot to umount my filesystem first
<giovani> so he wouldn't care
<twb> giovani: not if it was a laptop :-)
<giovani> presumably :)
<qman__> I've got a UPS on that too
<giovani> good point
<qman__> my network stays up when the power goes out :)
<giovani> NFS home directory on a laptop doesn't sound like a good idea
<giovani> kind of defeats the purpose of it being a laptop :)
<qman__> pretty much everything else just uses CIFS, it just wasn't adequate for this desktop
<qman__> lots of lag trying to load music files
<twb> That shouldn't happen
<giovani> what's the CIFS server?
<giovani> samba?
<qman__> yes
<giovani> well there's your problem ;)
<twb> Yeah, is this NAS running Ubuntu LTS?
<qman__> and windows clients have no issues using it
<qman__> yeah, 10.04 now
<giovani> samba is junk
<giovani> sorry to say
<qman__> had to upgrade from hardy because my replacement NIC didn't have drivers
<twb> qman__: I'm in that position; it's fucking me up because I have to port all this in-house juju to 10.04isms
<qman__> it had been running great until that NIC failed
<qman__> almost a year of uptime
<giovani> but a NIC failure shouldn't have required an unclean shutdown and therefore a fsck
<twb> Nod.
<qman__> no, but I had to order one
<qman__> took a week to get here
<giovani> what were the issues that caused unclean shutdowns?
<qman__> I have lots of spare PCI NICs, but it didn't have any free PCI slots
<qman__> haven't figured it out yet
<qman__> I ran 'zip' on the server
<qman__> and it just choked, out of the blue
<giovani> hmm
<giovani> disk failure?
<giovani> filesystem failure?
<giovani> what fs are you using?
<qman__> disks are all good, filesystem checked clean
<qman__> ext3
<giovani> I'm wearing of filesystem checks
<giovani> weary*
<twb> giovani: switch to btrfs, then, where they're not supported
<giovani> you still have the logs?
<qman__> SMART is happy, mdstat is happy
<qman__> there was nothing logged
<giovani> twb: we're evaling btrfs actually
<giovani> qman__: nothing?
<giovani> no oom?
<qman__> like it never crashed
<giovani> no watchdog?
<giovani> ouch
<qman__> I don't know if there's anything special I can configure to help it
<giovani> serial console :)
<qman__> but it was so far gone there was no kernel panic messages on screen, sysrq commands did nothing
<giovani> sounds hardware-related then
<giovani> if the kernel doesn't panic but sysrq is no good, 90% chance it was hardware
<qman__> not good news, but good to know anyway
<giovani> only a few things could cause that
<giovani> CPU/Motherboard/RAM
<giovani> run some burn-in tests
<qman__> it's been operating hiccup free since then
<qman__> of any of them, I suspect the motherboard
<giovani> who made it?
<qman__> but it's all DDR equipment, old hat
<qman__> if it failed I'd replace all three
<qman__> foxconn
<giovani> ah
<giovani> yeah, cheap taiwan stuff
<qman__> guess that one goes to the top of the 'to-buy' list
<giovani> I personally prefer Intel
<giovani> for my home systems that don't need something fancy
<giovani> every Intel board I've used has been rock-solid
<giovani> but they're never on the cutting-edge
<qman__> I'm a bit of an AMD fanboy
<qman__> I'll probably buy a gigabyte board, though
<giovani> you must be hurtign then :)
<giovani> since AMD's market share is dropping like a stone
<qman__> it needs an upgrade anyway, it's a single core 2.2GHz, 4x512MB in it
<giovani> sounds more than adaquate for a home server
<twb> That's faster than most of my machines put together
<twb> My home server is a 16MB/32MB 200MHz MIPS system.
<giovani> heh
<giovani> NFS hosted on that? ;)
<Hilikus> hey guys
<Hilikus> i have a web server at home
<Hilikus> that i am trying to access. but i can't seem to find a way to access it through the same name both from within the network and from outside the network
<Hilikus> i have a dynip domain that works when i'm not at home, but from home i never works
<giovani> an internal DNS server is usually the solution
<qman__> well, if you want to access it by any name from outside the network, you need to register a name
<qman__> oh, I see
<Hilikus> qman__: i already have a name
<qman__> the problem is your router
<qman__> by default, they will not route packets back into the network
<Hilikus> qman__: but how come i use the machines actual name and i do access it from within the network
<qman__> so, you'd need to either configure it to do that (bad idea security wise) or set up an internal DNS to answer that query as a local IP instead of your external IP
<Hilikus> wouldn that count as routing packets back?
<MarchHair> isn't there a redirect feature that some routers use?
<qman__> no, because when you use the internal name, it gives you the internal IP
<twb> giovani: no, but HTTP and sshfs is
<Hilikus> i see
<MarchHair> LAN-side requests for the WAN/DMZ IP get icmp-redirected back to the LAN ip
<qman__> when you use the internet name, it gives the external IP
<Hilikus> how i have a setup a dns server
<qman__> and your router is not routing traffic back to the server
<twb> The files themselves wouldn't fit into the 16MB of nonvolatile memory; it has a USB key hanging out the back
<Hilikus> is a dns server with pretty much no traffic heavy to run?
<qman__> not at all
<Hilikus> memory and cpu-wise
<twb> Hilikus: do you mean a local DNS cache of the internet's A records, or do you mean hosting your own A record for the internet to get?
<qman__> I use BIND because that's what I know, but you probably want dnsmasq
<MarchHair> Hilikus: what router do you use? See if it supports icmp-redirect.
<Hilikus> in my laptop i had to come come up with a script that altered /etc/hosts depending if the SSID was my home's or not
<Hilikus> but now with my phone i can't do that
<Hilikus> twd i have no idea, don't know much about dns
<Hilikus> i just want to be able to use the same name to access my server from the lan and wan, because i have bookmarks, settings and stuff like that that have the name of the server stored, so when i go out and try to access it they don't work
<twb> Hilikus: why not just use split-horizon DNS for the router's A record?
<qman__> well, if your router supports it, the icmp-redirect will be the easiest
<twb> Sorry, bad completion
<twb> MarchHair: why not just use split-horizon DNS for the router's A record?
<Hilikus> qman__: didn't you say that would be dangerous or you were talking about something else?
<qman__> something else
<Hilikus> MarchHair: my router is pretty crappy, but i'll look
<MarchHair> twb: if he's using something like hilikus.dyndns.org, would split-horizon make the rest of dyndns.org unaccessible from inside the LAN?
<twb> MarchHair: I don't believe so; you'd only be splitting hilikus.dyndns.org, not the parent domain
<qman__> even what I was thinking of is not inherently dangerous, it just goes against the damage-control ideal should you get a malicious user or program on your network
<MarchHair> twb: you can do that without being authoritative for the parent? cool. gonna go look.
<twb> MarchHair: I don't know.
<Hilikus> so the three options i have is either to run a dns server, to configure icmp-redirect and this split-horizon thing?
<twb> $coworker won't let me do any significant split-horizoning due to him being a fuddy duddy
<twb> Hilikus: they all require your router to not be shit
<twb> FSVO router = dhcp/dns server
<giovani>  uhm
<giovani> no, if he has internal DNS resolve the external name to an internal IP
<Hilikus> twb running a dns server would work anyway, no?
<giovani> his router doesn't need anything special
<MarchHair> twb, hilikus: just read. yeah. split-horizon will do the trick too.
<twb> dnsmasq has a nice option for split-horizon where it'll just magically work out the Right Thing based on interfaces and the requestor's IP and the list of A records in /etc/hosts
<MarchHair> sounds like the split-horizon dns is a good option.
<twb> Can't find the option now, though :-/
<twb> Ah, localise-queries
<twb> Doesn't work for IPv6
<MarchHair> twb: what does? IPv6 support needs to hurry up.
<twb> MarchHair: dnsmasq's split-horizon (--localise-queries) is IPv4 only at present.
<qman__> I wouldn't be surprised if I'm telling that to my grandchildren
<twb> qman__: tell me about it :-/
<Lord_Devi> If a person were to modify /etc/init/samba.conf to tweak samba's initialization, could I expect updates to samba to over ride my alterations? Or would my customized /etc/init/samba.conf file be in danger of being overwritten?
<Lord_Devi> errr would it NOT be in danger rather.
<qman__> Lord_Devi, all the times I have run into that, it asked me what to do
<MarchHair> qman__: yup, as we all huddle around fires talking about how the CIDR block shortage has returned us to the stone age....
<qman__> of course, those were during release upgrades
<Lord_Devi> Hrm, yeah ok
<MarchHair> well, this samba.conf is the StartUpManager conf. How's that tagged in the package?
<Lord_Devi> MarchHair: If that's in reference to my question, I don't understand what you mean.
<MarchHair> Lord_Devi: in the samba package, /etc/init/smbd.conf can be marked as a config file. If it is, it won't be overwritten at all, because you can "config" it.
<MarchHair> if not, it can be overwritten, but apt/dpkg should be smart enough to ask you before doing that.
<Lord_Devi> Oh ok! I see. I didn't know that.
<Lord_Devi> Is there a way I can check? That would be a handy skill for me to know..
<MarchHair> Lord_Devi: I'm sure there is, but I don't know it off the top of my head.
<Lord_Devi> Well still very helpful information. Thanks March
<MarchHair> NP. I hate to RTFM you, but that's all I can suggest right now. Maybe one of the man pages says how...
<qman__> there most definitely is, but I don't know it
<qman__> check the apt-cache manual, I think that's the base command for it
<qman__> might be a dpkg command too
<MarchHair> i thnk dpkg-query has some clues
<MarchHair> looks like [ dpkg-query -W -f='${Conffiles}' samba ] will probably list the conffiles.
<MarchHair> yup. that works.
<Lord_Devi> Hrmmm!! Very cool! Ok thanks March!!
<Lord_Devi> Very very handy
<Lord_Devi> I'm taking note of that for sure
<Hilikus> so from what i'm reading it souynds like split horizon would do what i need, but i can't find info on how to set it up
<Hilikus> is there an ubuntu guide for it?
<Lord_Devi> Sheesh. Never heard of that before... As if DNS wasn't complicated enough! let's have different tables for different request sources! lol... oh yay, sounds like fun
<Hilikus> i know
<Lord_Devi> I'm curious Hilikus, what's the scenario that has you interested in such functionality?
<Hilikus> i want to access my server with the same name from inside and outside the network
<Hilikus> right now i have to use different names based on where i am
<Lord_Devi> Hrmm!! Yes yes..I can see that.
<Hilikus> but its annoying for apps that store the server name
<Lord_Devi> Roaming users are always such a nuisance. ;)
<Hilikus> hahaha
<Lord_Devi> Sorry I can't be helpful though. Sounds interesting however, I might have to look into that myself..
<Lord_Devi> I have an application here hardcoded to be available on localhost:8080, but i wish to make it available to 0.0.0.0:8080. How can I achieve this with iptables? I am told NAT does not work for this usage.(Nor could I get it to myself) but maybe redirect can? (Still no luck from my own sloppy attempts)
<twb> You can't.
<twb> Maybe socat would work.
<MarchHair> what if you changed the port? Map 0.0.0.0:9090 to 127.0.0.1:8080?
<twb> I don't think you can DNAT to the loopback interface, no matter how hard you try.
<twb> Feel free to prove me wrong
<Lord_Devi> twb: That's what I was told by some other fellows. A few seemed to think REDIRECT would work though
<twb> Oh, yeah, that looks like it would work
<Lord_Devi> Any idea HOW? lol
<Lord_Devi> I'm googling, but the examples I'm getting are mostly from port to port, not interface to interface so to speak..
<twb> Well, *nat -A POSTROUTING -i isp+ -p tcp --dport 8080 -j REDIRECT --to-port 8080
<Lord_Devi> Actually frustrating enough, most google replies are still telling me about DNATTING :P I'd search for NAT if I wanted that! I want redirect! Damn google..
<twb> Lord_Devi: so add a -DNAT to the query
<Lord_Devi> Yeah you're right =) I could be more finesseful with my googlefu I suppose. Thanks for the pointer though, that'll help my searches a bit..
<Hilikus> twd so for split-horizon do i still need to have a dns server running and have the router use it?
<Hilikus> twb, sorry
<twb> split-horizon is a feature/property of a DNS server, so it requires a DNS server.
<Hilikus> ok
<twb> Really you could fake it by just hard-coding the IP of the inward-facing interface of your router/whatever in /etc/hosts on your local machines.
<Hilikus> i did that, the problem is when i move the laptop of phone outside the network the hardcoded ips don't work anymore
<Hilikus> or phone*
<twb> Right
<twb> So add it to the set of A records that your DNS server exports to the local network
<twb> That's effectively split, because OUTSIDE the LAN, there's a different A record hosted on dyndns or whatever
<Hilikus> hmmm. i dont know much of DNS. any links i can read, or queries to search for doing this export you're saying?
<twb> Given you're dealing with a shitty appliance router, knowing what's going on wont help
<twb> You need to go into its stupid web UI and look for a place to add hostname-to-IP mappings
<MarchHair> I'm out for the night. Good luck, Hilikus.
<Hilikus> it does have a DNS setting, i thought telling it to use my server instead of the ISP dns server would do it
<Hilikus> thanks MarchHair , good night
<Hilikus> well, at least do part of it
<MarchHair> thanks to the rest of the room for hits on my file server woes. it was a help.
<twb> Hilikus: yeah, you could do that
<Hilikus> all i see is setting fixed ips instead of dhcp, nothing to map hostnames to IPs
<uvirtbot> New bug: #602540 in openldap (main) ""ldapadduser" adds the user and hangs" [Undecided,New] https://launchpad.net/bugs/602540
<twb> alvin: hey, I just had a fucking clever idea
<twb> alvin: add nolock to /home's options in fstab, then add a mountall-lock.conf job that starts when rpc.statd is ready, and simply runs "mount -oremount,lock /home"
<Hilikus> guys, i'm trying to bind mysql to 192.168.0.100 but when i change the config file it doesn't start at all saying that port 3306 is used. if i change it to 127.0.0.1 it works
<Hilikus> could it be that apparmor is blocking the daemon from binding the network address?
<sbeattie> Hilikus: if it is, you'd see rejections in /var/log/kern.log
<sbeattie> Hilikus: you should look at the output of 'sudo netstat -nltp" to confirm that there's nothing existing listening on 192.168.0.100:3306
<Hilikus> i'll try that, thanks sbeattie
<MakX> anyone familiar with DAS, NAS, SAN?
<rahman> Hi, something wrong with squid_db_auth. I get this: DBI::db=HASH(0x1bcffe8)->disconnect invalidates 1 active statement handle (either destroy statement handles or call finish on them before disconnecting) at /usr/local/squid/libexec/squid_db_auth line 97, <> line 1.
<rahman> And it gives ERR login failure
<rahman> I modified the squid_db_auth script so it writes the password comparison to console. And I see they match
<rahman> So why it gives login error?
<lau> I am trying to create an ec2 ami from a running lucid server machine
<lau> sudo ec2-bundle-vol -d /mnt/ -c ???.pem -k ???.pem -u ??? -s 1536 --no-inherit
<lau> but the command fails when rsyncing
<lau> is it possible to create an ami from a ubuntu server machine that is not already an ami ?
<RudyValencia> I just transplanted components from my old server into a new server and Ubuntu isn't recognizing the Ethernet onboard.
<RudyValencia> (I don't get an eth0 when I type in 'ifconfig'
<RudyValencia> it's recognized by lspci, but I get no network interface...
<RudyValencia> ...why?
<Jeeves_> RudyValencia: What kind of interface is it?
<RudyValencia> Intel 82557/8/9/1 PRO/100 Ethernet (rev 10)
<RudyValencia> Something like that anyway
<RudyValencia> I'm switching between the desktop and server via KVM so I can't exactly copy anything
<Jeeves_> And if you type ifconfig -a ?
<RudyValencia> there's an eth1
<RudyValencia> and lo
<Jeeves_> Than that's the one
<RudyValencia> How do I change it to eth0?
<Jeeves_> edit /etc/udev/rules.d/70-persistant-net
<Jeeves_> That's where the interfaces are mapped
<RudyValencia> Is there a way to 'redetect' the interfaces?
<RudyValencia> like a command I can run?
<RudyValencia> I guess I just remove the old line for the prior server's Ethernet adapter and alter the eth1 to eth0?
<RudyValencia> right?
<Jeeves_> Right!
<Jeeves_> (seriously :))
<RudyValencia> Anything else I should alter?
<Jeeves_> Nope, if you reboot now, you should have an eth0 again
<Jeeves_> btw, you can see this by reading the dmesg output
<Jeeves_> it says something about 'renaming interface' or zo
<Jeeves_> so
<RudyValencia> I don't know
<Jeeves_> You don't know what?
<RudyValencia> but anyway, is there anything else that should be changed as a result of the transplant?
<RudyValencia> That's what I was saying "I don't know" about
<RudyValencia> as in, I don't know if there's anything else needing alteration
<Jeeves_> Nope, probably not.
<Jeeves_> Not that I know of, at least :)
<RudyValencia> Everything else seems OK
<RudyValencia> Time to RMA the old server
<Snadder> Anyone know if EUC will store the virtual machine state on both the node and the frontend?..
<RudyValencia> This new server is *much* quieter.
<RudyValencia> The old one was a generic motherboard in a server case.
<RudyValencia> This is a Dell Optiplex repurposed to be
<RudyValencia> +a server
<Snadder> Wondring what happens with the virtual machines running when I remove a pysical server from EUC..
<Roxyhart08> hi there, i need to try to configurate a application that use the file net on gentoo and do it on ubuntu. Somebody know which is the equivalente "net" file of gentoo in ubuntu?
<joschi> Roxyhart08: what "net" file do you mean? /etc/conf.d/net? the equivalent in debian/ubuntu would be /etc/network/interfaces
<Roxyhart08> tahnks joschi...just wondering in this file there are some configuration about vlans and sme format like config_vlan10 = ... , i am not sure if we can configurate this kind of things in interfaces?
<joschi> Roxyhart08: it's the right file for vlan configuration. install the package `vlan` (http://packages.ubuntu.com/lucid/vlan) and read its documentation
<Jeeves_> kirkland: Awake?
<Roxyhart08> thanks joshi
<gundehest> Hi, i have just installed ubuntu server and configured SAMBA, im about to copy some files over but the troughput is horrible. Its now 17KB/sec. it takes 15min to copy 12MB over :S and i have gigabit network cards in both machines.
<gundehest> And PHP dont work after my LAMP setup, it just show blank pages when i browse to the server
<Roxyhart08> hi there i download lucid server but it cant't start with my dvd/cd lector to install...i tried in different machines, somebody know if i need to do something else?
<Jordan_U> Roxyhart08: Did you burn the iso as a disk image or did you just put the iso as a file on a CD?
<Roxyhart08> as image?
<Roxyhart08> i will chek it again ...thanks
<qman__> bad downloads and burns happen too, check the md5sum of the CD against the one given on the mirrors
<Roxyhart08> ok, i will tahnks a lot!
<falktx> hi, I need some help restricting IPs on tomcat
<falktx> anyone?
<RoyK> falktx: try #tomcat - probably easier to get an answer there
<falktx> oh, lol, thanks
<uvirtbot> New bug: #602620 in mysql-dfsg-5.1 (main) "can't login to mysql server, seems is down" [Undecided,New] https://launchpad.net/bugs/602620
<kirkland> Jeeves_: hi
<Jeeves_> kirkland: Hi, I was wondering if you know where the fix of https://bugs.launchpad.net/ubuntu/+source/multipath-tools/+bug/571093 is
<uvirtbot> Launchpad bug 571093 in libvirt "[SRU] multipath + libvirtd eats away more memory over time" [Medium,In progress]
<Jeeves_> I can't find an updated version of libvirt-bin in proposed
<alvin> What is the name of the Ubuntu-server installer?
<Jeeves_> alvin: ?
<alvin> I want to report a bug against the Lucid installer and I need to know the project/package
<alvin> Looks like a papercut. /etc/fstab no longer contains a cdrom entry.
<alvin> (only on fresh installs. Upgrades do not lose the cdrom entry)
<Jeeves_> https://wiki.ubuntu.com/Bugs/FindRightPackage#When%20installing%20Ubuntu%20%28or%20Derivatives%29
<alvin> Jeeves_: thanks. Looks like it is debian-installer
<Jeeves_> Jups
<uvirtbot> New bug: #602689 in php5 (main) "Segmentation fault in libapache2-mod-php5 when calling methods" [Undecided,New] https://launchpad.net/bugs/602689
<bogeyd6> http://packages.ubuntu.com/lucid-backports/  is not a valid url
<sommer> morning all
<hackeron_> hey, how do I stop grub from showing the menu on failed boot?
<a_ok> Is there some documentation on Iscsi(diskless) booting? The installation runs fine but booting gives me an error: ipconfig eth0 SIOCGIFINDEX no such device
<Jeeves_> a_ok: Seems like you NIC wasn't found
<a_ok> Jeeves_: looks like it but I have no idea how to be sure this is the case. I am using an intel Gigabit ET quad nic. quite common
<a_ok> Jeeves_: does this mean that the setup just ignores NIC's when building the initrd?
<a_ok> Jeeves_: what stuff do I need in the initrd to get it going?
<a_ok> and how am I going to get in in the initrd. Last time I tried makeing an Image manually (using cpio) it did not see it as a valid image
<Jeeves_> a_ok: The intelnic should be fine
<Jeeves_> strange
<a_ok> Jeeves_: if it is not the lack of drivers the iSCSI boot procedure does not work
<Jeeves_> a_ok: I don't know. I have never tested that
<a_ok> Is there anyone who has done a succesfull iscsi boot with ubuntu 10.4?
<Jeeves_> w
<Jeeves_> sorry
<uvirtbot> New bug: #602734 in chkrootkit (main) "ifpromisc reports PACKET SNIFFER for /usr/sbin/dhcpd3" [Undecided,New] https://launchpad.net/bugs/602734
<sommer> I'm having a problem with postfix... I can relay messages on the local LAN, but they're rejected by the internets google, yahoo, etc
<sommer> my thought is something with DNS, but messages to through fine... using Google domain for main mail
<hallyn> kirkland: bug 601100  is the lxc sync request
<uvirtbot> Launchpad bug 601100 in lxc "sync lxc 0.7.1-1" [Undecided,New] https://launchpad.net/bugs/601100
<sommer> anyone mind if I try sending a message to their domain?
<sommer> or help me troubleshoot :-)
<a_ok> Jeeves_: yeah I just confirmed it the igb.ko module is in the initrd
<a_ok> image
<DrPoO> what are your suggestions regarding the automatic updating of an Ubuntu server? Should I simply add an aptitude safe-updrade to the roots crontab?
<hallyn> sommer: if you're just asking for somepalce to send mail to, i'm game
<sommer> hallyn: awesome thanks, what address should I send to?
<Jeeves_> sommer: mark@prevented.net
<sommer> Jeeves_: thanks sent a test
<sommer> Jul  7 09:53:54 IS postfix/smtp[29263]: connect to mx1.tuxis.nl[213.136.13.201]:25: Connection refused
<sommer> Jul  7 09:53:54 IS postfix/smtp[29263]: connect to mx2.tuxis.nl[89.31.102.126]:25: Connection refused
<sommer> Jul  7 09:53:54 IS postfix/smtp[29263]: 0980B12C2E1: to=<mark@prevented.net>, relay=none, delay=456, delays=456/0.01/0/0, dsn=4.4.1, status=deferred (connect to mx2.tuxis.nl[89.31.102.126]:25: Connection refused)
<Jeeves_> sommer: You're being firewalled
<sommer> jeeves_: because of DNS?
<Jeeves_> sommer: I'm not firewalling you
<sommer> Jeeves_: I have  subdomain MX for the host I'm trying to send through, but maybe it's not configured correctly
<Jeeves_> Your router, or your ISP, is firewalling you
<sommer> mmmmm, I'll check that
<kirkland> hallyn: done ;-)
<hallyn> kirkland: thanks!
<Jeeves_> kirkland: Do you have any clue on the libvirt bug?
<kirkland> Jeeves_: there's only one bug against libvirt?  :-P
<Jeeves_> 13:19 < Jeeves_> kirkland: Hi, I was wondering if you know where the fix of https://bugs.launchpad.net/ubuntu/+source/multipath-tools/+bug/571093 is
<uvirtbot> Launchpad bug 571093 in libvirt "[SRU] multipath + libvirtd eats away more memory over time" [Medium,In progress]
<Jeeves_> I can't find a new version in -proposed
<sommer> Jeeves_: thanks for the help... totally forgot firewall was blocking smtp for all but some hosts, doh
<kirkland> Jeeves_: I'm going to have to assign hallyn to this bug
<kirkland> Jeeves_: oh wait
<kirkland> Jeeves_: i see, it's a mistake
<smoser> kirkland, is this right:
<smoser> http://paste.ubuntu.com/460234/
<smoser> s/right/expected/
<smoser> i'm confused by option '2'
<kirkland> smoser: hmm, yeah me too
<kirkland> smoser: byobu -v ?
<kirkland> smoser: definitely a bug...
<smoser> byobu version 2.81
<smoser> Screen version 4.00.03jw4 (FAU) 2-May-06
<kirkland> smoser: okay, i think i know what introduced it
<kirkland> smoser: i started naming sessions "byobu"
<kirkland> smoser: to make screen and byobu cohabitate better
<Jeeves_> sommer: You're welcome
<kirkland> smoser: please file a bug, i'll get it fixed asap
<Jeeves_> kirkland: What is a mistake?
<kirkland> Jeeves_: that it didn't get re-uploaded
<kirkland> Jeeves_: thanks for the reminder, i'm on it now
<smoser> kirkland, i also find it strange / wrong that if i ctrl-C byobu-launcher i am placed into one of the sessions.
<kirkland> Jeeves_: uploaded, awaiting acceptance in -proposed
<kirkland> smoser: yeah, file a bug on that too -- you're not the first to say that, but no one has filed a damn bug on it :-)
<kirkland> smoser: okay, i see the bug
<kirkland> smoser: i'll upload a fix
<Daviey> kirkland, I noticed it aswell.. but thought it was intended behaviour :)
<|eagles0513875|> i installed ubuntu server on my internet connection at home on this workstation when i took it back to work and getting our internet connectionf or it today the network card for some reason doesnt want to connect to the internet .
<|eagles0513875|> hardware in this machine hasnt changed any ideas
<smoser> bug 602750 and bug 602753
<uvirtbot> Launchpad bug 602750 in byobu "byobu-launcher lists empty option " [Undecided,New] https://launchpad.net/bugs/602750
<uvirtbot> Launchpad bug 602753 in byobu "byobu-launcher should exit 'none' on user ctrl-c" [Undecided,New] https://launchpad.net/bugs/602753
<kirkland> smoser: thanks man
<Jeeves_> kirkland: Thanks!
<kirkland> Jeeves_: no prob, thanks for the reminder
<Jeeves_> yw
<alvin> |eagles0513875|: What network card?
<Jeeves_> |eagles0513875|: Did you statically configure an ip address?
<hallyn> kirkland: damnit, my qemu-within-kvm boot problem turns out to be the libvirt+bios bug where libvirt puts 'boot=on' at the end of an ide drive define and that makes the bios not boot it
<hallyn> (bug 591423 that is)
<uvirtbot> Launchpad bug 591423 in libvirt "qemu -drive boot=on flag causes boot to hang." [Low,Incomplete] https://launchpad.net/bugs/591423
<kirkland> hallyn: ah
<hallyn> kirkland: basically, https://bugzilla.redhat.com/show_bug.cgi?id=579348
<uvirtbot> bugzilla.redhat.com bug 579348 in qemu "libvirt: kvm disk error after first stage install of Win2K or WinXP" [High,New]
<a_ok> Jeeves_: what is the best way for me to solve this iscsi boot problem?
<a_ok> I mean should I file a bug report or something? can I parse sertain options to the kernel? or is there any documentation on the boot process that might help me pinpoint the problem?
<Jeeves_> a_ok: Sorry, I don't know.
<a_ok> Jeeves_: thanks anyway
<Krazyderek> is it possible to install windows on a KVM on a headless / commandline ubuntu server?
<Krazyderek> do i have to load the gui to do that?
<Kaffien> how can i determine the UUID of a specific partition?
<Jeeves_> blkid /dev/disk
<hggdh> !seen mathiaz
<ubottu> I have no seen command
<hggdh> oh
<mathiaz> jiboumans: hi!
<jiboumans> hey
<jiboumans> there you are :)
<jiboumans> i have a call running overtime, ping you asap
<jiboumans> mathiaz: ^
<mathiaz> jiboumans: ok - np
<hggdh> OK. Deutschland ueber alles, the game will start in a few :-)
<mathiaz> SpamapS: hi - have you heard of https://labs.omniti.com/trac/reconnoiter?
<SpamapS> mathiaz: reading, I had not.. but I have worked with OmniTI for a long time, they're awesome..
<mathiaz> SpamapS: right - is this the folks that gave the first workshop at Velocity?
<SpamapS> mathiaz: no, they're at http://watchingwebsites.com/
<mathiaz> SpamapS: ah ok
<mathiaz> SpamapS: one omniTI guy also gave a workshop at velocity
<SpamapS> mathiaz: yeah, thats Theo, he started the company
<SpamapS> mathiaz: Careercast, who became Adicio later, was one of his earlier clients.
<SpamapS> https://labs.omniti.com/trac/reconnoiter/browser/docs/assets/noit-network-arch.png
<SpamapS> great pic ;)
<SpamapS> mathiaz: this space seems to be exploding
<SpamapS> mathiaz: btw I am talking with some guys I met at devops days who are switching from munin -> collectd
<SpamapS> mathiaz: munin can't scale beyond 100 servers because of its polling infrastructure
<hggdh> mathiaz: would you mind creating another branch (uec-testing-preseeds) under uec-testing-script-dev? I cannot find how to do it
 * mathiaz nods
<hggdh> mathiaz: and there is an important change in maverick d-i that hit us
<mathiaz> hggdh: hm - you should be able to just push a new branch
<mathiaz> hggdh: you're part of the ~uec-testing-scripts-dev LP team
<SpamapS> mathiaz: the one thing I *don't* like about Reconnoiter is it looks like they're trying to make yet another "everything to everyone" tool instead of something that can easily be plugged into other things.
<hggdh> mathiaz: K, will do it
<mathiaz> hggdh: bzr push lp:~uec-testing-scripts-dev/uec-testing-scripts/name-of-the-new-branch
<hggdh> mathiaz: THANK YOU. bzr is, still, partially misterious to me
<soren> mathiaz: Hey, man.
<soren> mathiaz: Do you know of a package that uses openldap for its datastore and somehow manages to set it up automatically? I'm needing to do something like that, and I'm looking for prior art.
<maek> I have a single package im trying to automate the installation of but it asks 1 question, how do I provide an answer for that?
<smoser> maek, debconf-set-selections
<maek> smoser: how do I know what the name of the question is?
<smoser> look in /var/lib/dpkg/info/<package>.templates
<maek> smoser: thanks, so id do debconf chef/chef_server_url mystring
<maek> is there a way to tell if a .deb is going to ask questions with out installing it manually?
<smoser> not a fool proof one that i know of.
<smoser> but possibly /var/lib/dpkg/info/<package>.postinst has
<smoser> calls to db_input
<smoser> with a priority as the first arg, then, you'll be prompted for that if you have priority set lower or equal to the listed value
<maek> you lost me there, where can I read about priority?
<mathiaz> soren: hi
<mathiaz> soren: try to look at  lp:~asommer/openldap-dit/openldap-dit-split
<mathiaz> soren: it's not a package
<mathiaz> soren: but has some ideas about how to integrate with the new cn=config stuff
<rberger> Using UEC, is there really no way to specify the /dev/sdx device of an EBS Mount? It seems you have to manually figure out which device the instance magically chose by grepping dmesg. Is this really true? It makes it hard to automate.
<rberger> ec2-describe-volumes says something like unknown,requested:/dev/sdb but it doesn't mean that its attached to /dev/sdb
<soren> mathiaz: Ok, thanks!
<soren> mathiaz: That's based on Andreas' work, isn't it?
<mathiaz> soren: the key part is to use "-Y EXTERNAL -H ldapi:///"
<mathiaz> soren: yes - for the dit
<mathiaz> soren: if you use the option below to call ldap* commands you will have access to the whole tree
<mathiaz> soren: if run as root
<soren> mathiaz: Oh! That looks very interesting.
<mathiaz> soren: right - that's the whole point of slapd+cn=config
<mathiaz> soren: you don't need to have a "root" account in ldap with a specific password
<mathiaz> soren: with proper ACLs you can grant access to root (uid=0) to the whole tree
<mathiaz> soren: and do whathever you want
<mathiaz> soren: have a look at the acl on the cn=config tree
<mathiaz> soren: it grants full access to cn=config to root (uid=0) using peercred=sasl
<mathiaz> soren: (or something like that)
<Kaffien> why did  ubuntu-server start using  UUID in the fstab?
<Kaffien> im just kind of confused
<soren> Kaffien: Because device names aren't deterministic.
<Kaffien> usually /dev/sda  is the device it was yesterday
<Kaffien> and teh day before
<Kaffien> and month before ....
<soren> On your system.
<soren> It was a considreable effort. It wasn't just for fun :)
<Kaffien> give me an example in which this becomes necisssary
<soren> /dev/sdb and /dev/sda might change plances.
<soren> places.
<soren> Maybe you switch cables around, maybe it just happens, because the kernel discovers things in a non-deterministic order.
<soren> Maybe you insert an extra partition so that /dev/sda3 suddenly becomes /dev/sda4.
<soren> there's tons of things that could happen.
<soren> The primary motivation back in the day (this changed in edgy (October 2006)), was a specific brand of laptop whose cdrom and harddrive switched places based on whether it was in its docking station or not.
<soren> ..but it turned out to solve a /lot/ of other problems (like the ones I outlined above).
<soren> mathiaz: I think the peercred things was the missing piece of my puzzle. Good stuff. Thanks!
<smoser> cjwatson, do you happen to be around ?
<cybrocop> Hi. I'm trying to get my laptop SD card working in Ubuntu 10.04 without any luck. Can anyone help.
<cybrocop> The odd thing is that when I insert the card, there are no dmesg messages printed at all.
<cybrocop> Shouldn't SOMETHING be logged in dmesg?
<ScottK> cybrocop: This is only for server support.  Try #ubuntu.
<cybrocop> ScottK, sorry.
<gigasoft> how to switch to another group in terminal ?
<cjwatson> smoser: slightly
<hallyn> kirkland: w00t  finally, managed to live-migrate a debian qemu partition between two maverick kvm vms.
<kirkland> hallyn: sweet!
<hallyn> mind you this had to be done with qemu.git
<hallyn> expect 0.13.0 any day now, so hopefully not a big deal
<uvirtbot> New bug: #572123 in openvpn (main) "Openvpn 2.1_rc7 in Hardy: ifconfig-pool-persist broken" [Undecided,New] https://launchpad.net/bugs/572123
<mathiaz> jiboumans: http://people.canonical.com/~ubuntu-archive/germinate-output/ubuntu.maverick/all
<SpamapS> mathiaz: tomorrow can we coordinate around 10:00 Pacific to collaborate on Velocity/Devopsdays trip reports a bit?
<mathiaz> SpamapS: hm - I've already published my trip report
<mathiaz> SpamapS: https://ubuntumathiaz.wordpress.com/
<SpamapS> mathiaz: ah ok cool. :)
<SpamapS> mathiaz: I may be agonizing too much over details then. ;)
<mathiaz> SpamapS: I haven't written anything special about devops
<mathiaz> SpamapS: yeah - I've also wondered about how much detail to put in it
<mathiaz> SpamapS: I think I wrote too much for the two blog posts
<mathiaz> SpamapS: to much verbose
<mathiaz> SpamapS: next time I may change the format to bullet points - key takeaways
<mathiaz> SpamapS: and if you wanna more, here is a link to the slides/video
<maek> with the limited exposure I have it seems like upstart is more dificuilt then the old servies style init.d files. am I missing something? I do stop mysql and it just sits there for ever. status mysql shows stop/post-start ? what can I read to understand this?
<SpamapS> maek: mysql did that with the init scripts too. ;)
<maek> SpamapS: not really. I just re installed to 10.04 and a vinalla mysql install doesnt really stop or start correctly. and status is pretty useless :) there has to be something im missing
<SpamapS> maek: oh there is a specific bug, I believe, in 10.04 w/ mysql.. but I don't recall the details.
<maek> oh no, really? wow do I look stupid. I argue for several weeks to get ubuntu over redhat because it has newer supported php and mysql and now it doesnt work. thanks for the heads up.
<SpamapS> maek: mysql is really important to me personally, and to Ubuntu Server in general, so if its broken, please trust that we'll fix it ASAP. :)
<maek> SpamapS: ok, thats what I figured. if it broken its just bad timing. Im going to guess its my lack of understanding of upstart
<SpamapS> maek: 10.04 is really like 10.04.00 ... you *might* want to try out 10.04.1 first if you are risk-averse. ;)
<maek> SpamapS: so since we staretd talking I did "start mysql" and its just sitting there - as root.
<SpamapS> https://bugs.launchpad.net/ubuntu/+source/mysql-dfsg-5.1/+bug/566736
<uvirtbot> Launchpad bug 566736 in mysql-dfsg-5.1 "mysqld does not start reliably..." [Low,Won't fix]
<SpamapS> mathiaz: ahem, "Won't fix" ? Are we really going to suggest to users that they update their upstart job files?
<maek> SpamapS: the default bind-address is 127.0.0.1 - and im not even worried about starting at startup, im having problems starting it anytime.
<SpamapS> maek: nothing in the logs about recovering tables or anything like that?
<maek> SpamapS: let me check. rebooted just to see what happens after an update.
<SpamapS> maek: oi, I just noticed the time, I need to go... but please let me know what happens in here, I"ll check my backscroll later
<maek> SpamapS: ok thanks.
#ubuntu-server 2010-07-08
<maek> anyone have any idea how to start mysql? I have no errors and "start mysql" and "service mysql start" just sit there
<mathiaz> SpamapS: yop
<mathiaz> SpamapS: that's what we're recommending for upstart
<mathiaz> SpamapS: upstart job should be trivial enough to edit - and not require the use of a default file anymore
<maek> mathiaz: so my box is up and running, network is running. I sshed to the box
<maek> mathiaz: when I do "start mysql" I get notning, so its not that its waiting for a requirment right?
<mathiaz> SpamapS: default files were introduced because editing init script directly were too error prone
<mathiaz> maek: you're correct
<mathiaz> maek: I'd look in /var/log/daemon.log to figure out why mysql is failing to start
<maek> sorry for being dumb, im moving from rhel to ubuntu
<maek> mathiaz: /var/log/daemon and /var/log/mysql/error.log arent showing anything when I do start mysql
<GhostFreeman_> How does one install Redmine using the version from apt
<giovani> GhostFreeman_: /usr/share/doc/redmine contains configuration examples for lighttpd and apache2
<clusty> hey
<clusty> how likely is it that lm-sensors cpu temperatures are totally bogus?
<clusty> it's 35 deg celsius here and with 100% load for 5min temp uis 27deg
<debugview> is webmin the best that i can have for my server?
<clusty> ..and i got no peltier cooling :D
<giovani> clusty: quite possible that they're wrong
<giovani> debugview: not sure what you're asking, but, afaik, webmin is not supported by ubuntu
<giovani> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<debugview> giovani, seriously?
<debugview> lol
<debugview> okie
<debugview> but i had it installed anyway
<clusty> giovani: bios does not have temp meter. guess i am screwed....
<debugview> but thanks for letting me know about eBox
<giovani> clusty: screwed? unlikelly -- do some research on your motherboard, see if others report the same thing, if not -- look at the other temps, see if they all seem off
<clusty> giovani: lmsensors detects just the 2 core temps
<giovani> what kind of board is this?
<needhelp> can someone help me with inverse proportions ?
<giovani> needhelp: this isn't #math
<needhelp> for some reason it will not let me in #math
<giovani> needhelp: sorry, can't help
<clusty> giovani: intel 945GSE
<giovani> clusty: that's a chipset -- what about the motherboard?
<clusty> giovani: it's an asus atom PC
<giovani> ok
<clusty> http://www.newegg.ca/Product/Product.aspx?Item=N82E16883220006
<clusty> no clue how would i check exact mobo
<giovani> well is this a laptop or a nettop?
<clusty> nettop i guess
<clusty> size of 2 hdd's
<giovani> well who made it?
<giovani> not too many of them
<clusty> asus
<giovani> model number? heh
<clusty> ASUS Eee Box EBXB202-BLK-X0081
<clusty> thanks for help btw
<giovani> well I'd go searching to see if other eeebox users have similar issues with lmsensors
<clusty> ok thank
<talcite> hey guys. I have 2 scripts in rc0.d. One is S35, and the other is K80. Which would be run first on shutdown?
<clusty> giovani: curious why i don't have any stuff around thermal_zone, fan....
<clusty> and other /proc/acpi common things
<giovani> clusty: maybe the board doesn't have those sensors, or they're not supported by the version of linux you have
<talcite> I'm trying to figure out why my apcupsd process isn't killing the power to the UPS. I suspect that networking is going down before the killpower step is called
<debugview> hmm is using mrtg an overkill for bandwidth checks?
<giovani> talcite: my understanding is that the kills run first, then the starts
<giovani> talcite: so, K80 should run before S*
<giovani> debugview: yes
<debugview> giovani, what would you recommend for bandwidth graphs? one that monitors stuff then plot graphs..daily, weekly, monthly etc..
<giovani> debugview: I'd whip something up in rrdtool, but that probably isn't the answer you want
<debugview> giovani, yeah i just want a simple one
<debugview> browsing through http://www.ubuntugeek.com/bandwidth-monitoring-tools-for-linux.html lots of stuff
<giovani> well I don't know of anything simple that isn't overkill for a single server
<talcite> giovani: ah. And I found the debian policy manual page for it. This all makes sense now. I can finally go home...
<talcite> thanks!
<giovani> talcite: excellent -- it's not debian-specific though
<giovani> talcite: if you'd like a definitive answer you can do what I just did -- read /etc/init.d/rc -- the actual script that executes these other scripts
<giovani> "# First run the KILL scripts."
<giovani> "# Now run the START scripts"
<talcite> giovani: hm, didn't know rc was the actual script. Anyways, is there any problem if I shutdown a machine without bringing down the network interface first?
<talcite> the ups killpower command is called from the halt script, but the networking stop script is called before that. it's a SNMP ups, so naturally the signal never makes it there
<talcite> I'm thinking of moving the networking entry to go after the halt command (effectively it will never get called)
<giovani> what's the killpower script do, exactly?
<talcite> giovani: it sends a snmp command to the ups to kill power to the outlets after 90s
<talcite> pretty vital because the switches will drain the UPS battery dead otherwise
<giovani> so when this machine is shut down
<giovani> this script needs to be executed so that the UPS shuts down after 90 seconds?
<giovani> why can't you run the script before shutting down the network stack, and then still have time to shut down gracefully before the 90 seconds?
<talcite> giovani: it's pretty heavily integrated into the apcupsd package. I'd be ripping out a _lot_ of code if I did it that way
<talcite> but you're right, it's an option.
<giovani> I really don't understand why
<talcite> the package wasn't designed with network UPSes in mind. It's making the assumption that we're using a usb or serial UPS (even though the binary fully supports network UPSes)
<giovani> ok
<talcite> actually, it's a bug that I should submit a report for. What is ubuntu's bug tracker called?
<giovani> launchpad
<giovani> not sure that this is a bug, but alright
<giovani> https://launchpad.net/ubuntu/+bugs
<talcite> thanks.
<talcite> ah it fixed it!
<talcite> aaaaah! Finally after 6 hours!
<giovani> talcite: fixed how?
<talcite> giovani: the UPS powered off =)
<talcite> I removed the symlink for networking from /etc/rc0.d, and added a /etc/init.d/networking stop line in halt right after the ups shutdown command
<talcite> still within the if/fi statement of course
<giovani> gotcha
<clusty> giovani: seems the kernel modules for my board have been buggered badly since 2.6.30
<uvirtbot> New bug: #603001 in qemu-kvm (main) "Guest with user net can't access external network when host has static IP" [Undecided,New] https://launchpad.net/bugs/603001
<twb> OK, /home is an NFS mount
<twb> Why does "mount -oremount,lock /home" complain "an incorrect mount option was specified"?
<kees> twb: is NEED_STATD=yes set in /etc/default/nfs-common ? i seem to remember needing that on at least the client
<kees> but maybe that was something else
<kaushal> hi
<kaushal> when i do ./configure for memcached package on ubuntu 8.04 hardy server i get
<kaushal> checking build system type... Invalid configuration `x86_64-unknown-linux-': machine `x86_64-unknown-linux' not recognized
<kaushal> configure: error: /bin/bash ./config.sub x86_64-unknown-linux- failed
<kaushal> Any clue ?
<twb> kees: no; it should default to autodetecting whether it's necessary
<twb> kees: I'll try that; if it all magically works after that, I'll be bloody pissed.
<twb> (The problem is http://paste.ubuntu.com/460510/)
<SpamapS> kaushal: you're trying to compile memcached 1.4.5 from upstream tarball on hardy, yes?
<SpamapS> twb: can you paste the fstab line for /home?
<SpamapS> twb: also, I'm not familiar with casper, whats that?
<twb> casper is what makes the live CDs work
<twb> echo >>/root/etc/fstab 10.128.0.1:/home /home nfs intr,bg,nodev,noexec
<twb> ...with, or without {no,}{bootwait,lock}
<SpamapS> twb: hmm, the "auto detecting" of needing statd seems pretty different in /etc/init/statd.conf
<twb> statd is started, but mountall(8) is retarded AFAICT
<twb> mountall is a separate daemon that doesn't know that it needs to wait for statd/retry -olock fstab entries
<SpamapS> twb: you definitely need locking right?
<twb> Well, without locking users can log in on multiple hosts and potentially bust their files
<twb> In practice I probably don't need it
<SpamapS> twb: right its possible that mountall-net.conf needs a 'start rpc.statd'
<twb> But all mountall-net.conf does is send a USR1 to the mountall daemon
<SpamapS> twb: indeed, but it does that *after* networking has been configured
<twb> But networking is configured before upstart starts
<SpamapS> err
<SpamapS> not really
<twb> I'm booting off the network; if the network wasn't configured, it wouldn't be able to mount the root filesystem and find upstart to execute it.
<SpamapS> right, so in this case, the 'start on net-device-up' should fire *immediately*
<twb> Right -- I think it fires before the mountall daemon is even running
<SpamapS> ugh
<SpamapS> race condition after race condition. ;)
<twb> At least, when I trace mountall-net, I can see it fails to find the mountall PID -- so either mountall hasn't started, or has already finished
<SpamapS> twb: so maybe another 'start on' is necessary that makes mountall-net wait for 'mountall' to start *and* a net device to be up?
<twb> Well, I can try it
<SpamapS> start on started mountall
<SpamapS> it sounds quite reasonable actually
<twb> OK, that appears to have worked
<SpamapS> w00t
<twb> My brain hurts
<SpamapS> can you report this as a bug?
<twb> Yeah
<twb> So what I have at the moment -- I think -- is "lock,bootwait" for /home in fstab, and "start on statd" added to mountall-net.conf
<SpamapS> its SRU worthy, if we hurry it may make 10.04.1
<twb> I'll turn single off and try to see if GDM dtrt
<SpamapS> wait you added 'start on statd' ?
<SpamapS> or 'start on started statd' ?
<twb> The former
<twb> And it isn't working if I turn single off
<twb> (I was confused between "started" being there or not.)
<SpamapS> ok, I was thinking more that mountall-net needs to wait for 'mountall'
<SpamapS> and *possibly* statd
<twb> Without "single", neither "start on statd" nor "start on started statd" work -- it just hangs there in plymouth forever
<SpamapS> single meaning booting into single user mode?
<twb> Single meaning I pass "single" on the boot parameter list
<twb> (And friendly-recovery isn't installed.)
<SpamapS> yeah ok
<SpamapS> I think you need mountall-net to wait for mountall to be started, otherwise the event it sends to mountall will be missed
<SpamapS> I'm actually worried that mountall won't have signal handlers in place when its job is "started" though, so I wonder if you can introduce a small delay
<SpamapS> races suck. :-P
<twb> Isn't the whole point of upstart to avoid "sleep 1" hacks?
<SpamapS> yes
 * twb gripes
<SpamapS> the other way to do it is to have mountall emit a specific signal after it is ready to handle the USR1
<SpamapS> s/other/right/
<SpamapS> haha btw
<SpamapS> the "auto detecte" mode of NEED_STATD.. is just "if its not no, set it to yes"
<twb> It also seems pretty weird that Keybuk wrote mountall because upstart didn't do it internally -- but keybuk maintains upstart, too.
<twb> I can't get it to work with "single" anymore, so either I accidentally had "nolock" in the ramdisk (because I forgot to update it), or that ONE TIME, I managed to miss the race
<SpamapS> twb: did you try it with "start on started mountall" in mountall-net.conf ?
<twb> That *and* statd?
<twb> I'll try that now
<twb> Actually, as a test, why don't I just have it issue a USR1 every second forever
<twb> If that works, we can narrow down exactly when to send the USR1
<twb> OK, that works with single!
<SpamapS> very narrow window between when the exec will return, and the forked child handles SIGUSR1
<SpamapS> but still, I suspect its possible to run into it
<twb> ALRIGHTY
<twb> If I change mountall-net.conf to "start on startup" and a script of "while :; do pkill -USR1 mountall || :; sleep 1; done", it WORKS PERFECTLY -- the fourth USR1 succeeds
<SpamapS> doh
<SpamapS> I mean great, but DOH
<SpamapS> this makes sense...
<twb> So either mountall-net isn't triggering on statd -- which we fixed -- of its attempt to find the mountall PID is totally wrong and broken
<SpamapS> well more importantly, statd could be beating mountall
<twb> Well, first I'm going to change it to a single "pkill -USR1 mountall", and run that on the appropriate events.
<SpamapS> entirely possible the fix for bug 506902 wasn't done right too
<uvirtbot> Launchpad bug 506902 in mountall "mountall-net SIGUSR1 handling can signal the wrong process by mistake" [High,Fix released] https://launchpad.net/bugs/506902
<SpamapS> twb: I need to get to bed, but I would at least give your script a try with 'start on started mountall' and see if it succeeds on the 1st or 2nd SIGUSR1
<twb> I think it really needs "starting mountall && started statd" or so
<twb> i.e. statd is fully up, mountall is running and waiting for events
<SpamapS> started
<SpamapS> starting would be too early
<SpamapS> twb: but yeah, they probably both need to be started
 * SpamapS must really go now
<twb> You really helped, thanks
<R3cur51v3> Should the Ubuntu Server edition have django 1.0 SVN final installing by default, or is it a severely outdated mirror?
<twb> R3cur51v3: ask rmadison
<R3cur51v3> rmadison, Should the Ubuntu Server edition have django 1.0 SVN final installing by default, or is it a severely outdated mirror?
<twb> $ rmadison python-django -uubuntu -slucid ==> python-django | 1.1.1-2ubuntu1 | lucid | source, all
<R3cur51v3> ah, the douches still have Intrepid installed
<R3cur51v3> figures, with a $5 vps
<R3cur51v3> twb, to upgrade to Lucid, do I just change all instances of intrepid to lucid in /etc/apt/sources.list, then update?
<twb> No.
<Jordan_U> R3cur51v3: NO
<twb> !upgrade > R3cur51v3
<ubottu> R3cur51v3, please see my private message
<R3cur51v3> ty twb  and Jordan_U
<R3cur51v3> night all
<|eagles0513875|> hey guys i am having connectivity issues on a clean install of lucid server 64bit
<|eagles0513875|> hold on
<twb> |eagles0513875|: still there?
<MasterZuFu> Hey everyone. I'm running Ubuntu Server 10.04 on a dedicated host. I'm logged in via putty. I'm running a MyBB forum on it at the moment. For some reason email isn't working. It happened after I restarted the host. I think I'm using exim4, I just restarted that service and it didn't start back up. I recently installed ebox. Could someone help me troubleshoot this please?
<serverhorror> MasterZuFu:  mailservers aren't exactly the easiest components. If you don't have some setup to test and learn from I really really suggest to use a hosted mail provider.
<serverhorror> MasterZuFu:  apart from that. Check which mailserver you have installed, then check the logs (in case of exim /var/log/exim/{main,paniclog} IIRC)
<MasterZuFu> serverhorror, I don't have the option of an alternate mail server. it's built into the site software to use the email server on the server itself. I'd have to edit the core files to change that.
<serverhorror> MasterZuFu:  then use nullmailer and let it forward the mails for you to a real server.
<MasterZuFu> hmmmm ok, let me take a look. one moment please
<MasterZuFu> serverhorror, here's what the panic log says: 2010-06-01 10:00:08 socket bind() to port 25 for address ::25 failed: Cannot assign requested address: daemon abandoned
<serverhorror> MasterZuFu:  something is listening on port 25 already
<serverhorror> (probably)
<MasterZuFu> gay. let me check ebox.
<Jeeves_> http://www.computerpowertest.com/
<Japje> MasterZuFu: netstat -plnt
<twb> ss is the new netstat
<Japje> rly..
<MasterZuFu> nothing's running under port 25
<Jeeves_> twb: thanks! :)
<Jeeves_> saves me the typos :)
<MasterZuFu> I've got the following ports open: 993, 995, 389, 10023, 3306, 110, 143, 80, 22, 3128, 5432, 443, and....ummm O.o 22 whya are there two 22 running? O.o odd. Anyways..no 25.
<serverhorror> MasterZuFu:  paste the output of netstat -tulpen on some pastebin and tell us the link
<MasterZuFu> http://pastebin.com/G2EQcXu4
<serverhorror> MasterZuFu:  and are you sure that log line is the one regarding the error, because since 2010-06-01 some time has past. At least in my <del>time</del>date zone...
<MasterZuFu> let me check again
<MasterZuFu> yeah that's the only line in it
<serverhorror> I'd truncate the log files. restart exim and then see what the logs say. Just to make sure. But I'd also verify that it's indeed exim that is the mailserver. you said you believe you run exim, pls verify first which smtp server you are using...
<MasterZuFu> ok, one sec
<MasterZuFu> this restarts exim4 right? /etc/init.d/exim4 restart
<MasterZuFu> I don't see any logs at all.
<MasterZuFu> should I reinstall it?
<MasterZuFu> nevermind, i sent my sysadmin an email. He'll look into this for me. thanks everyone.
<MasterZuFu> :)
<uvirtbot> New bug: #603091 in backuppc (main) "Have an authenticated access for personnal backups" [Undecided,New] https://launchpad.net/bugs/603091
<kaushal> Hi
<kaushal> I have a weird issue about disk space
<serverhorror> hmmm playing around with UEC and I can't seem to connect the eucalyptus-nc to the cc. As of now I'm also blind and couldn't find some more in depth docs how I'd do that manually. Any hints/links?
<serverhorror> .oO(is anybody even using UEC? - I have a feeling it's not really being used)
<phretor> hi, what's wrong with this remounting? http://pastie.org/1035764
<serverhorror> phretor:  sound slike /dev/sda6 isn't mounted :)
<phretor> serverhorror: it's mounted to /
<serverhorror> looks, good to me. maybe some strange ordering issue with mount options. I'd simply iterate thru the options and see where it chokes...
<adamdv> serverhorror: Never used UEC. Dont like the concept.
<adamdv> Might try it sometime. heh.
<serverhorror> seems everybody still stays with either home-grown scripts or closed source :)
<adamdv> Closed source :)
<serverhorror> heh, we run home-grown. OpenVZ with a few monitoring/management scripts on top of it
<serverhorror> s/a few/
<serverhorror> probably
<adamdv> Well, we run somewhat home grown (due to be professionally released later this year). Its closed source however.
<serverhorror> <rant>so you're going to sell me software, and I have to find some other professionals that can give me support?</rant> (sorry, couldn't resist it)
<kaushal> can someone guide me about the post on https://lists.ubuntu.com/archives/ubuntu-users/2010-July/222568.html ?
<adamdv> serverhorror: Haha, not at all ;)
<sommer> morning all ;-)
<twb> In "apt-conf dump", I see APT::Never-MarkAuto-Sections
<twb> Does this mean I can tell apt that everything in, say, libs, is ALWAYS implicitly MarkAuto'd?
<twb> Sigh.  So it looks like something happened to pam since 8.04
<twb> It wants me to use /usr/share/pam-common
<twb> Ahahaha
<twb> I see the problem now: pam is working, but nss isn't configured anymore because I changed my "auth-client-config" call to a "pam-auth-update" call
<serverhorror> kaushal:  files that are unlinked but still opened by some program do take up disk space. Most common weirdness reason is to delete large log files, while some daemon still writes to them...
<twb> This fixed it: auth-client-config -plac_ldap -tnss
<zul> nxvl: did you ask for a sync for augeas?
<oru_work> i'm not sure why i'm getting this error when restarting mysql http://www.pastebin.org/386376
<giovani> oru_work: it's fully self-explanatory
<adamdv> oru_work: The init scfript is deprecated in favor of upstart. However, init still operates as it should. (Not sure if it will in maverick though)
<oru_work> i don't get it
<AdamDV> oru_work: service mysql restart
<AdamDV> Try that.
<AdamDV> Thats the new way to do it, as opposed to manually invoking a script from path
<AdamDV> More efficient as I understand.
<oru_work> AdamDV,  sudo service mysql restart
<oru_work> mysql start/running, process 1181
<AdamDV> Yes?
<giovani> heh
<oru_work> heh :)
<giovani> oru_work: your ability to be confused is impressive
<oru_work> giovani, lolz :)
<oru_work> so it worked /
<oru_work> ?
<giovani> yes
<oru_work> but why is it still complaining when I do /etc/init.d/mysql restart ?
<giovani> it's not complaining
<AdamDV> BECUASE INIT IS DEPRECATED!
<giovani> it's informing you that you're using the old method
<AdamDV> Its telling you that, that its being deprectated for upstart, aka service.
<AdamDV> Its not like init fails when you restart it that way, it just warns.
<AdamDV> Its not fatal ffs.
<oru_work> hmm
<oru_work> phpmyadmin doesn't start
<oru_work> this is what I see when I point my browser to phpmyadmin Cannot start session without errors, please check errors given in your PHP and/or webserver log file and configure your PHP installation properly.
<oru_work> here is what i get. http://www.pastebin.org/386395
<kirkland> ccheney: http://launchpad.net/uec-provisioning and lp:uec-provisioning
<ccheney> kirkland, thanks
<lau> i am trying to re-bundle an existang aws ec2 ubuntu image ami-2d4aa444 i get this same error http://developer.amazonwebservices.com/connect/message.jspa?messageID=179635
<lau> I tried placing the new sources.list in sources.list.d but still the same error when re-bundling an ami any idea ?
<kirkland> ccheney: i've given you commit access on that branch
<ccheney> kirkland, ok
<nxvl> zul: i think so
<zul> nxvl: k just double checking
<nxvl> zul: LP: #598862
<MTecknology> How can I see what params were used to launch a command?
<uvirtbot> New bug: #603192 in apache2 (main) "install of libapache2-mod-php5 may not result in enabled php" [Undecided,New] https://launchpad.net/bugs/603192
<SpamapS> twb: still around?
<twb> Yeah
<SpamapS> twb: https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/537133
<uvirtbot> Launchpad bug 537133 in mountall "mountall issues with NFS root filesystem" [Medium,Confirmed]
<SpamapS> twb: did you see that?
<twb> Looking
<twb> That sounds like my bug
<SpamapS> yep
<twb> What's the lp equivalent of "bts subscribe NNNNNN"?
<SpamapS> click "Subscribe" ? ;)
<SpamapS> actually
<SpamapS> click the little ! next to "does this bug affect you?"
<twb> I'm not logged in, because that would require me to maintain a distributed cookie database across a large number of browsers and hosts
<SpamapS> err.. you don't have even one openid provider?
<twb> I don't understand the trust model of openid, so I can't use it
<twb> AFAICT it requires me to trust root on the openid provider's host
<twb> Even so, that wouldn't work across multiple browsers
<SpamapS> twb: as opposed to trusting root on *everybody you log in to"'s host?
<SpamapS> twb: OpenID would have you logging in once on each browser.
<twb> Huh?  *I* am root on my own machines.
<twb> But my own machines do not run OpenID servers
<SpamapS> twb: You're saying you never log in to any web services ever?
<SpamapS> btw you can run your own OpenID provider
<twb> Doesn't that require me to have a public IP address?
<SpamapS> and never give anybody your auth details.
<Jeeves_> !launchpad-- # Freezes my browser for a second of five
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<twb> And last time I looked, the only OpenID server implementations were PHP, which I sure as shit aren't going to allow on my machines...
<SpamapS> twb: yes you would need to run one server that the consumers can ask for auth tokens
<SpamapS> twb: thats just FUD
<Jeeves_> Who needs openid if your browser can remember passwords
<SpamapS> twb: http://wiki.openid.net/Run-your-own-identity-server
<twb> Jeeves_: my browser can't.
<Jeeves_> I don't want to sign in just once. That means if someone else somehow ever know's my password, he can do the same
<SpamapS> Jeeves_: who needs a browser when a post it on your monitor can remember your one password that you use everywhere? ;)
<Jeeves_> twb: You're running netscape 3?
 * ccheney really hates firefox, its eating my system
<Jeeves_> SpamapS: I don't use one password
<twb> Rather, they can usually parse .netrc, but that's for HTTP/SSL, not for the stupid shitty form behind it
<twb> Jeeves_: no, wget, curl, GET, w3m, emacs-w3m, html2ps, midori, opera, and if all else fails, firefox 1.5 -- in roughly that order.
<twb> I quite liked galeon back before gnome took control of it
<Jeeves_> twb: Cool. You run Gentoo right, and you love SM? :)
<twb> No, I love UIs that are consistent across multiple websites, that automatically filter out useless content like images and iframe advertisements
<SpamapS> twb: I like that you're using a ton of software. I do think OpenID would actually work out well for you.
<SpamapS> useless
<SpamapS> hahahaha
<twb> The web developer isn't allowed to tell me how a page should look.
<SpamapS> dude, serious lolz ..
<Jeeves_> twb: You also use sciccors when reading the newspaper?
<Jeeves_> Who the hell does this editor think he is! Arranging the newspaper for me!
<twb> SpamapS: btw, the solution i to send a signed mail with "subscribe trentbuck@gmail.com" to NNNNNN@bugs.launchpad.net
<SpamapS> twb: actually you'd like the reader plugin for chromium
<twb> Jeeves_: if by "newspaper" you mean sites like lwn -- yes, I have the XSLT equivalent of greasemonkey scripts to rearrange the page for me.
<ScottK> twb: OpenID is a MITM attack by design, so PHP should be the least of your concerns.
<SpamapS> twb: yeah, we definitely support people who are reluctant to take the blue pill , aka web 2.0. ;)
<Jeeves_> twb: No, I mean a newspaper. Made in a press, and with paper made of trees. You know, those brown/green things outside your window..
<twb> Jeeves_: that would require me to have a window
<twb> ScottK: yeah, I figured it was something dodgy like that
<twb> ScottK: the local EFF weenie is into it, which is why I perhaps gave it more credence than normal
<ScottK> twb: All the openid coolaid drinkers claim it's not, but I think they just don't actually understand anything about security.
<SpamapS> ScottK: interesting. I did read about the issues with the first implementations, but haven't those been solved by changing the mechanics of the system a bit to ensure you're not ever trusting a consumer site w/ your auth credentials?
<ScottK> twb: So I hand your web site my LP OpenID credentials and you check with LP and become I'm convinced I'm who I say I am.  What prevents you from reusing those credentials to log into LP, donning my archive adminstrator hat and accepting arbitrary code into the archive?
<twb> ScottK: hum.  I assumed it was at least unidirectional
<ScottK> SpamapS: How do I know I'm really talking to LP and not a forged replica?
<twb> i.e. more like a kerberos tgt
<ScottK> twb: It's slightly more complex since in theory the redirect me to LP and I give the information to LP directly, but I don't really know for sure where they are redirecting me too.
<SpamapS> ScottK: SSL certs are the only recourse there.. but I'm more interested in your replay scenario.
<twb> We should just use Kerberos to log into websites
<ScottK> SpamapS: I really haven't looked at it in detail for quite some time, it may be better now.
<twb> Wikipedia was talking about some next-gen replacement for openid + some other thing
<SpamapS> ScottK: if you put your username/pass into a site without checking to see who owns the cert, then you pwned yourself. ;)
<ScottK> SpamapS: Anything that depends on users reading SSL certs if full of fail.
<ScottK> They probably wouldn't get me, but I'm unusually careful about such things.
<SpamapS> ScottK: its the web. What other security paradigm is there?
<twb> On that subject, is anyone else annoyed about the lack of information about the requested action in gnome's replacement for gksu?
<ScottK> twb: I'm not annoyed at all.
<twb> "org.gnome.dbus.rhythmbox has asked to do something!"
<twb> I can't work out how to make it say "...has asked to install ffmpeg" or so
<Jeeves_> twb: You're not using gnome, right?
<ScottK> SpamapS: It would be much better from a security design perspective if the user went directly to the openID provider and the openID provider contacted the site they wanted to access.
<twb> Jeeves_: I'm not, but I have to make SOEs for prisoners who do
<SpamapS> ScottK: a lack of convenience will mean users just won't use the system.
<ScottK> SpamapS: Convenience over security has got us into a mess.
<SpamapS> into what mess?
<SpamapS> entering a user+pass per website isn't happening because of user convenience. *that* is the mess.
<SpamapS> users hate that
<SpamapS> and they make the wrong choice every time, reusing passwords over and over
<twb> What I hate is some fucker like launchpad requiring me to "log in" simply to provide them feedback about what isn't working
<twb> I should be able to just give my email address.  If I'm lying, let the spam system handle it.
<Jeeves_> twb: Did you happen to learn about a thing called spam?
<Jeeves_> I mean, a captcha won't work for you either
<SpamapS> twb: anonymous feedback is great, but I think its reasonable to ask that you provide a way to contact you for more information.
<twb> SpamapS: which is not the same as making me remember a password
<SpamapS> twb: and you *can* just provide us with your OpenID URL.
<SpamapS> or like you said, a signed email
<twb> I can't give you a signed email until I first log into the web UI
<ScottK> twb: What I find more annoying are requirements for authenticated access to just to read public data in the LP API (that may have been fixed, not sure)
<SpamapS> ScottK: thats not to prevent anonymous reading, but to prevent abuse.
<twb> It also annoys me how EVERY time I go from a public, read-only page on https://wiki.ubuntu.com to, say, google, my browser modally warns me I'm going ssl->non-ssl
<ScottK> SpamapS: There are lots of best practices around doing that without requiring authentication.
<twb> I don't know why ubuntu's wiki needs to be uncachable
<SpamapS> twb: you can of course turn that message off, or play with google's new SSL access. ;)
<SpamapS> ScottK: actually thats bug worthy.. file one.. on.. launchpad. ;)
<twb> SpamapS: I can turn it off by main force, but not fine-grained enough to avoid false negatives
<ScottK> SpamapS: It also creates security risks for me because I need to give more code more access to my ID.
<SpamapS> twb: ubuntu's wiki is in SSL for the authenticated source, not for the encryption.
<ScottK> SpamapS: I'm on hiatus on launchpad bugs.  If I filed a bug every time LP annoyed me, I'd never do anything else.  Feel free to file one and quote me though.
<twb> SpamapS: eh?  What does that guard against?
<Jeeves_> ScottK: Indeed, Launchpad as an idea is great. But it usually just sucks :(
<SpamapS> twb: well unless somebody compromises the ssl cert, you know its coming from the owners of Ubuntu.com ;)
<twb> I don't need to know that.
<SpamapS> twb: or of course, unless somebody compromises your CA list. ;)
<twb> I'm quite happy for unreliable third parties to give me useful suggestions about fixing cock-ups in ubuntu
<SpamapS> twb: well the maintainers of wiki.ubuntu.com think its important, whether you need it or not.
<twb> It's not like I run stuff from wiki.ubuntu.com without testing it -- that'd be nuts
<ScottK> Jeeves_: I won't even go that far.  Getting Fedora related comments on bugs I'm working on because of some great integration thing has never once helped me.  It just clutters my inbox.
<SpamapS> twb: think about it.. MITM puts up commands for noobs to send him /etc/shadow via email in the middle of HOWTO's ..
<twb> SpamapS: yes, but I'm not a noob, so I should be able to CHOOSE not to use SSL
<twb> SpamapS: w.u.c actively forces me to use SSL for EVERYTHING
<jpds> ScottK: You can use the Launchpad API anonymously.
<Jeeves_> twb: What a life you must have.
<SpamapS> twb: ohnoes
<ScottK> jpds: Then maybe someone was doing it wrong, but I've been asked for credentials to read data.
<Jeeves_> twb: Do you complain in the store as well? "Which *** forces me to use dollars everytime!? I'm SMART, I should be able to CHOOSE the currency I pay in!"
<jpds> ScottK: >>> from launchpadlib import launchpad
<jpds> ScottK: >>> lp = launchpad.Launchpad.login_anonymously("hi")
<twb> Jeeves_: I haven't yet, because I haven't found a store that wouldn't take my preferred currency.
<Jeeves_> twb: So you *do* get outdoors? :)
<SpamapS> Jeeves_: play nice.
<twb> SpamapS: don't worry about it, man
<Jeeves_> SpamapS: I'm always nice. :)
 * jpds prods Jeeves_.
<SpamapS> I have a lot of respect for twb and scottk's positions. They have important things to do, and they are not interested in flowery 90% solutions.
<twb> Saying "nice" when you mean "pleasant" isn't nice at all.
 * twb points wildly at _Good Omens_)
<twb> SpamapS: I have important things to do; I just don't do them ;-)
<zul> hey mathiaz
<twb> SpamapS: but I'd draw your attention to quote #3 of http://en.wikiquote.org/wiki/George_Bernard_Shaw#Sourced
<RFleming> Good morning.
<RFleming> Any squid/sarg proxy admins here?
<ScottK> jpds: I remembered what it was.  It's pull-lp-source in ubuntu-dev-tools.  It needs authorization to get source from other than the current development release.
<ScottK> Gotta run.
<mathiaz> zul: o/ - how hot is your part of canada?
<SpamapS> twb: I missed the levity. ;)
<RFleming> I'm trying to figure out why sarg-reports isn't generating reports from cron :)
<RFleming> mathiaz, my part of Canada is a steamy 30 at the moment.
<zul> mathiaz: its pretty hot...but im down the street from you
<jpds> ScottK: That seems to have been fixed.
<mathiaz> zul: hm down?
<mathiaz> zul: you've come all the way to montreal for air conditioning?
<zul> mathiaz: well probably up the street is the more correct term
<zul> mathiaz: no i had other things to do as well ;)
<mathiaz> zul: cool - I'll catch up with you later today
<mathiaz> zul: I'll stop by in the afternoon
<zul> mathiaz: sounds good
<mathiaz> zul: when do you leave?
<zul> mathiaz: 4pm
<uvirtbot> New bug: #603211 in apache2 (main) "Apache fails to start after reboot due to missing /var/run/apache2 direcotry when ssl is enabled " [Undecided,New] https://launchpad.net/bugs/603211
<alex88> hi guys, on 9.04 for share internet i type "/sbin/iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE" now on 10.04 it says "iptables: No chain/target/match by that name." any clue?
<alex88> i've installed csf firewall like on 9.04
<alex88> also i'm running on a vps
<serverhorror> alex88:  "iptables -t nat -L" works?
<SpamapS> you know.. given that Amazon charges by "the box is up" or "the box is down" ..
<SpamapS> wouldn't it be a good thing to do to run seti@home niced on all EC2 instances? ;)
<serverhorror> SpamapS:  why would I burn my precious cpu cycles which the company pays for to seti? Just to run into some strange performance problems?
<osmosis> what is the relationship between apache ServerLimit and MaxClients?
<SpamapS> serverhorror: clearly you're just not ready to meet E.T. ;)
<SpamapS> osmosis: Depends on which apache MPM you are working with
<serverhorror> osmosis:  http://httpd.apache.org/docs/2.0/mod/mpm_common.html#maxclients
<SpamapS> osmosis: but in general, ServerLimit is the limit on the number of httpd processes that will be running, while MaxClients is the limit of http requests that will be serviced at one time.
<SpamapS> serverhorror: and really, nice and CPU-only processes.. is it really going to give you "some strange performance problem" ? Unix has been doing nice since the Nixon administration. ;)
<serverhorror> osmosis:  actually http://httpd.apache.org/docs/2.0/mod/mpm_common.html#serverlimit explains that better than the previous link. Upstream docs for httpd are one of the best available...
<SpamapS> serverhorror: SETI's a bad idea though, how about protein folding or something to help cancer research? :)
<serverhorror> SpamapS:  I just don't see a reason to put more on the server than necessary. After all it's me that has to get up at 2am for one reason or another, and once any of those boing! (or whatever they call it now) processes is the reason I can assure you they're gone in no time...
<serverhorror> s/is the reason/are the reason
<serverhorror> SpamapS:  but I'm pretty sure you could just suggest that to google. They'll be pretty happy to use that suggestion, they have tons of computational power lying around for nothing...
<SpamapS> serverhorror: do you actually run any EC2 instances?
<serverhorror> nope, I run rackspace
<SpamapS> right, so .. ec2 is a little different.. ;)
<serverhorror> and a few hundred of our own :)
<SpamapS> but really..
<SpamapS> it was a joke. Thank you for taking it seriously.. I feel special. :)
<serverhorror> SpamapS:  not that much actually. The main difference is that if an EC2 instance goes down it's gone. rackspace keeps those persistent
<zul> SpamapS: ping need your opinon on something
<SpamapS> zul: bring it
<serverhorror> .oO(why do I always fall for those topics - I have a feeling I'm taking computer stuff to serious lately)
<zul> SpamapS: im going to be converting the apache init script to upstart which means we loose stuff like /etc/init.d/apache2 graceful, should we have a wrapper script that has the same functionality
<SpamapS> zul: you can't have arbitrary arguments to 'service ' somehow passed to upstart?
<zul> SpamapS: not afaik no
<Kaffien> if i'm using a usb hard drive cart type device do i have to use automount?  or does ubuntu mount usb devices another way now?
<SpamapS> zul: I don't think a wrapper in init.d is the best thing, other than to maybe tell people "init.d is deprecated please use apachectl"
<zul> SpamapS: yeah thats an option as well
<zul> i was thinking of a wrapper for apachectl or something...meh
<SpamapS> zul: well apachectl should be in the path
<serverhorror> zul:  at least the manpage of service says that COMMAND can be arbitrary. Thou I have no idea about upstart yet
<SpamapS> zul: /win 10
<SpamapS> damnit
<osmosis> how can I view the changelog for a update before installing it?
<serverhorror> osmosis:  apt-listchanges is your friend
<osmosis> if i look at the changelog for  linux-image-server ...all it says is  * Lucid ABI 23
<serverhorror> so?
<serverhorror> bah! fck UEC...I'll just script the stuff myself
<ScottK> jpds: Good to hear it's fixed.  Maybe I'll try it again.
<agentbob> have anyone here ever got zend optimizer working on ubuntu?
<agentbob> i'm having a problem getting zend optimizer to work on my server... i've tried removing everything possible extension and nothing seems to help... i just get lots of random segfaults with zendopt installed... anyone ever run into this? i'm thinking maybe suhosin patch is messing with zo
<rsr> Hi, I have a server running ubuntu-server 10.04. I have installed squid on it and it is working fine I have now installed ebox with all its modules. My goal is to manage proxy and firewall through a web interface. Am I approacing it the right way?
<rsr> it is installing 96 mb of ebox packages
<milk_> can anyone help me with mysql apache and myphpadmin. when i login i just get an error Cannot start session without errors, please check errors given in your PHP and/or webserver log file and configure your PHP installation properly.
<Roasted> anybody ever set up freeradius? kind of stuck @ the ntlm_auth part
<RoyK> milk_: can you pastebin errors from the log file?
<RoyK> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<Roasted> RoyK, were you the guy I talked to late last night??
<milk_> RoyK: where is the log file located ?
<RoyK> milk_: /var/log/apache2
<milk_> RoyK: http://pastebin.com/eDZ5aS7C
<Roasted> freeradius, anybody?
<sjm> RoyK, you missed milk_ 's response:  http://pastebin.com/eDZ5aS7C
<RoyK> milk_: [Thu Jul 08 17:45:42 2010] [error] [client 127.0.0.1] File does not exist: /usr/share/phpmyadmin/scripts <-- that should give you a hint :)
<milk_> i figured it out
<milk_> thanks
<milk_> now i have another problem.. how do i make a new super user
<milk_> ?
<sjm> milk_, in what context?  for the linux box, for mysql, for .... ??
<milk_> mysql i think
<milk_> i think i accidentally deleted the root account :D
<sjm> milk_, you should be able to GRANT appropriate priviledges for whatever user you want in phpmyadmin
<milk_> cant log in ..
<sjm> milk_, try: http://ubuntu.flowconsult.at/en/mysql-set-change-reset-root-password/
<RoyK> sjm: if he has deleted root from the user table, he might want to 'grant all on *.* to root@localhost identified by 'newpass' with grant option' after restarting mysql
<bogeyd6> i dont think there is even a need for a root user
<milk_> how do i do that ?
<milk_> sjm: this doesnt seem to be working
<RoyK> milk_: see the url above - disable grant tables and grant all rights to a new users, root or not
<RoyK> remember to restart mysql after creating the new user, or everyone can get in with full superuserrights
<milk_> i still cant login
<RoyK> login as an existing user - not root
<milk_> i dont understand
<RoyK> http://dev.mysql.com/doc/refman/5.0/en/server-options.html#option_mysqld_skip-grant-tables
<RoyK> milk_: did you remove the root account from the user table?
<milk_> RoyK: i think so.. stupid i know
<Roasted> anybody got experience with freeradius?
<RoyK> Roasted: running it, yes, but not familiar with that module you're using
<Roasted> RoyK, what module are you referring to?
<RoyK> ntlm_auth
<Roasted> ntlm_auth is what I've been finding on every guide to set up freeradius....
<Roasted> as far as adding a linux freeradius server ot a windows domain
<RoyK> wouldn't it be easier to let windoze handle radius?
<Roasted> sure would
<RoyK> afaik it can do that from around win2k
<Roasted> except theres a known issue with windows radius
<Roasted> they dont reauthenticate after 30 days, they just drop the laptops
<Roasted> its a known issue and no fix is in sight
<Roasted> meanwhile, everybody Ive talked to swears by using freeradius. evidently it works better in a lot of aspects beyond the 30 day bug we ran into
<Roasted> so here Iam, giving it a go :P
<RoyK> heh - that's a bitch
<Roasted> tell me about it
<Roasted> I got the ubuntu box on the domain and everything
<Roasted> but the next step says to run a command with ntlm_auth blah blah blah blah blah
<Roasted> it fires back an error...
<RoyK> what did you use? just ldap+kerberos?
<Roasted> hence my sudden desire to drink heavily
<Roasted> I set up samba + kerberos n this box
<Roasted> I didnt see anything about ldap
<RoyK> ok
<RoyK> out of interest - does that use windows IDs or just mapping to unix IDs?
<Roasted> what do you mean windows IDs?
<RoyK> user IDs, I mean
<Roasted> not sure I follow - I didnt set up any users or deal with users yet
<RoyK> I mean, when users store files on samba shares, does ubuntu use windows UIDs or does it map to unix IDs?
<Roasted> oh, we dont use samba for file server services
<RoyK> I think it maps ... opensolaris doesn't :)
<RoyK> ah
<Roasted> samba has other things bundled with it that helps in the radius process
<RoyK> ok
<RoyK> ic
<Roasted> this box Im setting up is dedicated to radius
<Roasted> we have a windows storage server, blah blah
<RoyK> we don't use windows for storage - too many unix (linux and (open)solaris boxes) - windows nfs isn't really very good
<Roasted> well, were in a school district with windows clients
<Roasted> before I started, there were no linux servers
<Roasted> we dont even have any macs anymore
<RoyK> well, good thing you started, then :)
<Roasted> lol
<Roasted> well I didnt have much involvement with our one linux server
<Roasted> however
<Roasted> that server + an open source free app on it has saved the district around 300,000 dollars
<Roasted> so yeah, the rest of the department is starting to think more highly of linux and its capabilities - whihc is why were trying to use freeradius to patch an MS problem with their version of radius.
<Roasted> its just a bit of a headache
<RoyK> we're setting up this rather nice HA cluster for storage on Nexenta soon - 40TB (or 48) on the big boxes
<RoyK> zfs rocks!
<Roasted> we were having a dns issue a while back
<Roasted> I almost wonder if thats why its failing to authenticate
<Roasted> god troubleshooting sucks on 3 hrs of sleep
<RoyK> heh - no use, really - get more sleep and you'll work faster
<Roasted> its either this or I get back to wiring. its 91 degrees, and to save power they shut off AC in the rest of the building.
<Roasted> Im a fan of AC today, which is why Im trying ot crack this bastard. :P
<uvirtbot> New bug: #603285 in dovecot (main) "Please convert init script to upstart." [Undecided,New] https://launchpad.net/bugs/603285
<milk_> im still having a problem
<SpamapS> mathiaz: if you wanted to sponsor something for me.. https://code.launchpad.net/~clint-fewbar/ubuntu/maverick/cloud-init/glusterfs-mount-example/+merge/29490
<mathiaz> SpamapS: cool
<mathiaz> SpamapS: merge proposal grabbed
<Roasted> NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc000005e)
<Roasted> quick, someone. stab me in the face.
<milk_> RoyK: will reinstalling reset everything ?
<SpamapS> mathiaz: thanks! :)
<RoyK> milk_: apt-get remove --purge mysql-server might help, yes, but it'll destroy any databases you have
<milk_> RoyK: ok :D thanks
<Hypnoz> It seems logrotate is rotating logs, but the apps like mysql and apache don't feel like giving up the old file handle and using the new one, and continue writing to a file that is open, but not listed with "ls" in the directory
<Hypnoz> this is causing my /var mount point to grow very large, even though du -sh shows it as being fairly small, because the file handle never closes for apache and mysql logs
<Hypnoz> Once i stop the mysql or apache process completely (in the case of apache, sometimes having to do a kill command), the file handle closes, and the volume regains that free space
<serverhorror> Hypnoz:  that is normal, most of the daemons do what you want if you send them a signal (mostly SIGHUP)
<Hypnoz> I know apache needs to be reloaded after a log rotate, it's in the logrotate script for apache to to a reload afterwards
<Hypnoz> but it still seems that isn't allowing it to release those open file handles
<Hypnoz> I'm wondering if a apache2 restart is needed instead, which would be much more planning and work
<RoyK> Hypnoz: the logrotate scripts should do this automatically - if they don't, something's wrong in them
<Hypnoz> well I can even manually do an apache2 reload on the server, but that doesn't release the file handles
<Hypnoz> if you do something like lsof | grep /var/log | grep deleted
<Hypnoz> you might see a lot of files
<Hypnoz> all these files that apache can't let go of until the processes is fully restarted
<RoyK> Hypnoz: I haven't seen this sort of problem in a while, but it might be apache is getting a SIGUSR1 where the threads/processes won't be stopped until they're done with what they're doing, and something's hammering the server. changing that to a SIGHUP will stop them and will require a new HTTP request
<RoyK> iirc apache2ctl graceful sends a SIGUSR1 whereas apache2ctl reload sends a SIGHUP
<Hypnoz> hmmm ... i thought reload called apache2ctl graceful in the init.d script
<RoyK> yes, it does
<Hypnoz> but apache2ctl reload is different?
<RoyK> and that doesn't force a restart of anything, it just tells the processes/threads to please restart when done with whatever they're doing
<RoyK> erm - restart
<Hypnoz> ahhh
<RoyK> not reload - my failt
<RoyK> restart sends a SIGHUP, closing things and restarting them
<RoyK> failt - nice, new word
<Hypnoz> i like it. a combination between fail and fault
<RoyK> :)
<RoyK> a typo saves the day :D
<Hypnoz> so what you are saying, which may be true since these servers are really busy with apache, is that apache never gets a break to close it's connections, so a reload may not be enough, a restart may be needed once in a while
<Hypnoz> to force the connections to close, and the new log file handle to be used
<Hypnoz> if the apache connections never get to 0, then the new log file handle will never be used
<RoyK> IIRC new connections aren't accepted after a SIGUSR1, but ongoing connections will remain
<Hypnoz> so new connections should use the new log file, and old connections would use the old file until they die?
<RoyK> I _think_ so, but I'm on rather thin ice now :)
<RoyK> as on #httpd
<Hypnoz> I guess I will try to move this into #httpd then
 * RoyK just joined to see the discussion :)
<SpamapS> mathiaz: alright, submitted to cloud-init directly instead. Thanks for the review. ;)
<osmosis> error installing sun-java.  http://dpaste.com/216084/
<rsr> how can I completely remove ebox and all the things it installed?
<SpamapS> smoser: http://paste.ubuntu.com/460782/
<smoser> hm..
<SpamapS> smoser: results in this fstab http://paste.ubuntu.com/460786/
<smoser> yeah. i just verified broken ness.
<SpamapS> meaning, broken code?
<SpamapS> smoser: http://paste.ubuntu.com/460795/  that works, but.. bleh.. not elegant. :-P
<smoser> i'll get the mounts fixed
<smoser> its a bug
<SpamapS> smoser: ok cool, I have plenty else to do, so no rush. :) should I report it on lp ?
<smoser> sure, why not.
<smoser> its not liking things that don't start with a /
<SpamapS> artifacts are always nice when users go googling for the same problem. :)
<smoser> in an effort to allow "sda3"
<SpamapS> so its treating it like a special thing, 'ephemeral0' or whatever?
<SpamapS> can't report bugs on launchpad
<SpamapS> ok bug 603329
<uvirtbot> Launchpad bug 603329 in cloud-init "mounts option to cloud-config refuses to mount volumes not starting with /" [Undecided,New] https://launchpad.net/bugs/603329
<SpamapS> smoser: have to run for a bit, lets catch up on this tomorrow
<smoser> SpamapS, yeah, theres a comment in the code.
<smoser> the metadata service is really annoyhing in that sometimes a key in it will ('ephemeral0') will have a value of /dev/sda1
<smoser> and other times a value of 'sda'
<SpamapS> smoser: I went ahead and marked the "work" done on my side, and I'll re-visit which example to push into the package during the beta cycle. I also targetted that bug to alpha-3.
<SpamapS> smoser: if you'd like, I can send a mege proposal for the workaround one now, so you can just approve/merge it if you think the bug will be too much (or I can take the bug on too)
<SpamapS> anyway.. have to run.. ttyl
<smoser> just assume that mnt works
<ghost_> is it possible to recover the passphrase used to create a  rsa or maybe dsa key?
<hmca> !kubuntu 10.4 to enterprise Cloud Front-end ubuntu server
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<hmca> Hi all!
<hggdh> do we use to tag bugs as metabugs?
<uvirtbot> New bug: #603363 in openssh (main) "sshd never stops, prevents umount of /usr partition" [Undecided,New] https://launchpad.net/bugs/603363
<ruben23> hi guys anyone familiar with proxmox virtualization..
<SpamapS> ruben23: no what is it?
<ruben23> it is a virtualization platform same as paid version of vmware
<ruben23> able to handle and manage KVM and OPnVZ virtualization.
<ruben23> http://pve.proxmox.com/wiki/Main_Page
<webPragmatist> whats the consensus on where to store apache certs for domains
#ubuntu-server 2010-07-09
<SpamapS> webPragmatist: /etc/ssl/certs ?
<webPragmatist> SpamapS: okay :)
<webPragmatist> next questionâ¦ is it necessary to keep the csr and key/
<webPragmatist> after you have it signed
<SpamapS> webPragmatist: the private key, absolutely, the thing won't work without it.
<webPragmatist> private key is the csr or key part?
<webPragmatist> the first thing you generate?
<webPragmatist> why does deb call them .pem
<webPragmatist> or rather symlink to a .crt using .pem
<SpamapS> the key is what you generate, and then the CSR is a cryptographically verified request to the CA to sign the public portion.
<SpamapS> webPragmatist: thats just old confusing stuff that I've never understood either. ;)
<SpamapS> webPragmatist: the important thing is that you make sure you protect that key file
<SpamapS> webPragmatist: it must have secure file permissions, and preferrably will be encrypted, requiring you to enter a passphrase to start the webserver.
<webPragmatist> so you would put the .key (password protected) and .crt (signed) in /etc/ssl/certs
<webPragmatist> or would you keep the .key somewhere else
<giovani> webPragmatist: it doesn't matter where on the filesystem you keep them, just permission them so that only the apache user can read them
<webPragmatist> i know this i just don't want to look like an ass an put them in /home/poop
<webPragmatist> and*
<giovani> uh
<webPragmatist> :)
<giovani> if you knew it, then you'd know it doesn't matter where you put them
<webPragmatist> giovani: â¦ i'm just trying to put it somewhere logical that someone else might be able to find it
<webPragmatist> just like /etc/ssl/cert makes senseâ¦ but where to put the key may not
<giovani> someone else who's smart would look at the webserver configs
<giovani> as there's no universal storage location
<giovani> but /etc/ssl is as good a place as any for all of the ssl components
<webPragmatist> oh doi
<webPragmatist> theres a private dir
<webPragmatist> although there might not be a universal storage locationâ¦ there's some pretty damn logical places to put things for most things
<giovani> and /etc/ssl has been suggested and discussed over and over
<giovani> so I don't know why we're still talking about it
<lau> stgraber: I am trying to create an lxc lucid i386 image like http://www.stgraber.org/download/lxc-ubuntu-8.04-amd64.tar.gz
<lau> I tried to find some info in the UDS logs but was not able to find any :s
<lau> would you please point me the process you use to build such .tgz file ?
<lau> did you use debootstraping ? which particular switches ?
<b0gatyr> When you feed a file containing a hash to john the ripper you must also have a username with it correct?
<clusty> hey
<clusty> i am trying to host my own dns for a domain and godaddy is telling me my server is not "registered"
<clusty> any clue what that could mean?
<Italian_Plumber1> I'm looking for a guilde for optimizing ubuntu server ... I run a very simple setup and I want to see if there are unneeded services/processes etc. that I can turn off that might improve performance.  The main functions of my server are vmware, bind, and rtorrent.
<Italian_Plumber1> I am the only user.
<qman__> Italian_Plumber1, there is really no need to do such a thing, since ubuntu server is bare by default
<Italian_Plumber1> oic
<qman__> you might want to apply some kernel tweaks to better suit a specific application, but aside from the basic services like syslog, there's nothing else running
<Italian_Plumber1> well it's vmware that I'd really like to tweak for, I guess.  I just feel that my virtual machines could be faster...
<Italian_Plumber1> and other vmware functions, like suspending and unsuspending a machine, should be faster.
<qman__> that's mostly tied to disk performance
<qman__> unless your CPU is anemic
<Italian_Plumber1> well, is there a way to improve disk performance?
<qman__> get faster disks
<qman__> or change filesystems, if you're using a particularly slow one
<Italian_Plumber1> ext3
<qman__> well, ext3 is a particularly slow one, on a relative scale
<qman__> it forgoes modern performance tweaks for simplicity and reliability
<Italian_Plumber1> ok well have to go.  bedtime.  thanks for the pointers
<Roxyhart0> hi there i am getting this error: init: network-interface (eth0) pre-start process (535) terminated with status 1
<Roxyhart0> somebody know why this error, i cant even start the server, it start when i add a network card
<webPragmatist> should i use ssl-cert-snakeoil.key for anything?
<webPragmatist> or should i always gen my own key file when creating a ssl cert
<Roxyhart0> why when i add a new network card i got the error  init: network-interface (ethX) pre-start process (535) terminated with status 1 ?
<twb> Hum.  Apparently I don't have such a file.
<twb> Nor is "snakeoil" in any path in Debian Sid, which is puzzling, because I've seen it before.
<qman__> the snakeoil file is a key you should never use in the real world
<qman__> it is known by everyone and therefore renders your encryption vulnerable
<qman__> it's there and packages use it to 'just work' without throwing errors
<qman__> but you should always replace it
<qman__> I just soft linked that filename to my real key, to avoid changing all the config files
<CaptainTrek> whats the command to locate where something was installed?
<CaptainTrek> in terminal
<lifeless> what do you mean by 'where something was installed' ?
<CaptainTrek> lifeless:  to locate where a package installed the core program files to.
<lifeless> dpkg -L packagename will tell you all the files a package contains
<CaptainTrek> got it thanks
<uvirtbot> New bug: #603466 in nagios3 (main) "Please merge nagios3 3.2.1-2(main) from debian unstable(main)" [Undecided,Confirmed] https://launchpad.net/bugs/603466
<xampart> i'm sharing a directory, which contains user/Maildir -directories. they show up properly on remote host, but everything under user/Maildir is not showing. any resolutions?
<xampart> with nfs
<binBASH> GrÃ¼ezi Aison
<Aison> hallo
<xoen> hi all, I'm going crazy with a problem about .ICEauthorithy
<xoen> sorry, .ICEauthority
<Jordan_U> xoen: Have you been using sudo with graphical applications?
<xoen> Jordan_U: don't know the account where there is the problem are not mine
<xoen> The machine where there is the problem has different users
<xoen> I've set up a xrdp server and some user can access some not
<Jordan_U> !gksudo | xoen
<ubottu> xoen: If you need to run graphical applications as root, use Â« gksudo Â», as it will set up the environment more appropriately. Never just use "sudo"! (See http://psychocats.net/ubuntu/graphicalsudo to know why)
<xoen> I've noticed the users can access has the .ICEauthority file, the other not
<xoen> ubottu: I know gksudo
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<xoen> Jordan_U: I know gksudo
<Jordan_U> xoen: It's likely that which ever user is having this problem has been using sudo with GUI applications, educate your users or don't allow them to use sudo.
<xoen> Jornan_U: Have to be fair, the problem is not on an ubuntu server but on an RHEL server, but it should be distribution indipendent...
<Jordan_U> xoen: You can fix the problem by chowning .ICEauthority back to them instead of root, but the problem will come back if they keep using sudo with GUI apps.
<xoen> Jordan_U: I think it's a problem of permissions...but not so trivial
<xoen> I mean, from root I can't run #chown -R username:username /home/username
<xoen> !
<alex88> hi guys..i've ubuntu server 10.04, is possible to install a light desktop manager and connect via vnc or something else?
<xoen> Jornan_U: maybe I've found a solution for my problem, the .ICEauthority file is created the first time the user login by the X server, so I will try to log in every user phisically and see if this fix the problem. BTW thank you very much ;)
<Jordan_U> xoen: Please don't ask RHEL questions in #ubuntu-server again, it can often waste people's time when instructions that should work for Ubuntu fail to work for you (one person in #ubuntu wasted 2 hours with 3 people helping him because he was using backtrack but wouldn't admit it).
<xoen> Jordan_U: but I've just asked information about ~/.ICEauthority, a file present in every distribution
<alex88> Jordan_U: hhahaha.. :)
<Jordan_U> xoen: If you feel that Ubuntu has better community support that is a reason to use Ubuntu, not a reason to ask RHEL questions in Ubuntu channels.
<xoen> Jordan_U: is not Ubuntu GNU/Linux too?
<Jordan_U> xoen: You can't easily know that a question is not distribution specific unless you understand the problem. If you had understood the problem you wouldn't have needed to ask the question in the first place :)
<xoen> Jordan_U: But I've not asked about the .ICEauthority because it can't be created easily and I didn't found nothing in internet, BTW I'm sorry if my question created some problem to someone, I'm sorry
<xoen> *I've just asked...
<alex88> and also this is not #GNU/linux so if you have that problem not on ubuntu we are not here to help you
<Jordan_U> !mint | xoen
<ubottu> xoen: There are some Ubuntu derivatives that we cannot provide support for due to repository and software changes. Please consult their websites for more information. Examples: gNewSense (support in #gnewsense), Linux Mint (see !mintsupport), LinuxMCE (support in #linuxmce), CrunchBang (support in #crunchbang), BackTrack (support in #backtrack-linux)
<alex88> btw i think there is no problem
<xoen> :(
<Jordan_U> xoen: And that message is only related to Ubuntu based distros, you can see that RHEL is a much more different beast :)
<Jordan_U> xoen: #linux is often good for general linux support.
<xoen> OK, sorry if I disturbed here
<alex88> so..no help about my ubuntu question? :P
<alex88> j/k
<christopher22> hello I aksed this question on the Python channel.. but they redirected me to this channed..
<christopher22> i'm having some problems with the locale settings of Python
<christopher22> I keep getting: unsupported locale setting
<christopher22> so I was wondering how I could see which locales are supported by my Ubuntu server
<alex88> christopher22: try sudo dpkg-reconfigure locales
<gdowle> Hi, I cannot use my Metakeys, which are defined in /etc/inputrc, under X. On a console everything works fine. On a SLES machine with the same /etc/inputrc, the Metakeys are also working under X.
<amagee> hey i'm following https://help.ubuntu.com/community/EC2StartersGuide to try and get ubuntu 10.04 setup on ec2
<amagee> i'm up to step 2 in "Installing the API tools", where it says to use the path $HOME/<where your private key is>/pk-XXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem in .bashrc
<amagee> but i don't know what this file is supposed to be.  is it the same .pem file i created and used to connect to the server?
<alex88> amagee: just try
<alex88> :)
<amagee> ah.. is that the x.509 certificate?
<amagee> ok it's starting to make a bit more sense
<amagee> i think the problem is that the instructions to get the x.509 are wrong, so i thought that the key that i generated with "key pairs" was what they were talking about in the later step
<amagee> another question:  i've just tried to install xfs by "sudo apt-get install xfs", which seemed to be successful, but i then type "sudo modprobe xfs" it says "FATAL: Module xfs not found."
<soren> amagee: Two problems:
<soren> amagee: xfs is the X font server. It's got nothing to do with the XFS filesystem.
<soren> amagee: You want xfsprogs
<amagee> sorry, yeah, that's what i meant.  i installed that.
<soren> amagee: and, the module is in the kernel package, not the xfsprogs package.
<soren> amagee: So availability of the xfs kernel module depends on the kernel package installed.
<soren> amagee: which kernel are you using?
<amagee> i'm not sure.. how do i find out?
<soren> uname -r"
<soren> gives a hint.
<soren> Without the ".
<amagee> 2.6.32-305-ec2
<soren> Ah.
<soren> Don't know about those.
<amagee> what would you suggest i do?
<soren> Wait for someone who cares about EC2 :)
<amagee> heh
<amagee> i might just use ext4 for the time being
<a_ok> can someone please for the love of ubuntu tell me WHERE I can configure this: https://help.ubuntu.com/community/DisklessUbuntuHowto#Static IP
<a_ok> I have seen this notation in about 7 different locations but never ever is mentioned where you are supposed to put it
<benedikt_> Where does KVM/libvirt like to store the virtual disks?
<benedikt_> I'm wondering how to map the filesystems over different disks
<pmatulis> benedikt_: /var/lib/libvirt/images
<benedikt_> thanks!
<a_ok> benedikt_: you can specify the location of your image any time
<benedikt_> is "virtualization" in tasksel kvm and libvirt?
<benedikt_> a_ok: i know, i just like to keep default settings, otherwise it always end up in a big mess
<pmatulis> benedikt_: yes
<a_ok> benedikt_: we are using luns on a San so not much of a choise or a mess here
<Pici> a_ok: It looks like you can specify those options as kernel parameters. See #2 here: http://fscked.org/writings/clusters/nfsroot.txt
<pmatulis> a_ok: also, bug #175324 is marked as fixed
<uvirtbot> Launchpad bug 175324 in klibc "Klibc: ipconfig fails on network with DHCP relays" [Medium,Fix released] https://launchpad.net/bugs/175324
<a_ok> Pici: thanks that actually makes sence. now I only need to know how to configure it with grub2
<a_ok> pmatulis: Actually I am booting from iSCSI. That is something that seems to be untested (had to modify the initrd init script so the drivers where loaded). Besides I am using a seperate network to the San that has no dhcp
<a_ok> Do i need to add the parameter to the linux line or start a new line starting with ip?
<pmatulis> a_ok: the kernel line
<a_ok> pmatulis: thanks
<pascalou> hi here, anyone around using  clonezilla or some similar tool?
<guntbert> !anyone | pascalou
<ubottu> pascalou: A large amount of the first questions asked in this channel start with "Does anyone/anybody..."  Why not ask your next question (the real one) and find out?
<pascalou> well, i d like to know if i can make/edit a dvd/usb stick of typically clonezilla which would allways get me a french menu with french keyboard, mounting always the same samba share and giving 2 options with the images there,  clone from a chosen images from repository , make a ghost and upload it to the repository
<zul> if something is running from inetd say like a dovecot server it should show up when you do a netstat -atuvpn?
<Brumle> zul: only inetd would show up there listening on the ports configured for dovecot. Be it imap or pop ports
<alvin> Is there an smb.conf option to give certain hosts read-only access? (like 'hosts deny', but with read access)
<Daffy_> Has anyone got any experience with tinyproxy?
<zul> jcastro: ping
<jcastro> pong
<zul> jcastro: have you seen this for daily builds? http://launchpadlibrarian.net/51625554/buildlog.txt.gz
<jcastro> the aptitude thing
<jcastro> yeah, iirc I saw someone with a branch working on it? maybe lamont?
<katsa> hello
<katsa> anyone encountered a "Could not open the requested SVN filesystem" error with subversion before?
<katsa> nvm, found the problem
<hallyn> kirkland: gr, lh clean --binary && lh build  is rebuilding my chroot.  FAQ said it would leave my chroot!
<kirkland> hallyn: grr, yeah, i just start clean every time
<kirkland> hallyn: it only takes me 8 minutes to build from scratch here
<hallyn> kirkland: yes but i hand-built an initrd.img that i wanted tostick in there
<kirkland> hallyn: ah
<kirkland> hallyn: talk to Cody, if you hit lh troubles
<kirkland> hallyn: he knows it well
<kirkland> hallyn: maybe find him in #ubuntu-devel or somewhere
<SpamapS> lh?
<kirkland> hallyn: sorry, cody-somerville on IRC
<kirkland> SpamapS: live-helper
<SpamapS> cool
<SpamapS> kirkland: did you use that to build the USB key image?
<webPragmatist> if my rsync is stuck at sending incremental file list how can i troubleshoot this
<SpamapS> webPragmatist: did you give it '--progress' or '-P' ? that usually shows how fast its going/how long it has to go
<webPragmatist> ya
<webPragmatist> i'm try running it too
<webPragmatist> dry*
<SpamapS> webPragmatist: ahh is it a giant list of files?
<webPragmatist> ya probably
<webPragmatist> can i get disk usage like iftop
<SpamapS> iostat works for that
<webPragmatist> rather disk write/reads
<SpamapS> oh per process? not sure, maybe 'atop' but that one requires kernel patches I think.
<webPragmatist> iostat doesn't exist/
<SpamapS> webPragmatist: vmstat 5 5
<webPragmatist> uh hrm
<webPragmatist> atop no clue how to read this
<SpamapS> webPragmatist: RDDSK/WRDSK
<SpamapS> thats the stats on IO for that process
<webPragmatist> this vmstat stuff i guess bi and bo
<webPragmatist> are the important
<SpamapS> webPragmatist: yeah. "in" can also be interesting, interrupts.
<webPragmatist> well it's like nothing like 200
<webPragmatist> my guess is its not really creating this list
<webPragmatist> its just stuck
<SpamapS> webPragmatist: probably waiting for the other side
<SpamapS> webPragmatist: you can try running it with 'strace rsynx blah blah'
<SpamapS> webPragmatist: but that may overwhelm you with information. ;)
<webPragmatist> better than nothing
<webPragmatist> its stuck trying to "select()" a dir
<SpamapS> webPragmatist: no, select() doesn't really work on dirs AFAIK
<SpamapS> webPragmatist: select() would be on a socket/file waiting for activity
<SpamapS> webPragmatist: probably the remote connection
<webPragmatist> well what it says is select(6, [5], [], NULL, {60, 0}) = 0 (Timeout)
<webPragmatist> 6 i guess is the dir name
<SpamapS> no
<SpamapS> webPragmatist: 'man select'
<SpamapS> webPragmatist: 6 is the number of files to "select"
<SpamapS> webPragmatist: [5] is the array of file descriptors .. so just 5
<webPragmatist> oh i thought it was just a function in rsync
<SpamapS> webPragmatist: you'd need to see where open() or socket() returned = 5
<SpamapS> webPragmatist: no, strace only shows syscalls
<webPragmatist> i see
<SpamapS> webPragmatist: its one of those things that I've decided *I CANT LIVE WITHOUT* ;)
<webPragmatist> so whats your guess on whats happening?
<webPragmatist> local io error or remote?
<SpamapS> webPragmatist: I'd check the remote box out in the same way you're checking the local one
<webPragmatist> would you just run the rsync in revers?
<SpamapS> webPragmatist: no
<SpamapS> webPragmatist: go to the other box, and run things like 'top' and 'vmstat' and see what that box is doing
<webPragmatist> eventually i got something like write failed broken pipe blah blah one sec i'll psatie
<webPragmatist> pastie*
<webPragmatist> SpamapS: poo eventually i got http://pastie.org/1037672
<webPragmatist> after a bunch ot timeouts
<SpamapS> webPragmatist: what version of rsync is this?
<webPragmatist> 3.0.7
<SpamapS> webPragmatist: ok.. hm.. maybe try a smaller directory tree?
<webPragmatist> :(
<SpamapS> webPragmatist: did you run with '-v' ?
<webPragmatist> yes
<cybrocop> Hello. On UEC, what is the relationship between   eucalyptus.conf and eucalyptus.local.conf? For instance, if I want to change the VNET_SUBNET variable, which file do I edit.
<cybrocop> smoser: Any idea on this? I change the variable in both files across my CC and all my nodes, then whenever I try to launch an instance, I get this error: "Not enough resources available: addresses (try --addressing private)"
<smoser> well, a couple things.
<smoser> i think the files say which one to update
<smoser> they say to edit /etc/eucalyptus/eucalyptus.conf
<smoser> hand as far as VNET_SUBNET i would think you need to set that on the CC.
<smoser> then, as suggested in eucalyptus.conf file, do 'sudo restart eucalyptus-cc CLEAN=1'
<cybrocop> Initially, I only modified eucalyptus.conf, but when I restart the service, the changes aren't sync'd to eucalyptus.local.conf  and I get the errror above.
<cybrocop> smoser: I have restarted eucalyptus-cc with CLEAN=1 option.
<smoser> they're not synced to .local.conf.
<smoser> they wont be.
<smoser> and make sure you dont have it in both places.
<smoser> as that is undeinfed behavior i think.
<smoser> but i would think this would take...
<smoser> i aplogize for not knowing more. maybe kirkland` does
<cybrocop> smoser: the VNET_SUBNET was already present in local.conf
<cybrocop> only it was the wrong setting: VNET_SUBNET="172.19.0.0"
<cybrocop> in my eucalyptus.conf, I changed  this to be VNET_SUBNET="192.168.0.0" and did a "restart eucalyptus-cc CLEAN=1"
<cybrocop> now, I had 2 files, each with a different VNET_SUBNET setting. I changed eucalyptus.conf's VNET_SUBNET to "172.19.0.0" (initially it was null).. restarted cleanly again, and I'm still having problems launching instances.
<smoser> cybrocop, i'm sorry, i can't be much more help there. I can't say that i've played with that all that much.  you might try in #eucalyptus.
<cybrocop> smoser: thanks. I'm coming here from #eucalyptus, they can't help me because the problem seems to be the discrepancy between eucalyptus.conf and eucalyptus.local.conf (which is a Ubuntu addition)
<smoser> well, make sure it only occurs in one of them
<smoser> and that its right
<smoser> and restart.
<smoser> then, i am not certain how that setting propogates to nodes
<smoser> or if it needs to
<cybrocop> smoser: all the settings in my local.conf already have been set in the original.
<cybrocop> smoser: can I just delete all the settings in local.conf i.e. make it an empty file.
<kaushal> hi
<kaushal> as per the link http://webapps.ubuntu.com/certification/list/?release=8.04%20LTS&category=Server
<kaushal> what does Ready mean ?
<kaushal> and how is it different from certified
<jpds> kaushal: It was certified by the manufacturer, not by Canonical.
<kaushal> so certified means by canonical ?
<jpds> Yes.
<kaushal> Ready means by manufacturer ?
<smoser> cybrocop, i'm really sorry i couldn't help you.
<cybrocop> smoser: np, thanks for trying.
<smoser> actually.. i'd at least try restart eucalyptus CLEAN=1
<smoser> (not eucalyptus-cc, but eucalyptus)
<jpds> kaushal: Yes.
<kaushal> jpds, so i should emphasize on certified and not on ready ?
<jpds> kaushal: Either one, depends who you want support from.
<kaushal> oh ok
<kaushal> jpds, Thanks
<prodcutnews> hi
<maek> anyone good at pxe? I have /var/lib/tftpboot and when I copy the contents of the netboot.tgz it works with symlinks and stuff in sub dirs for the kernel, but when I move the default config or the location of the kernel subdirs no longer work
<smoser> maek, tftp often runs chrooted
<smoser> which changes paths and such
<prodcutnews> i had problem with gnome-terminal, its getting close immediately  , what might be the reason, ALT+F2 followed with xterm command is working ? whatz wrong with gnome-termianl ?
<maek> smoser: im using relative paths from my tftp entry point of /var/lib/tftpboot - just very confusing. when I use the stock ubuntu files it works fine with symlinks and kernels in sub dirs. once I move things and reconfig sub dirs dont work. thanks ill look more
<prodcutnews> i did mount command on xterm, i couldnot understand anything there, i have problem gnome-terminal, yesterday laptop shutdown twice, with cpu sounded heavily when i visited site  www.lazydesis.com, now im reading about the topic "instrusion into linux", once i was windows freak later came into linux, but now i feel "AM i SafE"
<osmosis> im getting serious disk write lag in guests on kvm ubuntu 10.04. And Im using virtio.  Easy to duplicate, i just rync a large folder locally, and it brings the server to a temporary halt...eventually recovers.
<osmosis> I see one of the cpu cores in the guest get stuck at 100% use for a while when this happens.
<EtienneG> hey guys
<EtienneG> in eucalyptus, are we still using vtun for inter-cluster communication?  are there another option?  hggdh, kirkland ?
<lifeless> EtienneG: inter or intra?
<EtienneG> lifeless, inter
<EtienneG> lifeless, as in, you have two cluster
<lifeless> ah, I haven't played with that yes.
<lifeless> s/yes/yet/
<EtienneG> lifeless, indeed.  eucalyptus built it using vtun
<EtienneG> vtun is in universe, because it is insecure
<EtienneG> does anyone knows where to declare static routes (other than the default one, that is)?  Google says I have to drop a script in /etc/network/if-up.d/, but there *has* to be a better way
<giovani> EtienneG: "better" how?
<EtienneG> giovani, huh?
<EtienneG> giovani, better than writing a script from scratchm duh.
<giovani> EtienneG: I don't know why you think that's a bad solution, so I'm unclear on how we can offer you a better solution
<giovani> oh, well that's how you do it
<giovani> sorry
<EtienneG> too bad
<giovani> that's how linux works, it's a bunch of scripts
<EtienneG> giovani, just FYI, Red Hat has a config file where you declare static route.  That's what I would call "better".
<giovani> but the "script" you'd be writing is a single, very simple line per route
<giovani> it's no effort at all
<EtienneG> giovani, indeed.  It'd still a hack.
<giovani> a hack? no -- all redhat is doing is running a script that reads that file and executes the same commands
<giovani> it's just partially hidden
<giovani> so in debian based oses
<giovani> there's a file called interfaces which prevents you from having to write your "own script" -- but really, it's the same amount of work
<giovani> man interfaces if you'd like to do it that way
<soren> EtienneG: Just put it in /etc/network/interfaces.
<EtienneG> soren, as a pre-up directive?
<soren> EtienneG: No, up.
<EtienneG> soren, ah, ok
<soren> EtienneG: At pre-up time, it probably won't work (depending on the type of route).
<EtienneG> soren, right
<EtienneG> still, I am baffled that there is no standard mechanism to add static route in Debian-derived OS.
<giovani> that is a standard mechanism
<EtienneG> yeah, yeah
<giovani> you're clearly used to being blinded from how things are done under the hood
<soren> EtienneG: That really is the standard mechanism.
<giovani> 'route' is the user-friendly way
<EtienneG> giovani, I usually prefer ip, but that's just me
 * soren too
<giovani> use whatever you like, it's all still /proc/net/route
<EtienneG> soren, hard-coding a command in interfaces?  really seems wrong to me (still better than to add a script to if-up.d/, though)
<giovani> EtienneG: what benefit do you think there is to abstracting the addition of a route beyond the route command?
<giovani> it's the same amount of typing, it's executing an identical task
<soren> giovani: For the same reason that you don't run ifconfig or dhclient manually,but use /etc/network/interfaces.
<soren> I'll leave it as an exercise to the reader to work out that reason.
<soren> Or those reasons, rather.
<giovani> soren: I don't see any benefit to it for settings like IPs, etc -- the framework of if-up, etc makes sense -- execute things in a specific sequence, at the same time, etc
<giovani> but executing a script that uses a file to set some variables when the command itself is simple doesn't offer any value
<soren> giovani: Please don't tell you you don't specify address in your interfaces file, but instead have a "up ifconfig $IFACE 10.10.10.10" line?
<giovani> don't get me wrong, I'm not saying it shouldn't exist -- just that there's no reason to complain when such a method for a particular task doesn't exist
<giovani> soren: I'm telling you the two are equally usable, that's all
<soren> Making such things come into existence starts with someone complaining (possibly to oneself) about it.
<giovani> complaining about such things is a waste -- there's a long list of stuff that needs automation before it
<soren> bah
<coxn> so, I'm trying to do this: ubuntu-vm-builder kvm --dest /virtual-machines/testhost --ip 10.0.1.62 -c /etc/vmbuilder/confs/lucid-default.cfg
<coxn> and here's the .cfg file: http://paste.ubuntu.com/461277/
<coxn> but the firstboot isn't getting called
<coxn> any help troubleshooting would be appreciated
<soren> coxn: Can you run vmbuilder with --debug and paste the output somewhere?
<coxn> soren: yes. I will come back when I have done so.
<soren> coxn: Cool beans.
<coxn> that is a great nick
<coxn> soren: fascinating. looks like it was failing a perl dependency silently. I'll chase this a bit and paste you some debug output if I get stuck. Thanks!
<soren> coxn: No problem.
<chewbranca> hi, I'm using the Lucid 64 bit ec2 AMI that uses EBS for its root partition, and I'm trying to figure out the best approach to move /var/lib/mysql to a separate EBS volume, any ideas?
<TMX> is it possible to install ubuntu-server via ssh using the standard server iso?
<coxn> 2010-07-09 17:23:33,777 DEBUG   : Calling deploy method in VMBuilder.plugins.network plugin.
<coxn> 2010-07-09 17:23:33,777 DEBUG   : No such method
<coxn> 2010-07-09 17:23:33,796 DEBUG   : Calling deploy method in VMBuilder.plugins.ubuntu.distro plugin.
<coxn> 2010-07-09 17:23:33,796 DEBUG   : No such method
<coxn> hurm.
<CppIsWeird> i have a process that i started via ssh. this process is still running and may run for a very long time. However, I would like to terminate the ssh session. is there any way to transfer this process to another use or something so that when i terminate the ssh session the process does not terminate?
<coxn> CppIsWeird: can you kill it and restart without losing what has already been done?
<CppIsWeird> no, not that im aware of.
<coxn> CppIsWeird: because the way to do that is to stick it inside gnu screen from the beginning
<soren> coxn: Those are not errors.
<soren> coxn: They're debugging information. It even says DEBUG in all caps :)
<webPragmatist> I know there's no particular place but where would you guys store .htpasswd files
<soren> /etc
<soren> They're config files.
<webPragmatist>  /etc/apache2/conf.d ?
<soren> No.
<soren> Stuff in /etc/apache2/conf.d gets treated as apache config files.
<webPragmatist> oh right
<webPragmatist> so maybe make a dir /etc/htpasswd ?
<soren> webPragmatist: /etc/apache2/htpasswd, perhaps.
<soren> (as a directory)
<webPragmatist> okay
<webPragmatist> when httpd runs does it read those files as root or do i need to make them owned by www-data
<soren> Apache runs as www-data.
<soren> So www-data (or a group of which www-data is a member) must have read privileges.
<webPragmatist> okay
<webPragmatist> would you protect it other than just root +r
<webPragmatist> like would you prevent others from reading it
<soren> Probably.
<peeps[work]> when do cron.daily scripts run?  midnight?
<webPragmatist> it's random if i recall
<webPragmatist> For daily, it checks if the current time is greater than (or exactly) 24 hours past the timestamp of the /var/spool/cron/lastrun/cron.hourly file.
<webPragmatist> cron.daily*
<webPragmatist> something like that
<webPragmatist> if you need to have it run at a certain time use crontab
<coxn> okay so, soren ... I don't see any reference to firstboot here: http://paste.ubuntu.com/461306/
<webPragmatist> peeps[work]: ^
<coxn> I got that by tacking a "2>&1 | tee /root/testbuild.txt" to the end of my ubuntu-vm-builder line and looking in the file... I suppose I could upload that file somewhere....
<peeps[work]> webPragmatist, ok, thanks
<panfist> how does one control which services are started automatically on system start?
<upbeatlinux> http://www.tin.org/bin/man.cgi?section=8&topic=update-rc.d
<webpragmatist1> out of curiousity... is it a stupid idea to use the snakeoil private key that is generated by ubuntu instead of a new key for each ssl?
<giovani> webpragmatist1: phenomenally stupid
<webpragmatist1> whats the snakeoil used for
<giovani> as a test
<giovani> if you want an ssl cert that's accepted by most browsers/ssl clients for free, try startssl
<webpragmatist1> oh it's okay my host provides them for freebies
<giovani> excellent, use those
<coxn> hmmmm
<coxn> # grep -ic login /usr/share/pyshared/VMBuilder/contrib/cli.py
<coxn> 0
<panfist> upneatlinux i don't know why i was under the impression this wasn't the right way to do things in lucid...that there was another layer on top that was preferred or something
<panfist> upbeatlinux *
<coxn> soren: should I be using something newer than the VMBuilder that ships with lucid if I want to have a firstboot script?
<soren> coxn: Yeah, there's a PPA.
<T3CHKOMMIE> hey guys, trying to reconfigure my netgear switches from the ground up, anyone familiar with Vlans?
<soren> coxn: What's with the grep thing?
<coxn> soren: that file has the options that it will parse, so there should be a match if '--firstlogin' is an option.
<soren> coxn: No.
<coxn> no which? no it should not match?
<soren> coxn: Settings are defined all over the place. Specifically, the firstlogin option is defined in the firstscripts plugin.
<coxn> ahh
<coxn> I will look there
<soren> coxn: Still, it won't work with the version in Lucid.
<soren> coxn: You need the version in the PPA.
<millerd> Hey #ubuntu-server I have a question
<SpamapS> Hey millerd, we have .. enthusiasm.. and hopefully answers! :)
<millerd> How easy is it if I want to have all the computers in the domain to run apt-get update and then upgrade? Haha thanks for the enthusiasm :)
<panfist> i had bind9 server installed, then i removed it with APT. now, when the server boots it still tries to start bind9 and complains that a named binary is gone
<millerd> I'm trying to delve into Ubuntu Server as an alternative to Windows Server
<ScottK> panfist: That shouldn't happen, but the simple solution is reinstall it and then instead of removing it, purge it.
<osmosis> i got some strange error about   echo 0 > /proc/sys/kernel/hung_task_timeout_secs
<millerd> From the server, how do I tell computers in the domain update themselves?
<osmosis> BUG: soft lockup - CPU#0 stuck for 61s! [kdmflush:275]
<cybrocop> Hi All. In UEC, is it possible to download some of the images from the image store manually?
<cybrocop> so that I can give it a custom (more user-friendly) bucket name?
#ubuntu-server 2010-07-10
<SpamapS> millerd: what do you mean by "all computers in the domain" ?
<millerd> Say I had ubuntu server as a domain controller
<SpamapS> millerd: most people use a configuration management solution for that
<millerd> Could you give me an example?
<SpamapS> millerd: domain controller meaning for DNS or for Windows domains?
<millerd> DNS
<SpamapS> millerd: ok for configuration management, Canonical (my employer) has Landscape that will let you control your servers via a web interface...
<SpamapS> millerd: there's also some more heavy duty solutions like puppet and/or Chef
<SpamapS> millerd: does that all make sense?
<millerd> Yes
<millerd> I've looked into Landscape before
<millerd> Does one always have to purchase landscape as a service canonical provides?
<SpamapS> millerd: well its a product of canonical.
<SpamapS> millerd: you can also just setup ssh key access to all of your servers and use pssh
<millerd> With that you could SSH into a large amount of computers at once?
<SpamapS> millerd: apt-get install pssh ; parallel-ssh -h list_of_servers.txt "bash -c 'apt-get update && apt-get upgrade'"
<millerd> ahhh okay
<millerd> I'm really uneducated on the server side of things
<millerd> The framework of DNS servers
<millerd> and then I get confused between Ubuntu and Windows setups
<millerd> I work for a department at the University of Washington
<SpamapS> millerd: the idea of most unix/linux type things is to do one thing really well, and work by convention.. so most things work "the way you would expect" .. once you learn what to expect, it gets pretty easy
<millerd> Wow Landscape looks amazing
<millerd> I've never seen the UI before now
<peeps[work]> is there a way I can limit the outbound bandwidth from a server to addresses outside of the LAN?  i need to upload a lot of things to external servers, but a saturated upload destroys all download speeds
<peeps[work]> i'd like to limit it a little under the max to avoid affecting download speeds so much
<SpamapS> peeps[work]: you need traffic shaping
<peeps[work]> SpamapS, what app would you recommend for that?
<SpamapS> peeps[work]: I haven't done it in a while, and the options seem to have grown quite  a bit. MasterShaper looks pretty nice though.
<SpamapS> peeps[work]: apt-cache search 'shaper' produces a few options
<osmosis> anyone know if this bug was fixed in the Lucid ABI 23 kernel that was pushed to lucid-updates?   https://bugs.launchpad.net/ubuntu/+bug/603799
<uvirtbot> Launchpad bug 603799 in ubuntu "BUG: soft lockup - CPU#1 stuck for 61s! [kdmflush:275]" [Undecided,New]
<axisys> how do I tell how many emails I have in this maildir ? http://pastie.org/1038305
<axisys> ls new is taking forever to return an answer
<b0gatyr> wondering why I can't partition a USB drive
<iriedread> anyone here who is really familiar with vsftpd that can help me ? having problems with corrupted files upon finishing transfer
<kozmund> I've dealt with vsftpd but haven't seen any corrupted files so...that's not helpful.
<b0gatyr> humm weird, i have an 8GB flash drive created 2 partitions, first 1.5GB primary , second 4GB (EXT3), Trying to create 3rd one in the unallocated space as Fat32 or NTFS but when I create it windows doesnt read it any clues???
<qman__> b0gatyr, because windows is dumb and can't handle that sort of thing
<b0gatyr> yeah it sux , gave up on it already
<CppIsWeird> any way to move things with a progress bar?
<GhostFreeman> Is there any easy way to limit bandwidth to certain applications?
<jmarsden> define "easy"?  There is the http://tldp.org/HOWTO/Adv-Routing-HOWTO/  but you can look at "easier" ways such as trickle ...
<GhostFreeman> is trickle in universe?
<jmarsden> GhostFreeman: Should be... let me look for it...
<jmarsden> Yes, see http://packages.debian.org/lenny/trickle
<GhostFreeman> I'm already using it, and it works nicely
<GhostFreeman> thansk
<GhostFreeman> thanks*
<Lord_Devi> I've just installed Ubuntu 10.04 server for the first time here.. and it would appear something related to termcap or SOMETHING has changed. My up arrow no longer functions and backspace no longer functions. Is anyone aware of what I am talking about?
<Lord_Devi> I should say, "and how to fix it?"
<Lord_Devi> I've grown acustomed I must say to my up arrow and backspace..
<osmosis> im stuck on   [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)
<CppIsWeird> are there any command line copy/move functions that have a progress bar of some sort?
<osmosis> CppIsWeird, rsync
<osmosis> CppIsWeird, rsync -Pav
<CppIsWeird> heh, using rsync to copy and move everything would be a pain i think, no?
<osmosis> CppIsWeird, pain?  i always use rsync for all copies. Im not even familiar with the unix cp command.
<CppIsWeird> guess i could intercept the cp and mv commands and redirect them to rsync.
<CppIsWeird> interesting.
<osmosis> CppIsWeird, why not just type the extra 3 characters? rsync   not that big of a word
<CppIsWeird> i guess i will start rsyncnig everything then.
<osmosis> yah, i love rsync
<CppIsWeird> rsync is 150% bigger than mv!
<CppIsWeird> :P
<osmosis> oh jeez
<osmosis> yah, well i still use mv.  i just dont use cp
<jmarsden> CppIsWeird: alias r=rsync   # There, now r is 50% smaller than mv :)
<CppIsWeird> jmarsden wins marshmellows!
<osmosis> im stuck on   [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0).  apache config help?
<CppIsWeird> sounds to me like you need to register a certificate with your apache server
<osmosis> CppIsWeird, ive done that as far as I can tell though
<jmarsden> osmosis: https://help.ubuntu.com/10.04/serverguide/C/httpd.html and read the section on HTTPS Configuration.  Also see https://help.ubuntu.com/10.04/serverguide/C/certificates-and-security.html
<osmosis> jmarsden, too bad those docs dont have anything on ssl with vhosts
<jmarsden> Do you have it working on your default host already?
<osmosis> jmarsden, i just figure out...it works on the default host. but if I enable a vhost, it fails with that error.
<jmarsden> OK.  If you can handle a certificate name mismatch, you can probably just turn ssl on in each vhost; for per-vhost ssl, life is more fun, you need to use a different port for each vhost so each one can have a different certificate, as far I know.  or a different IP, if you have plenty of public IPs available to use.
<osmosis> jmarsden, im just using one certificate though. multiple vhosts
<osmosis> jmarsden, i have a working ubuntu 8.04 box running this way. just trying to get it working on my new 10.04 box.
<jmarsden> Then you'll get name mismatch errors for all the vhosts whose names are different from the name on the certificate...
<osmosis> jmarsden, thats okay...just some rarely used domains i need to have encrypted traffic on.
<jmarsden> So... what is the issue?  Did you set up vhosts that use port 443 and that say ssl on and so forth?
<jmarsden> Why not look hard at the 8.04 apache config files and use them as a basis for the 10.04 setup?
<osmosis> jmarsden, if the config file worked the same I wouldnt have an issue. 10.04 behaves differently.
<osmosis> yah, i have a vhost with  :443
<osmosis> If i enable that ssl-vhost, i get    [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0).
<osmosis> worked in 8.04 though
<jmarsden> OK... I'll try it in a VM here... I don't think Apache can have changed *that* much between 8.04 and 10.04, can it??  Sounds like you need an SSlCertificateFile config line in each vhost?
<osmosis> ill try moving the ssl directives into the vhost
<osmosis> jmarsden, okay, that works now.
<osmosis> jmarsden, yah...wasnt required in 8.04 though. strange.
<jmarsden> Maybe someone is preparing for the new http spec where you *can* do different SSL certs in different vhosts??  I read something about that a while back, but forget the details...
<uvirtbot> New bug: #573975 in tftp-hpa (main) "pxe image fails to boot: "Forbidden directory"" [Undecided,New] https://launchpad.net/bugs/573975
<ljungk> what's the difference between sending mail from an stmp server and what that server is doing when sending it to its destination server?
<guntbert> ljungk: the intermediate smtp server is acting as a client to the destination server
<ljungk> guntbert: okay, so there is no real difference?
<ljungk> guntbert: in theory i could then manually connect to each mail server I want to send mail to?
<guntbert> ljungk: in theory yes, in praxis smtp servers are choosy in from whom they accept mail for whom - you are likely to get something like "relaying denied"
<ljungk> okay, even if i try to send only to users local on that server?
<ljungk> and what do they base they choice on? authentication?
<ljungk> *their
<KnightStalker> Hello,How can I backup all of my Ubuntu in a way which I can install it via a bootable disk and it installs the current ubuntu I have without any changes(all settings and users and /bin should be saved and should be installed when I choosed to restore)
<KnightStalker> I need it for my server so that in case of HDD/OS loss I still have a backup
<ljungk> KnightStalker: You can use rsync to mirror your directories
<KnightStalker> hmm I never used rsync,may I ask how to tell rsync to make backups?
<ljungk> you give it to paths, possibly on remote machines and it will make the second one reflect the first. the man page is pretty good,
<ljungk> *two
<KnightStalker> hmm
<KnightStalker> But that wont allow me to make bootable disks
<KnightStalker> and for example if I reflect home folder and restore it later there will be permission problems
<ljungk> why? rsync keeps track of ownership/permissions/times etc
<ljungk> but no, it can't make a bootable disk.
<ljungk> what I do is mirror the important directories (/home , /etc , /data + some parts of /usr ) and dump a package list (dpkg -l) then the system is pretty easily restored
<klaas> whats the best option to install ubuntu on a new system with software raid5 and full encryption? does the alternate cd support that and which filesystem is the best to use for big raids (15tb)?
<andol> klaas: Yes, both the server cd and the alternate cd will work, as both use the same Debian installer (just with different preseeds/defaults).
<Fudge> hi i have an hp proliant 380 G4 and am trying to find a  package that will slow the fans down as its very loud. could someone please assist me or point me in the right direction?
<Fudge> mm
<jeeves_Moss> how can I burn a CD from the CLI from an ISO
<smoser> kirkland`, are you around ?
<Caer> I'm having login times to ssh on my server which go from 1s to 90s ; the system load is ~2 ; it mainly runs transmission at 50Mbit/s
<Caer> I have tried ionice but it didn't improve, any idea?
<Caer> I have changed the default DNS of my ISP to google's hoping that a reverse lookup was in cause but no
<pmatulis> Caer: turn off transmission for a bit and see if it helps (assuming that app is causing the ~2 load; which, if constant, is pretty bad)
<pmatulis> Caer: you can also run the ssh client in verbose mode and the server in foreground mode - keep both terminals side by side and observe
<Caer> I will try with transmission off, the problem is that this time is random
<Caer> and I can't touch the ssh server, I have no physical access. And transmission is certainly the reason for the load.
<Caer> is a 4MB/s disk IO close a typical disk limit?
<pmatulis> Caer: that sounds very low to me
<pmatulis> Caer: re ssh, another option is to reduce niceness of sshd.  physical access desirable
<Caer> reduce niceness actually improves response times right?
<pmatulis> Caer: yes, -20 to +19 (smaller = higher priority)
<pmatulis> Caer: 'man nice'
<Caer> anyway I can restart the server remotely, sshd shouldn't worry me
<Caer> thanks for the fish pmatulis
<pmatulis> Caer: yet another option is to somehow implement QOS on a f/w
<pmatulis> Caer: giving higher priority to SSH traffic
<pmatulis> Caer: finally, upgrade your cpu and/or ram
<Caer> i haven't done QoS yet but I should ; how does it interact with ionice?
<Caer> never mind tcp is probably not considered as IO
<pmatulis> Caer: supply top output for a more informed analysis
<jpds> What kind of machine is this?
<Caer> dell xs11-vx8 for French ISP 'online.net'
<Caer> pmatulis: allright I was a fool to suppose transmission was not the only problem, thank you!
<uvirtbot> New bug: #604092 in drbd8 (main) "package drbd8-source 2:8.3.7-1ubuntu2.1 failed to install/upgrade: drbd8 kernel module failed to build" [Undecided,New] https://launchpad.net/bugs/604092
<glen1> what is a cloud? is it a marketing term for server?
<Caer> glen1: marketing for a group of (eventually cheap) servers, distributing a service
<Caer> beuh j'ai aucun film Ã  voir
<Caer> vous auriez pas des titres sous la langue ? ou une sÃ©rie marrante ?
<uvirtbot> New bug: #604110 in munin (main) "munin-node-configure --shell fails on lucid" [Undecided,New] https://launchpad.net/bugs/604110
<glen1> Caer, so its just a server? haha im talking to you from the cloud!
<DUEDAHL> can somebody recommend a video surveillance software? it should support ip-cams
<qman__> DUEDAHL, zoneminder
<DUEDAHL> im not able to download their liveCD
<Bjelleklang> hi guys, have there been any reports of server install hanging when trying to configure the apt sources? Have tried server ISO as well as the alternative one
<guntbert> Bjelleklang: network is configured correctly?
<Bjelleklang> yeah
<Bjelleklang> can try installing without network though just to check
<uvirtbot> New bug: #604129 in mailman (main) "Mailman's python path should include dist-packages" [Undecided,New] https://launchpad.net/bugs/604129
<guntbert> Bjelleklang: you can always switch to a different virtual console (alt+left, alt+right) to find a screen where you can see what is actually going on, or you can run the install without the splash screen at all
<Bjelleklang> ah, nice one
<Bjelleklang> trying again now, will see what happens
<guntbert> Bjelleklang: in the boot menu press F6, esc to edit the boot line, remove "quiet" and "splash"
<makish> Leker lite med DHCP server och behÃ¶ver lite hjÃ¤lp...fÃ¥r det inte riktigt o lira...
<guntbert> !se | makish
<ubottu> makish: Svensk Ubuntu- och Kubuntusupport hittar du i #ubuntu-se resp. #kubuntu-se
<guntbert> makish: english please in this channel
<makish> sorry ...realized i was in the wron channel..=)
<makish> wrong
<guntbert> makish: :)
<makish> guntbert, im sitting and playing around with the DHCP server in ubuntu but im not getting it to work...=) fallowed this guide http://www.ubuntugeek.com/how-to-install-and-configure-dhcp-server-in-ubuntu-server.html
<Bjelleklang> looks like it's working now, might have been a bad cd-rom
<Psi-Jack> Hmmm
<Psi-Jack> migrationtools package seems to be missing the migrate_common.ph entirely.
<Psi-Jack> And when I create it and set $DEFAULT_BASE, it doesn't even utilize it. heh
#ubuntu-server 2010-07-11
<amstan> hey guys, why would i get permissions denied for this one cronjob?
<amstan> it's user cron, and when i do the exact command manually it works
<ayi> Hi, I am googling around for ways to create a failover setup with two ISPs, where one is expensive but reliable and the other is cheap but unreliable
<ayi> It seem the "bonding" module may achieve this, but it seems it establishes a dead gateway/route on the basis of the router responding, and not for instance an internet host
<ayi> I'm guessing I would need to script this?
<ruben23> how to cehck mysql version on ubuntu server..>?
<qman__> ruben23, mysql --version
<jpds> ruben23: dpkg -l | grep mysql
<jpds> ayi: What kind of routers do you have?
<p1l0t> Why is it when I change /etc/hostname and /etc/hosts (to make 127.0.1.1 the same as hostname) that I have other issues like Network_Manager not working on my netbook lucid
<ayi> jpds: very variable
<Skaag> i need to find a cool dedicated server provider in the US that supports Ubuntu Server 10.04, any suggestions?
<Fudge> anyone have idea how to get hp dl380G4 fans to spin down?
<Fudge> c
<Psi-Jack> Hmm
<Psi-Jack> Is there a "proper" or repo method to install Sun's JDK on Ubuntu 10.04 LTS?
<Psi-Jack> sun-java6-jdk does not seem to exist anymore as an option.
<Psi-Jack> Aha, found it. It was in the partner repo.
<RudyValencia> How do I make a disc of files from the command-line of my server?
<qman__> RudyValencia, see mkisofs and cdrecord
<RudyValencia> Whoa, lots of options
<RudyValencia> I don't know what half of them are for
<RudyValencia> All I want to do is store the contents of a directory to a disc.
<uvirtbot> New bug: #604185 in vsftpd (main) "Unable to start vsftpd with upstart if private key" [Undecided,New] https://launchpad.net/bugs/604185
<talcite> hey guys, I have weird behaviour from portmap coming. I think it's an NFS misconfiguration. Could someone help me out?
<talcite> I've got an internal network, 10.1.1.x, and an external network 134.117.55.x . My NFS traffic goes on 10.1.1.x (i'm pretty sure)
<talcite> however, in the logs of all the NFS clients, I keep getting portmap errors saying there's unauthorized requests from 134.117.55.52 (my NFS server specifically)
<talcite> it's really weird because I can't think of any config files that tell the NFS server to use the 134.117.55.52 interface
<talcite> so I don't understand why I'm getting ypserv requests over that network.
<talcite> the exact error is: Jul 11 02:54:54 s1 portmap[5048]: connect from 134.117.55.52 to callit(ypserv): request from unauthorized host
<ruben23>  hi guys any suggestion a good opensource firewall apps..i mean widely used and one of the best being made.
<Jordan_U> !firewall | ruben23
<ubottu> ruben23: Ubuntu, like any other Linux distribution, has firewall capabilities built-in. The firewall is managed using the 'ufw' command - see https://help.ubuntu.com/community/UFW | An alternative to ufw is the 'iptables' command - See https://help.ubuntu.com/community/IptablesHowTo | GUI frontends such as Firestarter/Gufw (Gnome) or Guarddog (KDE) also exist.
<ruben23> Jordan_U: you dont recommend firewall apps..?
<Jordan_U> ruben23: Ubuntu comes with ufw (which, as all linux firewalls uses iptables), and it's good and well integrated.
<BeeBuu> i can't ping the system that running in UEC, anyong help me please?
<BeeBuu> and i can see the status is "running"~~~~
<Caer> BeeBuu: never used UEC but servers don't necessarily respond to ping
<Caer> Is there a way to nice a process that forks? (ppid=1) and what about threads?
<Caer> threads seem ok although transmission-daemon behaves strangely : it lost its nice priority after a few seconds
<BeeBuu> Caer: but i can ssh in it
<BeeBuu> i can't
<Caer> I can't help you, sorry.
<brummel444> hi, bind9 doesn't log: logging channel 'debug' file '/var/log/named/named.log':  permission denied. Permissions: -rw-rw-r-- 1 bind bind 0 2010-07-11 11:33 /var/log/named/named.log. Why do i get permission denied ?
<joschi> brummel444: probably because of the apparmor profile for bind
<joschi> brummel444: are the permissions for /var/log/named/ correct?
<brummel444> joschi: i solved by setting write permission to the directory. though the named.conf was set to 777 it didnt write to it.
<joschi> brummel444: yes, the directory permissions have to be correct, too
<joschi> brummel444: although owner bind:bind and 0750 should be enough for /var/log/named/
<brummel444> hm.. dont understand that, because i created a named.log that was writable for all, why does the directory have to be writeable then ? a bind9 specific "feature" ?
<joschi> brummel444: no. a posix specific feature...
<brummel444> joschi: do you know how to update dns to listen on (a new) ppp (vpn) connection ? i always have to restart dns after i connected..
<joschi> brummel444: that's the way bind works. you have to restart (or maybe just reload/SIGHUP?) bind for it to bind on new interfaces
<brummel444> joschi: ok. i thought there should be some kind of update function for dns, to inform it about a new ppp interface.
<jpds> ayi: routers> Well, you might want something like HSRP.
<RoyK> is it possible to have bind listen on 0.0.0.0 instead of specific interfaces?
<sander__> Anyone know if UEC uses qemu?
<joschi> RoyK: sure, but named will only listen on interfaces known at the start time and bind explicitly to them
<joschi> RoyK: ehm, forget it. no, named can't listen on 0.0.0.0:53.
<io> Is there something similar to Landscape but free?
<joschi> io: red hat spacewalk. but it's veeeery red hat centric ;)
<io> joschi: Red Hat provides Spacewalk for free but Canonical charge for Landscape? :-)
<joschi> io: the commercial version of spacewalk is red hat satellite.
<io> joschi: Right.
<nhck> Hi, I am looking for a package that allows me to playback music from my local machine on my ubuntu server. It would be nice if the server would act like a playback device so  it would be autodiscovered via upnp.
<jpds> mpd.
<jpds> !info mpd
<ubottu> mpd (source: mpd): Music Player Daemon. In component universe, is optional. Version 0.15.4-1ubuntu3 (lucid), package size 174 kB, installed size 508 kB
<nhck> hmm, i have mpd running currently, got to check how to expose it I guess?
<Kream> Hi all.
<Kream> Using stock Apache on 10.4. Documentroot is set to /var/www/default. The default webpage is accesible using my.site.com . I want to point my.site.com/doc to /usr/share/doc r . I also want to use the ubuntu system of enabled / disabled sites . /etc/apache2/sites-available/doc is available at http://pastebin.com/9X08QbDC . /etc/apache2/sites-available-default is available at http://pastebin.com/TUmYJTtq
<io> Kream: The default setup forwards /doc to /usr/share/doc. Did you see cat /etc/apache2/sites-enabled/000-default already?
<io> Kream: You will need to manipulate the allowed/denied hostnames though, as only 127.0.0.0/255.0.0.0 ::1/128 can access it by default.
<io> Kream: And why are you making an extra site just for doc? Your site is site.com, not doc? :-)
<Kream> io: i know, i'm just using doc as an example
<Kream> thing is
<Kream> i installed munin and it's working beautifully, but it's config is sitting in /etc/apache2/conf.d/munin
<nhck> jpds: I am probably missing something: How do I expose mpd as an upnp media renderer?
<Kream> and it's www root is /var/www/munin
<Kream> i'm going mad trying to make a munin site work in /etc/apache2/sites-available
<Kream> the reason i need to do all this is i'm trying ot get redmine working, which is sitting in /var/www/redmine
<io> Kream: I would have /etc/apache2/sites-available/www.example.com and set the DocumentRoot to /var/www/www.example.com and then off that have alises for www.example.com{munin,redmine} to /var/www/www.example.com/{munin,redmine} and then enable www.domain.com.
<clusty> hey
<clusty> i am trying to mount cifs with automount
<clusty> by staring at the files, i cannot figure out where do i tell autofs which host to actually mount
<io> Kream: Or as you current setup with /var/www/{munin,redmine} place something like this: http://paste.ubuntu.com/462057/ in to your /etc/apache2/sites-available/{domain} file.
<io> Kream: Without the 'Deny from all' line on the Redmine block. ;-)
<nhck> Any ideas on how to expose my ubuntu box as an upnp media renderer? Thanks :-)
<Kream> io: thanks, puting hip waders on
<io> Kream: No problem. :-)
<Kream> ok by mistake, I went and asked #httpd for help and they seem to think that Ubuntu's httpd config is borked. they even have a wiki page up at http://wiki.apache.org/httpd/DebianDeb0rkification ... is what's in there useful?
<Kream> http://pastebin.com/qxjDK7ut
<Kream> ^^^ that is my new /etc/apache2/sites-enabled/000-default and in it xxx.xxx.com/doc works fine
<uvirtbot> Kream: Error: "^^" is not a valid command.
<Kream> http://pastebin.com/qxjDK7ut
<Kream> is my new /etc/apache2/sites-enabled/000-default and in it xxx.xxx.com/doc works fine
<Kream> am I missing something fundamental when I ask if I can "split" away the docs section into another snippet?
<nhck> Kream: the doc just points you to the apache docs. if you don't need it just delete it
<Kream> let me clarify. I have a website at www.example.com which works fine. Under Apache2 in Ubuntu 10.4, can I have a site (that means something enabled from /etc/apache2/sites-available) that points to somewhere arbitrary? Or should all such instances be aggregated into Aliases in /etc/apache2/sites-available/000-default ?
<Kream> I'm not mucking around with multiple hostnames etc etc
<Kream> ahhh gods
<Kream> i'd basically misunderstood the fundamental reason for entries in /etc/apache2/sites-availble.
<ruben23> hi guys how to install rt-kernel on ubuntu-server
<ruben23> guys any idea on rt kernel deployment on ubuntu server..?
<Kream> in dpkg --list, some packages are prefixed with rc, what does this mean?
<RoyK> Kream: google for it
<uvirtbot> New bug: #604320 in net-snmp (main) "package libsnmp-perl 5.4.2.1~dfsg0ubuntu1-0ubuntu2.1 failed to install/upgrade: error writing to '<standard output>': No such file or directory" [Undecided,New] https://launchpad.net/bugs/604320
<io> Kream: Release candidate. Also, did you need something?
<jasonme> Hi. we're in the process of migrating our office to ubuntu
<jasonme> we have 1 ubuntu server, 25 ubuntu desktops
<jasonme> how can we get the 25 ubuntu desktops to actually log on to the server? instead of to their own computer?
<jasonme> so that <user> can login at any computer and their docs/wallpaper etc will be the same
<Kream> jasonme: are there going to be windows machines logging in as well?
<jasonme> no just ubuntu
<Kream> jasonme: then you'll need something like this: home directories exported from an NFS server
<Kream> and an NIS/YP server to authenticate over the network
<jasonme> schools are an example.. they dont save users documents to the hd, also wallpapers and user settings are available on any computer the user logs in from
<jasonme> is there a simpler option?
<Kream> sure
<Kream> get a big server+thin client setup
<Kream> you save big as you add more desktops
<Kream> that setup is LTSP
<Kream> it's very easy to setup
<Kream> well, compared to NIS at least
<Kream> and everything works, nowadays... cdroms, usb drives, the works
<Kream> sound too
<Kream> https://help.ubuntu.com/community/SettingUpNFSHowTo
<Kream> https://help.ubuntu.com/community/UbuntuLTSP
<jasonme> Kream: thanks so much!
<Kream> np share and enjoy
<uvirtbot> New bug: #604353 in dhcp3 (main) "can't open external .dhcp config file" [Undecided,New] https://launchpad.net/bugs/604353
<nhck> it doesn't seem to be easy to get ubuntu to act as an upnp media renderer
<ruben23> hi guys any help on installing  zoiper communicator on ubuntu..
<quentusrex> Anyone know of problems with openldap and ubuntu lucid?
<quentusrex> I am following https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html and can not figure out the cause of the " main: TLS init def ctx failed: -1 "
<vmlintu_> usually that means that something's wrong with your certificates
<quentusrex> I tried this: gnutls-serv --x509cafile /etc/ssl/certs/cacert.pem --x509certfile /etc/ssl/certs/ldap01-test_slapd_cert.pem --x509keyfile /etc/ssl/private/ldap01_slapd_key.pem
<quentusrex> and it seems fine
<quentusrex> and I checked that the user openldap has read access to all 3 of the cert/key files and the user does have access
<quentusrex> so it doesn't seem to be a permission issue, nor does it seem to be a valid certs issue
<quentusrex> I'm feeling all out of ideas
<vmlintu_> have you tried running slapd with "-d -1" ?
<quentusrex> same error message: main: TLS init def ctx failed: -1
<quentusrex> after it loads all the ldif files
<vmlintu_> what's the command you are using to run slapd?
<quentusrex> slapd -h 'ldaps:/// ldapi:///' -g openldap -u openldap -F /etc/ldap/slapd.d/ -d 1
<quentusrex> and I tried: slapd -d 1
<vmlintu_> -d -1, not -d 1
<quentusrex> still the same so far
<vmlintu_> does it say anything else about TLS?
<vmlintu_> it could be a few thousand lines before
<quentusrex> strange it won't pipe to a file.
<quentusrex> not even with: slapd -d -1 2>&1 > debug.log
<vmlintu_> weird..
<quentusrex> I don't see any output with tls in the line except for the lines that define which files to load
<vmlintu_> Just to make sure, run it with strace to see if it can actually open the files
<quentusrex> I need to fix the documentation on that page,
<quentusrex> there is a typo when creating the cert
<vmlintu_> ?
<quentusrex> Here is what fixed the issue: mv /etc/ssl/certs/ldap01-test_slapd_cert.pem /etc/ssl/certs/ldap01_test_slapd_cert.pem
<quentusrex> there is a hyphen where there should have been an underscore
<quentusrex> thanks for the help vmlintu_
<vmlintu_> I gave up copy-pasting commands a while ago because of these little typos..
<quentusrex> Do you know a little about desktop ldap auth?
<vmlintu_> I prefer kerberos, but I have used also pam_ldap
<quentusrex> I'm trying to plan out the network authentication here, but there are laptops, and desktops. And the laptops are outside the network about half the time
<quentusrex> vmlintu_, I'm looking into kerberos as well, but first have to get ldap up and running.
<quentusrex> Is there a way to allow for both ldap auth and local auth?
<quentusrex> in a way that will allow changes made on local to still be around when authed with ldap?
<quentusrex> if that makes any sense.
<vmlintu_> is local auth meant to be used when there's no connection and ldap when there's connection?
<quentusrex> yes, basically.
<vmlintu_> I'd recommend using sssd for that
<vmlintu_> when users login with sssd, it stores enough information locally so that later they can login without connection too
<vmlintu_> http://www.opinsys.fi/en/user-management-with-sssd-on-shared-laptops
<quentusrex> So it would store the info after a successful login?
<quentusrex> if you login successfully while connected, you can log in when disconnected?
<vmlintu_> yes
<quentusrex> any advice for mounting file systems after login?
<quentusrex> such as home directories?
<quentusrex> One small hope is that I can have the ldap/kerb auth system work from within the network and from remote
<vmlintu_> I'm using autofs for that when users are in the local network
<vmlintu_> with autofs you can store the share information in ldap and it mounts the correct share when it is needed for the first time
<vmlintu_> http://www.opinsys.fi/en/setting-up-nfsv4kerberosautofs5-ldap-on-ubuntu-10-04-alpha-2-lucid-part-7
<quentusrex> would that work for when the device is remote?
<quentusrex> if the dns entries resolve properly for inside and out?
<vmlintu_> Depends on the firewalls and connection speeds
<vmlintu_> I wouldn't use nfs with slow connections
<vmlintu_> but autofs works with other filesystems too
<quentusrex> do you know if nfs would allow for file changes if there is no connection to the nfs server?
<vmlintu_> no, it needs a working connection
<quentusrex> vmlintu_, and thanks a ton for helping.
<vmlintu_> for laptops I'd recommend synchronising the home directories with something like unison
<vmlintu_> with unison you can sync file both ways when they are modified
<vmlintu_> It's not automatic, though, so users need to activate it
<quentusrex> I think I can be happy with a system that only automounts certain directories if there is connectivity
<quentusrex> if not, then it is obvious you don't have access.
<vmlintu_> with nfs you'll probably have problems if something is mounted when the connection breaks
<vmlintu_> unmounting the nfs share with a lost connection can be a pain
<quentusrex> yeah, I have seen that happen.
<vmlintu_> you might have better success with samba/cifs
<quentusrex> I am also looking into glusterfs
<vmlintu_> If users connect to the cifs shares through nautilus, they usually behave better than nfs when connection breaks
<vmlintu_> I really don't know much about glusterfs as I've tried it only once
<quentusrex> what were your thoughts when you did test it?
<quentusrex> I'll look into cifs this looks like what I will need
<vmlintu_> glusterfs looked nice, but I really need kerberos or some similar way of authenticating users to the file system
<quentusrex> what is the advantage of kerberos over just plain ldap for you?
<vmlintu_> Running nfs4 with kerberos makes it possible to give access to users instead of just hosts. So once users authenticate with kerberos, they get access to their home directories.
<quentusrex> That is well worth it...
<vmlintu_> Especially when running hundreds of nfs clients in network, you don't want to share whole /home to anyone who asks for it
<quentusrex> right
<vmlintu_> I'm running quite a few school networks and I must assume that every user is potentially hostile as kids try to break in
<quentusrex> I think I might wind up using glusterfs to aggregate the bricks, then share with nfs and cifs
<quentusrex> maybe add something to determine if within the network and if not then use cifs only
<quentusrex> vmlintu_, I have a school as a client, I know what you mean.
<Psi-Jack> I'm curious. Ubuntu's had a lot of excelent focus on virtualization with kvm and all. But have they put into any focus about HA/HS support as well?
#ubuntu-server 2011-07-04
<b0nghitter> when installing freenx to ubuntu-server 11.04, should i install the desktop first? i want the minimal xfce desktop available to freenx
<b0nghitter> the PPA repo seems to not be available? trying to follow https://help.ubuntu.com/community/FreeNX on ubuntu server 11.04
<b0nghitter> Failed to fetch http://ppa.launchpad.net/freenx-team/ppa/ubuntu/dists/natty/main/source/Sources  404  Not Found
<b0nghitter> they dont have one for 11.04 yet
<b0nghitter> can i change natty to one of the other dists, and have itwork without any problems?
<amit> Hello all. Would appreciate some upstart wisdom: What's the recipe for telling a job to stop when another, *non-upstart* daemon is stopped (More broadly, instruct the job: "You stop running if this job stops running")?
<nibalizer> amit: it needs to recieve a signal to stop on
<nibalizer> so you'll have to hack the non upstart job to emit a signal on shutdown, then catch that signal with your upstart
<nibalizer> afaik there's no clean way to have it poll the other job to see if it's still running, though certianly you could put pgrep in a while loop
<nibalizer> http://upstart.ubuntu.com/getting-started.html
<twb> 1 plum.cyber.com.au mdadm: RebuildFinished event detected on md device /dev/md1, component device  mismatches found: 12800
<twb> ...when my monthly raid rebuild happens, should I worry that it finds some mismatches?
<DerEnsBoss> hey
<DerEnsBoss> Can someone give me tips for the best IRC-Chat-Bot and IRC-Server ?
<twb> DerEnsBoss: for what use case?  An internal office IRC server?
<DerEnsBoss> For my Privat Network
<DerEnsBoss> !
<twb> So you will have what, maybe a couple dozen users at most?
<twb> And they'll be more-or-less trusted friends/family/coworkers/whatever?
<DerEnsBoss> Its for Test
<DerEnsBoss> How it Works
<DerEnsBoss> to set it up
<twb> So it's for pedagogy.
<DerEnsBoss> for myself to learn
<twb> In that case you are best choosing a simple implementation
<DerEnsBoss> ok
<DerEnsBoss> Thanks
<twb> FWIW I run ircd-irc2 because it's the oldest (and therefore, presumably, easiest) variant in Ubuntu
<twb> Or you know, you could just bugger off in the middle of a conversation
<toddnine> Hi guys.  Have a question about ntp.  I've installed the ntp client, and our servers generally line up.  However after about 3 to 4 days I start getting 1+ seconds of drift between them.  Is there a way to force them to update every 10 minutes?  We use down to millisecond timing in our cluster, so it causes a lot of problems with our data storage when the times are out of sync
<toddnine> here's my conf file.  https://gist.github.com/28938913f9a0947a2406
<twb> toddnine: ntp or ntpdate?
<twb> Per ntp.conf's manpage, it appears to poll every 10s by default (maxpoll)
<twb> toddnine: oh, you're using some remote NTP server
<twb> toddnine: deploy a local one, then have *it* look at your country's RR NTP servers, and have the rest of your servers look at it.
<toddnine> twb: I'm on aws, does it provide an ntp service for it's Dcs?
<twb> Possibly you can set them up as peer-peer, but I haven't tried that
<twb> toddnine: I do not provide support for AWS, sorry
<twb> (Above was assuming your cluster was on a fast LAN, not distributed across "th cloud")
<toddnine> Yeah, they're all in the same zone, so the same dc
<twb> Shrug
<jmarsden> toddnine: https://forums.aws.amazon.com/thread.jspa?messageID=53658  may be relevant??
<twb> I wonder if the problem is the VM technology is not giving the VM every tick
<jeeves_moss> twb, I think it's more that installing VMWare server2.0 on Ubuntu 10.04 is a huge pain in the ass!
<twb> jeeves_moss: huh?
<twb> jeeves_moss: he's using amazon stuff
<twb> But yeah, steer well clear of vmware, especially vmware server
<jeeves_moss> twb, awww
<toddnine> jmarsden: Yeah, unfortunately that's outdated
<toddnine> those files don't exist within the distribution any longer
<jmarsden> toddnine: OK... but it sounds like you have an EC2/cloud-specific issue, so asking the cloud/EC2 community is probably a good way to go.  I
<jmarsden> I
<jmarsden> m not sure milisecond sync across the could is a "normal" expectation, to be honest...
<jmarsden> s/could/cloud/
<toddnine> jmarsden: Agreed.  Didn't get any response on the aws channel either
<toddnine> I'm not 100% convinced that's the issue, I just noticed we get it a lot less when our clocks our synced.  We're getting jobs that are executing multiple times in our queueing system, and it seems that it's due to the cluster not correctly syncing delete operations
<twb> toddnine: presumably you are paying Amazon money
<twb> toddnine: so call their tech support people
<twb> Also maybe get a DBA to fix the code so it doesn't rely on timing belts
<toddnine> twb: Doesn't work that way mate :)
<toddnine> We're not using a db, we're using distributed storage.  The quorum doesn't return properly if the timestamps don't line up
<twb> Whatever
<jamespage> morning all
<koolhead11> morning jamespage
<kbrown90> I'm a new Ubuntu Server Administrator and i am needing some guidance.
<twb> kbrown90: be more specific
<kbrown90> i've recently installed Ubuntu Server 10.10 and got Apache 2.2 webserver up and working... now i'm stuck on trying to get a mailserver up and running.
<kbrown90> i've got MySQL install as well.
<twb> !serverguide
<ubottu> The Ubuntu server guide may be found at http://help.ubuntu.com/10.04/serverguide/C/
<kbrown90> but i'm having problems with getting the server to give me the settings and configuration files for postfix.
<twb> Run postconf
<kbrown90> everytime i use the command "telnet localhost 25" my server kicks back as it's trying to connect to "::1..." which i don't think is right and i'm not sure why? could someone help?
<kbrown90> i'm trying to set up Postfix on my Ubuntu Server 11.04
<persia> kbrown90, Try using a hostname that is only defined in IPv4, or "127.0.0.1" if you don't want to hunt one down.  Then again, depending on your usage scenario, you might consider not responding to IPv6 a bug.
<koolhead11> kbrown90, did you checked this https://help.ubuntu.com/community/Postfix  before asking here ?
<koolhead11> can someone help me in modifying the topic here
<kbrown90> yes. I followed all the directions from there.
<kbrown90> When you install LAMP That should also include PHP right?
<koolhead11> yes
<kbrown90> my computer i use to test my webserver out on is trying to download my php files instead of displaying them... why?
<koolhead11> kbrown90, restart apache once
<koolhead11> http://howtoforge.com/installing-apache2-with-php5-and-mysql-support-on-ubuntu-9.10-lamp
<kbrown90> i just restarted the whole system. and it still doing it.
<koolhead11> see the link
<kbrown90> i well, i just got a lot of info from using the "info.php" thing, but my php forum is still not comming up. Could there be a problem somewhere else?
<koolhead11> kbrown90, is php5 running on php.info
<koolhead11> and also check the apache log
<kbrown90> It says "PHP Version : 5.3.5-1ubunntu7.2"
<koolhead11> kbrown90, well check the php code then. :)
<kbrown90> would earlier versions of PHP work if i run PHP5?
<kbrown90> can i install and run MySQL4 while running the newer versions as well?
<joschi> kbrown90: it's possible with some manual hacks, but you really shouldn't do this
<joschi> kbrown90: mysql 4 is veeery old and EOL
<qman__> kbrown90, make sure your forum software is up to date and PHP 5.3 compatible
<qman__> there were some major changes from PHP 4 and less major ones from 5.2
<qman__> which can break code
<rduran> Hi, I am having trouble to set master user authentication with dovecot. Here is 'dovecot -n' output http://pastebin.com/Mjufm8eS the problem is when I try to login with master user via imapsync authentication failed: Here is dovecot log with failed authentication: http://pastebin.com/p2wWGkTD
<rduran> master user "zimbra" is in "/etc/dovecot-passwd.masterusers". The problem is dovecot try to authenticate ldap user "example" with the master users password and fails.
<ONEZEROONEZEROON> ..
<uvirtbot> New bug: #799775 in python-gflags (universe) "[MIR] python-gflags" [Undecided,Fix committed] https://launchpad.net/bugs/799775
<metap0d> Hi everyone, I am using the HTML2PDF library to create PDF's with PHP. I have noticed that on my local machine these PDF's render in 2-3 seconds but over Ubuntu Server they take over a minute. Does anyone have any idea what could be causing this or how to improve performance?
<metap0d> I use the Google Charts API which is what takes so long .. but I am new to this and not sure what I should change
<metap0d> My server keeps using the loopback as interface, how could I change that to eth0?
<sabgenton> can you see what packages u installed with apt-get now days
<sabgenton> in desketop the software center tells you an install history
<sabgenton> aptituted does in /var/log/aptitude
<sabgenton> but I can't see anything in apt-get
<Pablito> hola buenas alguien me podria ayudar porfavor
<Pablito> alguien que hable spaÃ±ol
<Pablito> ?
<genii-around> !es | Pablito
<ubottu> Pablito: En la mayorÃ­a de canales de Ubuntu se habla sÃ³lo en inglÃ©s. Si busca ayuda en espaÃ±ol o charlar entra en el canal #ubuntu-es. Escribe "/join #ubuntu-es" (sin comillas) y dale a enter.
<Pablito> ok
<Pablito> amm
<koolhead11> has anyone tried phpmyadmin with debconf-set-selections
<koolhead11> SpamapS, ping
<DanaG> Say, anyone know of a setup that'll give me what FreeNAS does -- that is, a web interface, AND zfs?
<DanaG> Note that I don't absolutely need the web interface itself to expose ZFS.
<DanaG> Or rather, I'd want it to expose swapping drives, but not necessarily expose snapshots.
<JoeCoder> does anyone know a good channel to ask domain-related questions (A/MX records, subdomains, etc.) ?
<JanC> JoeCoder: searching teh channel list shows me a channel named #dns
<JoeCoder> thanks.
<uvirtbot> New bug: #805572 in bind9 (main) "package bind9 1:9.7.3.dfsg-1ubuntu2.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/805572
<JoeCoder> also, how do I search the channel list?
<JanC> depends what IRC client you use, in XChat it's in the Server menu
<JoeCoder> trillian has "browse channels" but there are thousands and not even alphabetized.  useless.
<JoeCoder> (and no search)
<JanC> no option to search?
<JanC> bah
<JanC> use xchat instead  ;)
<JoeCoder> I would if I spent more time on irc.  I'm here maybe 15 minutes a week.
<b0nghitter> i'm trying to follow https://help.ubuntu.com/community/FreeNX on ubuntu server 11.04, but there is no PPA repo for 11.04... can i get around this somehow without any problems?
<RoyK^> split splat splatter?
<JoeCoder> my server ran out of space.  How can I use the command line to see where all of the space went
<JoeCoder> something like df -R, if it existed
<StevenR> JoeCoder: you probably want "du"
<RoyK> why -R?
<StevenR> RoyK: recursive
<RoyK> yeah
<JoeCoder> -R is used for recursion in other commands
<RoyK> df looks at filesystems, not directories
<StevenR> JoeCoder: cd / ; du -h --max-depth=1
<StevenR> probably a start
<StevenR> man du for more info, it's quite powerful
<JoeCoder> aha, var/log/apache2 is 8GB
<StevenR> oops
<RoyK> lol
<JoeCoder> this is a test server; I've got only my own stuff running on it.
<StevenR> might want to look at log rotation and compression
<JoeCoder> still learning
<RoyK> JoeCoder: probably forgot to rotate the logs, I guess
<RoyK> as StevenR said
<JoeCoder> or I don't know how :)
<JoeCoder> i've heard about log-rotate?
<RoyK> man logrotate
<RoyK> hm... but iirc log rotation for /var/log/apache2 should be in there by default
<RoyK> of the file is named something.log
<DanaG1> Say, what's the difference between ubuntu desktop kernel and server kernel?
<RoyK> DanaG1: very little - server version uses lower HZ (ticks per second) and perhaps some other tweaks - that's about it
<RoyK> I guess NUMA may not be in the desktop version either
<DanaG1> And is there some ubuntu server web-interface app?
<RoyK> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<DanaG1> What's recommended now?
<RoyK> erm ... what's the other? the bot used to name it
<RoyK> !ebox
<ubottu> zentyal is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/Zentyal (Project formally known as eBox - including in Lucid/10.04).
<DanaG1> Packages are still named ebox.
<RoyK> ubottu: no, webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle  configuration files, and is likely to cause unexpected issues with your system.
<RoyK> ubottu: no, webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle  configuration files, and is likely to cause unexpected issues with your system, see !ebox instaed.
<RoyK> ubottu: no, webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle  configuration files, and is likely to cause unexpected issues with your system, see !ebox instead.
<ikonia> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<ikonia> RoyK: it already exists
<JoeCoder> var/cache/apt is 114MB.  Do I need to setup somethign to occasionally clear it?
<RoyK> ikonia: saying no, blah to ubottu gives it a correction
<ikonia> it doesn't need a correction
<RoyK> ikonia: a correction that needs to be approved
<ikonia> it doesn't need a correction
<RoyK> ikonia: it should be corrected to inform users about ebox, which it didn't
<ikonia> it doesn't need it
<RoyK> obviously not, but sometimes it's better to inform users directly about alternatives than telling them to FGFI
<ikonia> not when ebox has caused almost as many problems in the past - it's missed off for a reason
<DanaG1> hmm, then what else is recommended?
<ikonia> options are limited
<DanaG1> I'm pondering between Ubuntu Server and FreeNAS.
<DanaG1> The latter has ZFS and a nice web interface, but the former has support for things like amd64_edac.
<DanaG1> And boatloads more packages.
<JoeCoder> 8GB is pretty big for a server that only I use.  apache's error.log was 8GB.  Every entry seems to be: "mysql: Error reading file 'UNOPENED' (Errcode: 22)"  I think it got stuck in some kind of loop, but I don't know what caused it.
<RoyK> anyone here using ZFS fuse on ubuntu?
<RoyK> I hear the write performance is rather horible...
<ikonia> unless it's native....it sucks
<JoeCoder> apache's error.log is growing at a rate of 3MB per second
<JoeCoder> tail error.log
<DanaG1> I once used ntfs-3g to copy to a nearly-full, highly-fragmented drive.
<ikonia> JoeCoder: what's hitting that ?
<ikonia> JoeCoder: turn the debug level down ?
<DanaG1> It seriously went down to BYTES per second.
<DanaG1> s/seriously/actually/
<JoeCoder> all of the entries are, "mysql: Error reading file 'UNOPENED' (Errcode: 22)"
<RoyK> JoeCoder: tail -f
<ikonia> JoeCoder: whats referencing that file ?
<RoyK> should be the apache processes
<JoeCoder> I don't have a file named "UNOPENED"
<RoyK> lsof error.log
<JoeCoder> lsof ?
<RoyK> list open files
<RoyK> lsof gives you  then PIDs keeping a file open
<JoeCoder> had to install it.
<JoeCoder> https://gist.github.com/febf747ffe1c35e82883
<JoeCoder> apache is using mod-suexec and php with fastcgi
<RoyK> error.log.1?
<RoyK> that's the rotated one
<JoeCoder> that's the one that is being written at 3MB/sec.  I mistyped before.
<RoyK> JoeCoder: any idea why sh/mysql is keeping that file open?
<RoyK> do you have a cron job using it or something?
<JoeCoder> nope
<RoyK> which version of ubuntu is this?
<JoeCoder> php calls the mysql and sh commands.
<JoeCoder> 10.04
<JoeCoder> I'll take a look at my php code that invokes those.
<RoyK> JoeCoder: then it seems one of them is doing something like a tail -f and isn't killed on logrotate
<JoeCoder> does logrotate rotate based on time or size?
<RoyK> JoeCoder: you might want to change the logrotate post script
<DanaG1> hmm, are there documented cases of ebox breaking things?
<StevenR> JoeCoder: kinda both.
<RoyK> JoeCoder: usually time, once a day or once a week or so
<RoyK> depending on the settings
<RoyK> but if some processes keeps the file open, and the postrotate script doesn't do its job, the process (apache) will keep logging to the same file even though the filename's new
<JoeCoder> this log continues to be written at 3MB/sec even after mysql and apache have been stopped
<RoyK> in unix, the filename is merely a pointer after all
<JoeCoder> maybe I have a runaway shell script.
<RoyK> why would a shell script _write_ to that file?
<JoeCoder> I have no idea
<JoeCoder> same for mysql
<RoyK> well, track down whatever's filling up your drive and kill it
<JoeCoder> the php code calls a shell script and mysql; maybe apache redirects their output before they're invoked.
<RoyK> and perhaps use nagios/icinga to monitor the drive fill so that you get an alarm before the disk is full
<DanaG1> Really, does ebox break stuff?
<JoeCoder> it was a call to the mysql command line utility I had made to import a database dump, called from php
<RoyK> DanaG1: search the net, the bug database etc - personally, I only use the commandline for managing unix machines
<DanaG1> oh, and that ebox looks like it's intended to serve as a router.
<JoeCoder> so it must have had its output redirected to that file by apache
<JoeCoder> mystery solved, except for why mysql got stuck in that loop.
<RoyK> DanaG1: ebox isn't a router, but I guess there might be stuff in there to configure linux as a router :P
<DanaG1> I already have Tomato as my router.
<DanaG1> s/as/on/
<RoyK> DanaG1: then don't use your server as a router :P
<DanaG1> hmm, so anyway, here are the use cases I need most: ssh server, samba, and backups -- using ZFS, I want snapshots.
<DanaG1> And a Deluge server.
<DanaG1> Maybe I don't all that much need a web interface, after all.
<DanaG1> s/ all that//
<RoyK> DanaG1: if you plan to use zfs, you might want to test openindiana - things get a little faster when zfs is native...
 * RoyK has some 350TB on ZFS on openindiana - works rather well...
<DanaG1> What's the userspace like?
<DanaG1> Oh yeah, random amusing thing found in a user manual for the SuperMicro atom board:
<DanaG1> System Management Architecture for Server Hardware.
<DanaG1> SMASH.
<DanaG1> I don't want a SMASH anywhere near my server!
<RoyK> supermicro has ATOM boards?
 * RoyK didn't know
<DanaG1> X7SPA / X7SPE.
<DanaG1> No ECC, though.
<DanaG1> I decided to go with an HP MicroServer instead.
<DanaG1> the cost for Atom + case + drive tray + psu is greater than the cost for the Microserver.
<DanaG1> And no ECC.
<RoyK> DanaG1: you won't get ECC without a CPU that can handle it
<DanaG1> Right.  The Athlon II Neo N36L does support ECC.
<RoyK> most CPUs have the memory controller built-in these days, and Intel only supports ECC on Xeons
<RoyK> for AMD it's a different and more happy story :)
<DanaG1> Now if only AMD would make an IPMI chip that had a basic Radeon in it...
<DanaG1> So you could get KMS on KVM, instead of garbage ASPEED or Matrox.
<DanaG1> At that point, I'd rather use ssh or serial console.
<RoyK> DanaG1: using a remote graphical console?
<DanaG1> am I?  Right now I don't have the IPMI card for the thing.
<RoyK> but are you using X?
<DanaG1> Right now, I have FreeNAS on a USB drive, and an old Ubuntu desktop install on the data drive.  (I have another drive coming tomorrow).
<DanaG1> So, I do have X, but I don't anticipate much needing it for admin stuff.
<RoyK> just try openindiana text install instead
<RoyK> you won't need the fancy X stuff anyway
<Utopiah> hi #ubuntu-server
<Utopiah> I install lighttpd on natty/11.04, I can start it without problems via lighttpd -f /etc/lighttpd/lighttpd.conf but /etc/init.d/lighttpd start returns "Warning: Fake start-stop-daemon called, doing nothing." which I suppose happen because it's using an empty initctl rather than initctl.REAL so I thought I should use upstart thus service but that's the same, it uses start-stop-daemon  and not start-stop-daemon.REAL so now Im lost
<Utopiah> (the goal is to have lighttpd start at boot, using /etc/rc.local failed too)
<pmatulis> Utopiah: i believe there is a switch you need to toggle in the lighttpd conf file
<pmatulis> Utopiah: actually, disregard
<Utopiah> the lighttpd conf file given by the Ubuntu default package if for init.d rather than upstart as far as I can tell
<Utopiah> (but then I just discovered upstart today so I might be completly wrong)
<Utopiah> exact output is http://pastebin.com/raw.php?i=TJ6Y0Xw4 btw
<pmatulis> Utopiah: that link is bad
<Utopiah> I make it die too soon, sorry http://pastebin.com/raw.php?i=4cqHQKLi
<pmatulis> Utopiah: maybe pastebin the upstart job
<uvirtbot> New bug: #805661 in ntp (main) "NO reference clock support.  I need Oncore ref clock support in ntp." [Undecided,New] https://launchpad.net/bugs/805661
<donnie> Lot of people here suggest to use ssh for everything. I just setup a Ubuntu Server. I want see it as network drive on my local network on both Ubuntu and windows installation. Is it possible to mount ssh as a network drive on windows? Or i should just use samba.
<Utopiah> http://pastebin.com/WRFVaesh
<greppy> donnie: use samba for local shares.
<donnie> @greppy thanks. i completely messed up my smb.conf reinstalling samba wouldn't rewrite it so i deleted the samba folder. Now it seems it is gone permanently. Any way to get it back
<ascheel> Is there a way to pull a list of all installed packages from an Ubuntu installation that is accessible but unbootable (turned into a USB drive since it won't boot).  All files look good to go.
<greppy> donnie: uninstall and purge and then reinstall
<greppy> donnie: this would also be why backups are so prized, even for "it's just a little edit, no big deal..."
<qman__> ascheel, chroot, dpkg -l
<ascheel> qman__: gotcha
<ascheel> qman__: seems to have worked just dandy.  Thanks!
#ubuntu-server 2011-07-05
<DanaG> hmm, I looked into OpenIndiana, and it looks like there's no Deluge for it...
<DanaG> SO I may just go with Ubuntu.
<jMCg> DanaG: if you're scared to build software yourself, you should stay away from Solaris
<DanaG> Not scared to build it; just don't know clearly that it'll compile.
<jMCg> DanaG: it's python
<jMCg> http://projects.archlinux.org/svntogit/packages.git/tree/deluge/trunk/PKGBUILD
<jMCg> This is how it's built
<DanaG> ah.  Is there a more relevant channel for OpenIndiana?
<DanaG> Because it's off-topic for here.
<jMCg> #OpenIndiana I would persume
<jMCg> But I'm only into Solaris.. haven't looked at it yet
<DanaG> ah, yeah, #openindiana does exist.
<DanaG> I've just seen plently of projects that don't have IRC channels like that.
<MACscr> I have an ubuntu server runny natty and for some reason, the messages log is no longer being used. Not only is the log not be added to, but it actually doesnt exist. Not sure if one of the other admins deleted it during troubleshooting or what, but i need to get this resolved. Should the rsyslog service be automatically creating that file if it doesnt exist?
<MACscr> im seeing the following error in /var/log/syslog when i restart the rsyslog service: rsyslogd-2039: Could no open output pipe '/dev/xconsole' [try http://www.rsyslog.com/e/2039 ]
<MACscr> but that url it linked to is pretty worthless
<pmatulis> MACscr: i don't think there *is* a messages nor a daemon.log file in natty
<MACscr> oh, really? why would they remove such a basic log?
<pmatulis> MACscr: heh
<qman__> probably to consolidate or organize
<qman__> since previously (currently?) we have messages, syslog, and daemon.log
<qman__> which are all pretty generic
<MACscr> but messages is pretty universal to linux distros isnt it?
<qman__> not any more than syslog or daemon.log
<qman__> perhaps more than daemon, but only a little
<qman__> they don't really have well defined specific purposes, and overlap
<qman__> so I can see why they'd want to consolidate
<qman__> of course I'm just speculating here
<MACscr> i guess 90% of my experience is with centos, so just always used to looking towards the messages log. I never used the other two
<qman__> all my systems run lucid, and I am not/do not know personally the decision maker
<MACscr> any ideas on this error though? rsyslogd-2039: Could no open output pipe '/dev/xconsole'
<qman__> sorry, haven't seen that one before
<qman__> I'd look into what package or system provides /dev/xconsole though
<qman__> if that's a stock configuration, anyway
<twb> MACscr: that's normally, just turn it off unless you are running X
<twb> s/lly/l/
<twb> MACscr: on Debian and Ubuntu, looking at /var/log/syslog and /var/log/auth.log will capture everything logged via syslog by default.
<twb> MACscr: of course other tools like apache, squid and friends will ignore syslog by default, making centralized logging of them unnecessarily annoying :-/
<Pr0zoid> I have an interesting issue.  I'm running a openvpn and for some reason the ubuntu firewalls kick in after a few days of normal operation and prevent users from access external sites.  the strange thing is i have not made any changes to the iptables and in order to enable the users to hit the outside once they are connected i have to run this script : http://pastebin.com/TTqADfsm
<twb> Pr0zoid: you should be using an iptables-restore script.   Calling iptables(8) is vulnerable to race conditions.
<twb> Pr0zoid: are you using ufw?
<Pr0zoid> twb: now your pushing the little knowledge i have..
<Pr0zoid> what's the best way to resolve / avoid the race conditions
<Pr0zoid> do i need to kill iptables and start fresh?
<twb> Pr0zoid: #netfilter for that discussion
<twb> Here is an example I prepared earlier: http://cyber.com.au/~twb/doc/iptab
<Pr0zoid> okay will take a look
<Pr0zoid> thanks for the help!
<twb> (Note: #netfilter concerns direct use of netfilter/iptables; for e.g. ufw you need to talk about it here.)
<Pr0zoid> yes i was using ufw initially
<twb> Is it still enabled?
<twb> It wouldn't surprise me if ufw reloads itself when a new network interface is added, e.g. when the openvpn connection falls over and brings itself back up
<Pr0zoid> i tjhink so
<Pr0zoid> you know what..
<Pr0zoid> that could be it..
<Pr0zoid> should i just disable it?
<twb> If you are manually creating/manipulating the firewall, ufw should not ALSO be on
<twb> Obviously if you disable ufw you should ensure you still have appropriate rules to e.g. not allow arbitrary connections.
<Pr0zoid> my plan was to re-run my script
<Pr0zoid> (but then convert it to a restore)
<Pr0zoid> script instead
<twb> Assuming ufw is disabled, you should talk to #netfilter about your script
<Pr0zoid> k
<lei_> Hey, is Dave Walker here?
<twb> Who wants to know
<lei_> Me, a new comer. I am  fixing the bug https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/690042, and i found that Dave confirmed it, so i want to ask him some question for help~
<uvirtbot> Launchpad bug 690042 in libvirt "libvirtd tries to disable ipv6's accept_ra even when ipv6 is disabled outright in the kernel" [Medium,Confirmed]
<lifeless> Daviey: ^ :)
<lifeless> lei_: he will be asleep at the moment
<goddard> i have a multi user enviornment with many shell accounts how can i setup private key files?
<blkperl> goddard: use a configuration manager like puppet or chef
<goddard> can a pure shell account have its own private key?
<blkperl> what are you trying to achieve?
<goddard> just more security
<goddard> i have a shell account but dont have access to the .ssh directory they tell you to put it in
<goddard> just my virtual server directory
<blkperl> if you put a public key in .ssh/authorized_keys then you can access the account with the corresponding private key
<goddard> even with a jailkit?
<blkperl> no clue, depends on the configuration im guessing
<goddard> ahh
<goddard> sourceforge has it setup like that some how
<goddard> wonder how they do it
<r4`> so ive been working on/setting up a clonezilla server on ubuntu server 10.04 LTS. when i have a toshiba tecra r840 boot via PXE into the clonezilla enviroment, some weird things happen. essentially, the boot process starts and near the end the clonezilla enviroment starts, then the screen is overwritten with more boot msgs (or goes blank if i set certain kernel boot parameters).
<r4`> could this be a video issue?
<r4`> it is a new laptop and has a radeon card
<twb> That sounds like usplash is doing its thing :-(
<twb> Try removing "splash" from boot options?
<r4`> its not in there
<twb> Also framebuffer is turned on by default, try blacklisting it
<r4`> well it might be elsewhere...should i be looking at the boot parameters for ubuntu as well as the PXE kernel image boot parameters?
<twb> Wait, clonezilla is a PXE server?
<twb> I thought it was a glorified dd
<r4`> can be ran as one
<r4`> but essentially it is still a glorified dd
<r4`> clonezilla SE is a bitter different than live
<r4`> s/bitter/bit
<twb> Is there a "user story" template on the wiki somewhere?
<twb> I want to steal the layout for an in-house document at work.
<RoyK> user story?
<lei_> Is Daviey here? I need your help!
<twb> RoyK: it's this daft XP thing
<twb> RoyK: instead of a requirement like "users MUST be able to log in" you say "fred is a user, and he wants to log in, so he tries to and it works"
<yann2> hello! am looking for the guy who does hw certification @canonical... anyone knows where I might find him?
<twb> http://www.canonical.com/about-canonical/contact lists a bunch of contact details, I'm guessing you want "OEM" or possibly "support"
<twb> There might also be a #canonical.
<twb> I'm just a user, so these are only guesses.
<Roxyhart0> hi there, i just update my server from 9.10 to 10.04 and now dovecot doesn work...it is not starting when i do also ini.d/dovecot start. somebody know if there is any changed in the version 10.04 regars to the configuration?
<yann2> thanks twb
<uvirtbot> New bug: #805878 in bacula (main) "package bacula-director-mysql 5.0.3-0ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/805878
<sodoscar1> Hi there, I'm having trouble pointing to my webserver from my laptop in order to install drupal7 using the install.php script.  can anyone help me with this please?
<sodoscar1> sorry i should mention i'm trying to access using firefox
<sodoscar1> I should also mention that the #ubuntu support channel directed me here with my query
<sodoscar1> quiet bunch in here :-[
<EricJ> sodoscar1: I'm not sure I understand the question. You can't reach your web server?
<sodoscar1> EricJ: thats right.  I'll try and elaborate for you.  I've installed apache2/mysql/php5 on my server which is part of my home network.  I am trying to install Drupal7 which i've already downloaded and unpacked, I open up firefox and try to point to the file by typing the url : http://192.168.1.1/drupal/install.php  and I get an error saying "Firefox can't establish a connection to the server at 192.168.1.1."
<sodoscar1> * file = install.php script
<EricJ> sodoscar1: is apache running correctly? If you (from the server) fire up (for example) lynx and point it towards localhost, it should say "It works!" or similar.
<EricJ> If it does, then it's almost certainly a port forwarding issue.
<sodoscar1> i've never used lynx before would you mind typing the command for me to enter please Eric?
<EricJ> sodoscar1: I reckon `lynx localhost` should do it.
<EricJ> in case it isn't installed, check `wget localhost`
<sodoscar1> just installing it now
<sodoscar1> ooh thats interesting.. i get an alert saying unable to connect to localhost
<EricJ> sodoscar1: IIRC, apache writes its log files to /var/log/apache2/.
<EricJ> Take a look and see if you get anything meaningful from there.
<sodoscar1> ok i'll have a quick look now
<sodoscar1> sod@theta:~$ sudo tail /var/log/apache2/error.log -f
<sodoscar1> <br />
<sodoscar1> <b>Warning</b>:  Directive 'magic_quotes_gpc' is deprecated in PHP 5.3 and greater in <b>Unknown</b> on line <b>0</b><br />
<sodoscar1> <br />
<sodoscar1> <b>Warning</b>:  Directive 'register_long_arrays' is deprecated in PHP 5.3 and greater in <b>Unknown</b> on line <b>0</b><br />
<sodoscar1> <br />
<sodoscar1> <b>Warning</b>:  Directive 'magic_quotes_gpc' is deprecated in PHP 5.3 and greater in <b>Unknown</b> on line <b>0</b><br />
<sodoscar1> <br />
<sodoscar1> <b>Warning</b>:  Directive 'register_long_arrays' is deprecated in PHP 5.3 and greater in <b>Unknown</b> on line <b>0</b><br />
<sodoscar1> <br />
<sodoscar1> <b>Warning</b>:  Directive 'magic_quotes_gpc' is deprecated in PHP 5.3 and greater in <b>Unknown</b> on line <b>0</b><br />
<sodoscar1> is that what you meant for me to do Eric?
<EricJ> Just seems like a bunch of warnings.
<EricJ> However, those are php warnings. Generated by drupal, by any chance?
<sodoscar1> well i haven't installed drupal yet as i'm unable to run the install script
<EricJ> ah
<EricJ> sodoscar1: well, do double-check the apache config file. Something like /etc/apache2/httpd.conf, I think.
<sodoscar1> ah this may have something to do with it perhaps:  sod@theta:~$ sudo service apache2 restart
<sodoscar1>  * Restarting web server apache2                                                 Syntax error on line 21 of /etc/apache2/sites-enabled/000-apps.vhost:
<sodoscar1> Wrapper /var/www/php-fcgi-scripts/apps/.php-fcgi-starter cannot be accessed: (2)No such file or directory
<EricJ> Oh, nice. :)
<sodoscar1> I did have ISPconfig installed many moons ago but I removed it
<EricJ> sodoscar1: well, if you do manage to get apache running, you should be well on your way. :)
<sodoscar1> i'm going to try reinstalling and reconfiguring and I'll see what happens from there.. perhaps I removed something inadvertently when i removed ISPconfig... thanks for your time Eric! :)
<EricJ> sodoscar1: best of luck!
<sodoscar1> EricJ: sorted with a remove/clean/reinstall... thanks again for your time my bro
<uvirtbot> New bug: #805901 in cobbler (universe) "cobbler failed to purge" [Undecided,New] https://launchpad.net/bugs/805901
<max06|work> good morning. I'm running ubuntu server 10.04 LTS on some machines. On RHEL for example, yum changelog [packagename] returns the changes between the installed and the available version. Is there a similar way on ubuntu?
<max06|work> ah... found it... it's aptitude changelog [package], not apt-get changelog [package] -.-
<Pici> max06|work: I also use the apt-listchanges package, that will give you the changelogs when you upgrade packages using apt.
<max06|work> that sounds good! It might save some time :D
<Ursinha> morrrning
<max06|work> Pici, execute it with apt-listchanges --apt ?
<Pici> max06|work: It should automatically come up when you're running apt-get (dist-)updgrade
<max06|work> Mhmm... this should work with apt-get -s (simulate) upgrade, too?
<max06|work> I need to check the updates before installing... ah...
<airtonix> wow ispconfig? lawl that doesn't install in a standard way, so yeah. drop that and re-install
<Pici> I'm not sure :/
<max06|work> It appears before or after the "Do you want to continue?"-Question? ^^
<max06|work> I'm not able to install the updates on the servers without checking the changelogs.. they are too important, risk is to much
<max06|work> Pici, i'm stupid... it works, it asks after displaying the infos for each package
<max06|work> thanks :)
<uvirtbot> New bug: #805937 in samba (main) "smbd segfaults at least twice a day" [Undecided,New] https://launchpad.net/bugs/805937
<cjs> So, I did a do-release-upgrade on my 10.10 server (a virtual host running under KVM) and now when it boots I just get a grub prompt. (It's grub 1.98-ubuntu6.) I don't recall if this was originally a 10.04 system upgraded to 10.10 or if it was an install of 10.10. Any thoughts on where I should go from here?
<pmatulis> cjs: re-install grub?  re original install, you can boot into a recovery session and look under /var/log/installer
<cjs> pmatulis: So, you're saying boot an 11.04 CD-ROM image and use the recovery tools there to re-install GRUB?
<pmatulis> cjs: that may work, yeah.  fyi, you should get a menu with an entry for re-installing grub
<cjs> Right; I'll start with that.
<cjs> I'm thinking the issue is that 10.04 used Grub 1.98, but 10.10 onwards used Grub 2.
<Voziv> AH, I was asking in the wrong channel apparently. Is there a page outlining the difference between server versions? I'm trying to decide on installing 10.04 vs 11.04
<patdk-wk> pretty easy there
<patdk-wk> install 10.04
<patdk-wk> unless you want to upgrade it ever 9 to 12 months
<Pici> 10.04 has 5 years of server support, 11.04 has only 18 months.
<cjs> 11.04 will have newer stuff, but outside of the kernel, you're often better off building your own versions of server software (e.g., Apache, PHP) if you need to remain close to the cutting edge, rather than depending on your distro to keep up to date with everything you need.
<Voziv> Sorry, I should have mentioned I already know about the LTS support, but feature wise I wanted to know if it was worth upgrading
<cjs> That's what I do, running 10.04 on most of my servers, though I also have a test server on the most recent release for testing my applications.
<Ursinha> Daviey: hello
<cjs> Voziv: for what do you use your server?
<Voziv> Currently I believe we have 10.10. But I'm going to be creating another and I'm leaning towards 10.04 for LTS
<cjs> Is there a URL where I can directly download ubuntu-11.04-server-amd64.iso? That's going to be faster than copying this bittorrented copy off my laptop to my local server via WiFi.
<Daviey> Ursinha: Hello!
<Daviey> How are you doing this lovely fine day?
<Ursinha> Daviey: do you really want to know? :P Ubuflu got me hard
<Voziv> cjs: I just reread your your question. The one I'm currently doing is going to be used as a webserver
<Daviey> Ursinha: sorry to hear that
<Voziv> Is there any specific way I should be building software? I'm personally used to gentoo when it comes to configuring software as portage compiled the software itself
<TREllis> Daviey: anything I need to do for https://bugs.launchpad.net/bugs/800543
<TREllis> ?
<uvirtbot> Launchpad bug 800543 in dbconfig-common "Installing zabbix-frontend-php fails in noninteractive mode" [Medium,Confirmed]
<Daviey> TREllis: will look shortly
<cjs> Voziv: I'd definitely suggest you go with 10.04 and either stick to running "older" versions of software, or build yourself anything that needs to be a newer version than what's in the 10.04 packages.
<TREllis> Daviey: thanks
<Voziv> cjs: will do :)
<cjs> Do I want to re-install grub to /dev/sda or /dev/sda1?
<cjs> I'm guessing the former....
<patdk-wk> normally /dev/sda
<patdk-wk> unless your doing a dual-boot thing
<cjs> Not at all. Thanks.
<cjs> Well, let's see if that did the trick.
<Daviey> TREllis: debdiff looks flawless
<Daviey> uploading now.
<cjs> Ah, much better so far! But I note that even 11.04 is still using Grub 1.99. I had thought that Ubuntu started using Grub 2.0 at some point.
<Pici> grub 1.98 = grub2
<serge_> Daviey: good morning.  have you had any time to recompile your list of grievances over the spice packages for universe?
<TREllis> Daviey: wooo
<Pici> cjs: grub 0.97 = grub1.  grub 1.99~rc1 = grub2
<cjs> Ah!
<Daviey> serge_: good point! will get onto that shortly
<cjs> I mean, Doh! :-)
<Daviey> serge_: How are you doing btw?
<Daviey> TREllis: BTW, if you subscribe ubuntu-sponsors, it shows up on the sponsoring queue :)
<serge_> Daviey: good, good.  bad day connectivity-wise, may have to head to a coffee shop for today's mtg
<jamesiarmes_> I have a customer who notified us this morning that they could not access their we application. When I logged into the server I found considerably more apache processes than usual, but it still should not have been enough to bring down the server. I stopped apahce and found that there were still 114 processes in uninteruptable sleep, some of which started on Sunday. I killed the processes and started apache and they can access their application
<jamesiarmes_> but not over SSL (we use GnuTLS). Looking through the logs, I found that I have been getting the following error since about the time many of those processes started: "PANIC: fatal region error detected; run recovery". I am still getting the error now but I can't determine what it means. Above all of those errores is starts with: http://paste.ubuntu.com/638439/ Everything I found on Google had to deal with LDAP and DBD but we don't use either.
<TREllis> Daviey: cool
<zul> oh right we have a meeting today
<TREllis> Daviey: need to follow the SRU wiki guidelines too I guess?
<pmatulis> jamesiarmes_: sounds like a poorly written application.  what is it?  'we application'?
<jamesiarmes_> sorry, that was supposed to be "web application"
<Daviey> TREllis: I added regression potential, the other aspects i believe are covered.
<jamesiarmes_> I found the problem, the gnutls cache file became corrupted somehow. I just can't imagine how'
<Daviey> smoser: around?
<Daviey> Meeting starting in 4 mins in #ubuntu-server. EOF
<pmatulis> nice!  "Fetched 6,620kB in 0s (12.0MB/s)"
<Daviey> adam_g, serge_, utlemming, smoser, RoAkSoAx, jamespage, smoser, zul... and others, all set?
<jamespage> Daviey: are you not 1 hour ahead of yourself?
<Daviey> crikey.. you are correct.  I'm working on UTC today it seems, you are on UTC+1
<Daviey> :)
<r4`> is there a kernel parameter to stop upon an error in a boot msg? if not anyone know how i could dump all of the boot msgs from a pxe boot to a log file?
<r4`> my searches are failing me
<zul> Daviey: uh?
<Daviey> zul: i suck.. I'm on UTC today, not UTC+1.
<zul> Daviey: ah
<zul> Daviey: you need a flavor flav clock to keep track
<Daviey> i need a coffee i think
<cjs> You need to specify your meeting times in UTC.
<Daviey> cjs: we do.. but my UTC clock seems to be suffering an off by one error locally.
<cjs> Just move the rest of your life to UTC as well and then you'll more easily notice such errors. :-)
<zul> cjs: his life is based on utc
<ruben23> hi any idea what is the time execution of this script based on its cron schedule ---> 2,5,8,11,14,17,20,23,26,29,32,35,38,41,44,47,50,53,56,59 * * * * /usr/share/astguiclient/AST_CRON_audio_3_ftp.pl --MP3
<Utopiah> ruben23: */3 * * * * no?
<ruben23> Utopiah:  is this every 2 hours..?
<ruben23> can you ready what is the time schedule of this cronjob
<Utopiah> I think every 3 minutes
<ruben23> Utopiah: so this script runs every 3 minutes right..?
<pmatulis> ruben23: looks like it, yes
<ruben23> how to make it every 2 days
<Ursinha> Daviey: do you recall... a wiki page..... that you said you'd edit on Monday...?
<Ursinha> :)
<Daviey> Ursinha: yes!
<Daviey> ( Ursinha, i said Monday or Tuesday :P
<Ursinha> yeah... slacker
<Ursinha> :P
<Daviey> noted.
<Ursinha> Daviey: what time is the irc meeting again? just realized my google calendar didn't change to my timezone when I first opened it, so I wonder if all the meetings are... in the past, maybe
<Ursinha> pgraner: hello
<Daviey> Ursinha: on the next hour.
<Ursinha> Daviey: can you invite me for the current meetings we have? I think it's better than just copy them to my calendar
<Ursinha> please? :)
<Ursinha> Daviey: soon you'll regret working with me... hahahahaha
<Ursinha> hggdh: tarde
<Daviey> golly
<Daviey> done
<Ursinha> thanks!
<pgraner> Ursinha, howdy
<hggdh> Ursinha: buenas :-)
<Utopiah> ruben23: 59 00 * * */2 I guess
<ruben23> Utopiah: whats the function of /2  ..?
<patdk-wk> run every other day
<Daviey> Ursinha: added a first scratch
<Ursinha> Daviey: thanks
<Ursinha> hggdh: hey, can you add yours here, if you have a few minutes? https://wiki.ubuntu.com/Quality
<Daviey> Ursinha: more to follow
<Daviey> RoAkSoAx: you don't need to ask permission to send me a PM :)
<V7|RTK> hello
<V7|RTK> could I make more than 1 virtual host on my local machine?
<alamar> you can make as many virtual hosts as you like
<patdk-wk> assuming you have enough ram
<V7|RTK> but how could I refer to them I my browser?
<alamar> ?
<alamar> first you should explain the domain we are talking about
<patdk-wk> via their name :)
<V7|RTK> I have a default, then localhost, what about others?
<alamar> apache vhosts? virtualised systems?
<alamar> so it's apache..
<alamar> apache has a quite thorough documentation about its vhost system
<alamar> with a lot of examples
<alamar> to just copy and paste and not even care what else is being explained or how it works
<alamar> http://httpd.apache.org/docs/2.2/en/vhosts/
<alamar> http://httpd.apache.org/docs/2.2/en/vhosts/examples.html
<V7|RTK> thank you
<alamar> .o(maybe I should use sarcasm tags)
<alamar> np
<V7|RTK> :)
<van7hu> van7hu kaka
<van7hu> http://httpd.apache.org/docs/current/mod/mod_include.html
<van7hu> I follow that link to enable SSI, is there any strange thingy with ubuntu?
<van7hu> this is my httpd.conf, http://pastebin.com/RHXWvchx
<TheEvilPhoenix> van7hu, where are you trying to include stuff within?  PHP?
<van7hu> TheEvilPhoenix, sorry, I am n00b, could you explain more?
<TheEvilPhoenix> nevermind
<TheEvilPhoenix> *checks package lists*
<TheEvilPhoenix> did you google for this?  this ubuntuforums thread seems to be about this issue: http://ubuntuforums.org/showthread.php?t=64345
<van7hu> ah, I am sorry, I mis-posted the link, it should be: http://httpd.apache.org/docs/current/howto/ssi.html
<caedmon> does anyone here have experience installing ubuntu server 10.04 on a dell poweredge 2850?
<TheEvilPhoenix> caedmon, something you missed from the main ubuntu channel: schnuffle> +caedmon: they changed there raids from something called PERC X to H200/300
<TheEvilPhoenix> damn that + before text!  *beats his ZNC*
<caedmon> oh i did miss that
<Daviey> utlemming: Hey.. would you be able to confirm bug 791850 is still valid on the daily?
<uvirtbot> Launchpad bug 791850 in linux "oneiric cluster compute instances do not boot" [Undecided,New] https://launchpad.net/bugs/791850
<adam_g> RoAkSoAx: ping
<RoAkSoAx> adam_g: pong
<adam_g> RoAkSoAx: heya. theres more drbd8 dkms build failures in the HA bug queue. just wondering if you knew how people end up automatically attemtping to buildi drbd against a kernel that already has it in tree?
<RoAkSoAx> adam_g: thge error is becuase all of them are trying to install drbd-source on a non-standard kernel
<RoAkSoAx> adam_g: so it some cases it seems that some have their custom kernel, in some others looks like a backport
<RoAkSoAx> backported kernel*
<adam_g> RoAkSoAx: thats what i figured. so those bugs are invalid?
<RoAkSoAx> adam_g: yeah for the most part I'd say yes
<Daviey> utlemming: are you here?
<cap_00> someone remind me why one user has colors and the up arrow repeats commands on the command prompt (from putty.exe) and another doesn't?
<pmatulis> cap_00: the shell
<pmatulis> cap_00: echo $SHELL
<cap_00> hmm.
<cap_00> i know i changed the settings somewhere i just don't remember how to get back
<cap_00> there..
<cap_00> ~/.bashrc ?
<RoyK> ~/.$(SHELL)rc
<uvirtbot> New bug: #806167 in qemu-kvm (main) "CVE-2011-2212" [Medium,In progress] https://launchpad.net/bugs/806167
<Daviey> utlemming: Are you here?
<uvirtbot> New bug: #806176 in nova (universe) "/usr/lib/pymodules/python2.6/nova/network/manager.py", line 558, in create_networks" [Undecided,New] https://launchpad.net/bugs/806176
<Aison> hello, i'm search a USER ORIENTED ;)  webfrontend for ldap accounts. A user can login with it's password and can change email address, the password itself, name, etc...
<stgraber> Aison: you may want to look at GoSA. It can be configured to do what you describe (you'd need to create an ACL allowing all users to edit their personal details and password)
<Aison> ok, that's fine
<cap_00> should i be putting something in the (shell) ?
<cap_00> gtg
<uvirtbot> New bug: #806197 in squid (main) "package squid 2.7.STABLE9-2.1ubuntu6 failed to install/upgrade: el subproceso instalado el script post-installation devolviÃ³ el cÃ³digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/806197
<KtL-llll> Whenever I make a file in the /var/www directory I need to edit permissions using chown and chmod before it can be accessible via http is there a way I can automatically set the right permissions to any new files?
<willichan> I have been googleing around for a couple of days.  I need to set up XDMCP for some of our Windows users to run applications on the server from their desktops.  They are already set up to do it for our IBM servers, so I don't want to switch to a different method for the Ubuntu server.  Does anyone know where to find instructions for enabling XDMCP on an Ubuntu 11.04 server?  Older instructions don't seem to apply.
<patdk-wk> willichan, might want to try #ubuntu, don't use gui's in here
<willichan> @patdk-wk:  was recommended in #ubuntu to check in here.
<patdk-wk> how odd :)
<RoyK> willichan: there's no way to enable XDMCP on ubuntu server - it should work if you just install xterm
<RoyK> willichan: it just needs the x11 libs and xauth and configured x11 over ssh
<RoyK> that's all
<willichan> @RoyK: Thank you
<RoyK> willichan: install xeyes - that's my favourite test a pp
<RoyK> test app
<RoyK> if that grabs all sorts of x11 libs, you'll probably need to log out and in to make x11 work
<RoyK> when done, just install xming and configure putty to do x11 forwarding, login, start xeyes
<patdk-wk> there is no way to do xdmcp in 11.04 at all?
<soren> gdm still supports it, doesn't it?
<patdk-wk> gdm did in 9.10 atleast :)
<soren> GDM has supported XDMCP for many years.
<soren> I remember using it in 2002-ish.
<soren> Probably earlier, too.
<willichan> @RoyK:  Thank you.  Loading xeyes with dependancies sounds like a simple enough way to set up the x11 libs.  Do you know where I would need to enable the XDMCP though?  X11 libs and GDM don't enable it by default (10.04 and up at least).
<willichan> I have tried it on Ubuntu desktop as well as server for versions 10 and 11.
<willichan> I have not found XDMCP in any of the config utils.  My IBM servers have it enabled by default.
<patdk-wk> heh? just edit /etc/gdm/gdm.schemas
<patdk-wk> probably to start, change this to true
<patdk-wk>     <schema>
<patdk-wk>       <key>xdmcp/Enable</key>
<patdk-wk>       <signature>b</signature>
<patdk-wk>       <default>false</default>
<patdk-wk>     </schema>
<patdk-wk> and restart gdm
<willichan> @patdk-wk:  Thank you.  I will give that a go.
<ezrtyuiop> hello
<ezrtyuiop> what is the easiest way to install smtp server ?
<qman__> ezrtyuiop, apt-get install postfix
<adam_g> zul: ping
<ezrtyuiop> this is the error what i got during installation of postfix
<ezrtyuiop> E: Sub-process /usr/bin/dpkg returned an error code (1)
<ezrtyuiop> what to do qman__  ?
<qman__> find the actual error, higher up in the list
<ezrtyuiop> dpkgÂ : erreur de traitement de cacti-cactid (--configure)Â :
<qman__> that's only part of it
<qman__> pastebin the complete output
<uvirtbot> New bug: #806231 in openssh (main) "Conflicts with lsh-server" [Undecided,New] https://launchpad.net/bugs/806231
<ezrtyuiop> http://paste.ubuntu.com/638591/ qman__
<qman__> I only know english, but from that output, postfix is already installed
<qman__> the error is with cacti-cactid, and something in one of the installation scripts failed
<qman__> you could try 'sudo dpkg-reconfigure cacti-cactid' to see if it fixes itself
<qman__> otherwise you'll have to pinpoint why cacti-cactid is failing
<ezrtyuiop> if i do dpkg reconfigure
<ezrtyuiop> it say cactid broken
<ezrtyuiop> what to do exactly to skip that error
<ezrtyuiop> i know it is an basic question
<ezrtyuiop> don't know what to do ?
<uvirtbot> New bug: #806237 in amavisd-new (main) "package amavisd-new-postfix 1:2.6.5-0ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/806237
<nibalizer> so.... puppet 2.7.1 .... anybody got .deb?
#ubuntu-server 2011-07-06
<zul> adam_g: whats up?
<echosystm> wheres the ubuntu development channel?
<twb> echosystm: development of what?
<echosystm> packages
<twb> #ubuntu-devel
<echosystm> thanks
<a1fa>  i am trying to purge perl, http://pastebin.com/KH4qXthJ
<a1fa> however its messing up
<a1fa> i may have manually removed some files
<a1fa> and now i cant get it out of the apt database
<a1fa> what to do?
<twb> Reinstall from scratch
<qman__> touch the files it's looking for
<qman__> it works, I've done it
<a1fa> dpkg -r - --force-remove-reinstreq
<a1fa> worked just fine
<a1fa> any other way of making this dumb thing stop
<a1fa> 21st century.. we are not dealing with rpms here guys :0
<pmatulis> a1fa: making what stop?
<twb> a1fa: 21st century... don't "manually remove some files"
<a1fa> my bad dude ;)
<a1fa> but the files are bacvk
<twb> Still getting the error?
<a1fa> yes, i know why
<a1fa> POSIX.pm has not been reinstalled
<a1fa> can someone apt-file search POSIX.pm please?
<twb> $ dlocate POSIX.pm ==> perl-base: /usr/lib/perl/5.12.3/POSIX.pm
<a1fa> hm
<a1fa> what version are you on?
<twb> sid
<a1fa> doh
<a1fa> how about File.pm?
<twb> Same
<twb> You know packages.u.c has a dpkg -S equivalent
<a1fa> really
<free99> hello all, I've been trying to install LDAP on my server for a little while. Now I know you're probably as tired as I am of LDAP, but my question is simple
<free99> I was previously using ldap on 10.04 and recently moved up to a new install of 11.04... it seems that the back and frontends get populated by the post-install script...
<free99> how do I get rid of the configuration provided and replace it with the one I have?
<twb> free99: well, fun story
<qman__> you go back to 10.04
<qman__> not to be mean, but seriously
<qman__> it's going to be less of a headache
<free99> (facepalm)
<qman__> and it has a longer support lifetime
<qman__> not sure why you'd move to 11.04 for something like that in the first place
<twb> free99: wait, what do you want to repopulate -- the config database (slapcat -n0), or the "real" database, the one with the user objects (slapcat -n1) ?
<twb> qman__: because new versions = SHINY
<qman__> shiny's great for desktops and fooling around, but not for the backbone of your network
<free99> twb: I need to do both, I assume... I have a nice tree setup, and users to go with it. Adding the users isn't a big deal, but the tree is where I'm having a problem, besides getting TLS to work properly (whole other story, forget I metnioned it)
<twb> You would be amazed how often I have to train people to avoid shiny by means of operant conditioning
<a1fa> ?
<twb> free99: I don't know what you mean by "tree is where I'm having a problem"
<free99> (sigh) I moved to 11.04 because my last system failed thanks to a drive failing despite it being raid 5...
<twb> a1fa: as in you hit them with a stick when they upgrade things
<free99> and I figured things with TLS had improved, perhaps
<twb> free99: that would be because bootdegraded defaults to no
<qman__> regardless if it's better or not, with 11.04 you'd have to upgrade in 6 months, and again in another 6
<qman__> too much work
<a1fa> why would you do that?
<free99> Isn't the config database where the actual layout is, e.g. the root and its branches? The users and their data were in /var/lib/ldap I thought...
<qman__> because that's the normal release schedule
<qman__> which is why LTS exists, so you don't have to
<twb> free99: the config database is what used to be slapd.conf
<free99> besides which I have a bunch of specific enhancements and such that I want to put back in but can't seem to, especially using an accesslog overlay
<twb> free99: now it's like /etc/openldap/cn=config/ crap
<twb> I think with enough effort you could migrate your 10.04 cn=config tree to whatever 11.04 has, but I agree with qman__ that you shouldn't use anything but LTS
<free99> yeah, I know... I've been resisting the urge to move to slapd.conf very, very hard for the past month
<a1fa> twb: who do you hit?
<twb> a1fa: the users responsible
<twb> https://secure.wikimedia.org/wikipedia/en/wiki/LART
<free99> I'm going to blame my age and lack of experience for going with a non-LTS, just because I can :P
<qman__> and then there's the companies that grab a non-LTS release and just leave it like that for years, and you end up with 9.04 shells you can't patch
<twb> qman__: you think that's bad?
<free99> at this point I already have several other services running successfully on it, so... I'm not rushing to reinstall everything despite having made a script that does the majority of security and such
<twb> qman__: yesterday I recovered a server from 2002, running Mandrake 10, with *XFS* filesystems, an empty fstab and a 100% full root filesystem due to years of SQL dumps in /home/merlin/public_html/cron/data/backups
<qman__> wow
<free99> but in retrospect, yeah, bad plan on my part
<a1fa> who
<a1fa> what
<twb> When the customer regained conciousness, I gently explained that he should migrate to a supported OS
<twb> Oh, and the machine allows password-based root logins and wasn't behind a NAT :-/
<qman__> and apparently is storing backups in public_html
<twb> qman__: the whole web app was in there
<twb> And of course it's PHP/MySQL
<free99> pass me some of what that guy who setup the box was smoking
<twb> He was probably a work experience student or an indian rent-a-coder or some shit
<free99> so... is there a way for me to wipe out the default config and replace it with mine? I have two LDIFs, that should take care of everytihng...
<twb> free99: just apply the LDIFs, then
<a1fa> twb: you hit people at work?
<twb> a1fa: sure
<twb> a1fa: otherwise they do not learn
<a1fa> where do you work?
<a1fa> HR loves you :)
<twb> cyber.com.au
<free99> ldapadd and slapadd both complain that the databases already exist
<twb> free99: so presumably your LDIF assumes the database is empty
<twb> free99: in which case you need a different LDIF
<free99> I mean I suppose I can have two databases, but why? the LDIF specifically points to {1}hdb which already exists... I know if I get rid of the {1} it'll increment to create a new database, but..
<twb> So write an LDIF that modifies the {1}hdb object instead of trying to create it
<free99> that's a good idea twb, I'll look into it :)
<twb> Personally I think it would be easier to give up and redo it in lucid
<twb> LDAP is a massive pain in the arse
<free99> dude, I burned 4 hours today trying to get ldap to tell me when someone successfully binds to the server so I can make a script that prunes old accounts
<free99> and it still doesn't work lol
<twb> You know how I did that?
<twb> I gave $boss a list of accounts and said "tick the ones that should continue to exist"
<free99> ah I wish I could do that, I'm trying to do this for a unix lab where new students show up all the time, old ones leave...
<free99> my boss has been doing it that way for a while
<twb> Surely your uni knows which students are still there
<free99> he's currently running the network on an NIS box setup in....95 I think
<twb> Well, NIS just works
<free99> it seems pretty insecure from what I've heard..
<twb> It's only real downsides are that it's completely insecure, and that newer services can't talk speak it.
<RoyK> twb: NISÂ rocks like elvis, somewhat out of style...
<twb> Grr, so now I have an "urgent" task to work out why my apache reverse proxy is breaking prayer (webmail) attachments
<kellnola> At my last job we still used NIS for automount maps and groups heh.
<twb> I'm glad I have LDAP working now, but I would've been happier if I could've stuck with nIS
<kellnola> the only prob with LDAP is all the different implementations ...
<kellnola> openldap is a little behind the commercial ones
<twb> I wouldn't know about proprietary solutions
<twb> Except that all the kerberos people seem to have an attitude of "AD or GTFO"
<kellnola> twb, really? There's lots of unix "kerberos people"
<twb> Not on #kerberos AFAICT
<kellnola> well AD is by far the most widely used implementation
<kellnola> so that isn't surprising
<twb> You say something like "I just want krb to work without the hassle of running a 2k3 server" and they are all "what are you talking about, Windows is the bestest, unix is for fags"
<kellnola> ugh
<kellnola> sounds like "idiocracy"
<kellnola> I have noted that windows folks rarely understand the underlying technologies they use very well
<kellnola> I have never met a windows admin that understood kerberos very well
<twb> So anyway, what I have now is a nice simple openldap server with authorization performed by means of bind attempts, no root bind at all (only local root user has rw privs), and the ppolicy overlay to deal with password expiry and such.
<kellnola> or for that matter, DNS, or pretty much anything else
<kellnola> twb, great!
<twb> And no samba support because dealing with bullshit like "machine accounts" would've meant giving write access to LDAP to the samba host
<kellnola> if it's all unix you have no use for samba
<twb> The main downside is that without kerberos, there only really trustworthy network filesystem you can use is sshfs
<kellnola> that would be correct
<kellnola> I have to get around to NFS4
<twb> NFSv4 on its own (i.e. krbless) is obviously not a big win re security
<twb> You can still just get any old client and say "sudo -u twb cat ~twb/.netrc" or whatever
<kellnola> it was really meant to work with it
<free99> dammit... I really have to get kerberos working too?
<kellnola> nfs3 is kind of horrifying wrt security
<twb> I do still use NFSv3 for /home on a subset of the local LAN which (hopefully) has better physical security.
<twb> Which is to say, the servers in the machine room
<kellnola> nfs3 is in very wide use in the unix world
<twb> we have an exciting problem with nfsv3 atm where secondary group permissions are totally ignored
<kellnola> thankfully v4 has acls
<twb> Which breaks an otherwise perfectly adequate posix permission like ceo:officers 750 /srv/nfs/agm-minutes/
<kellnola> I'd rather use document management than nfs for general office crap. there's good free ones
<twb> web UIs?  DO NOT WANT
<kellnola> twb, webdav or web ui
<twb> I am slowly increasing the amount of stuff we keep in git-backed rest/markdown
<kellnola> it does keep users from making a mess of the system
<twb> I'm only allowing apache with bad graces, and PHP and MySQL not at all
<twb> So if your DMS is sitting on top of, like, tomcat, it can just FOAD
<twb> For my customers' systems, I feel differently because they're all idiots and, as you say, they'll make a mess if given the chance
<kellnola> it also puts a crimp on "that one guy in the office who knows MS Access really really well" and that persons penchant for creating zillions of shitty little databases for everyone to use
<twb> No windows here :-)
<twb> Well, there is one that we have to use to talk to the stupid federal tax people :-/
<kellnola> where do you work? university? industry?
<twb> cyber.com.au
<twb> basically a rent-a-sysadmin shop
<kellnola> the only all unix job I ever landed was at a (US) fed that did geological/ seismic analysis
<twb> Most of our customers have windows desktops, but dealing with those is farmed off to whichever poor bastard we just hired
<twb> s/just/last/
<kellnola> there is definitely a certain amount of happiness that comes with never having to even look at windows, and actually being able to solve their problems
<kellnola> *the users problems
<qman__> my job is pretty similar but unfortunately it's mostly windows environment, small companies and local governments running windows SBS servers
<free99> I love unix, but christ I hate ldap
<qman__> my linux-ward progress so far includes a machine to store/scan infected systems' files, and a remote backup solution with backuppc
<qman__> without drop-in DC capability, linux just won't work its way into the customers' shops
<qman__> and even then, some of them have custom software
<free99> you'd think some company out there would work up a proprietary solution just because of that
<free99> though I guess likewise is trying that out
<twb> free99: proprietary solution for what?
<free99> a drop-in domain-controller?
<twb> We have a proprietary solution for that
<twb> built on top of linux and samba :-)
<qman__> samba 4 is supposed to do the job, if/when it ever gets done
<kellnola> samba integrates just fine as an AD member, and of course can be an (old type) DC
<qman__> the other biggie is exchange for contacts and calendars
<qman__> mail is no problem, but the other stuff is harder
<kellnola> qman__, we sell a product call zimbra to our clients, it's a unix based exchange clone
<kellnola> works very well with outlook
<qman__> nice
<kellnola> they can't tell the diff
<qman__> how's the system requirements on that
<kellnola> oh it's all hosted off site
<twb> qman__: samba 3 is a DC, it's just not an AD DC
<qman__> we've got customers with quad cores and 8 gigs of RAM crawling with SBS2011, they just keep making it impossibly huge
<kellnola> qman__, we have one client using their own server, the app seems pretty well bahaved
<qman__> and don't even think about using blackberry enterprise
<qman__> that basically doubles the RAM requirement, by itself
<kellnola> god I hate SBS
<kellnola> and all it's stupid restrictions
<twb> Re "groupware", we roll out ZCS (zimbra), and we've rolled out scalix in the past and we've dealt with sogo and thingy as well.
<twb> They're all abysmally shite
<kellnola> twb, heh
<twb> ZCS compiles all of ubuntu in /opt with custom patches and CVS snapshots of upstream codebases
<qman__> I mean, what's the point in selling a small business package, when it'll only run on a four grand server
<twb> I found the guy who makes the ZCS packages, and it was clear he didn't understand why distros even exist
<kellnola> twb, all I've ever seen from them is tarballs
<twb> He just thought everyone should have a linux kernel and then his huge ZCS blob
<twb> kellnola: I use "package" loosely
<kellnola> twb, MOST commercial unix devs are just like that
<twb> kellnola: yeah, it's a bloody crock
<twb> And on Linux it's unforgivable
<kellnola> they do not have the deep understanding of systems, or discipline, that OSS devs have
<twb> I could understand people doing it on Windows or SCO where there is no package infrastructure or anything
<twb> (Yes, I have to deal with SCO and SunOS and crap sometimes :-(
<kellnola> twb, thankfully we just have them use ZCS hosting
<twb> kellnola: out on some VPS in "the cloud" somewhere, a la buying a commercial gmail contract?
<kellnola> I don't want them running mail in-house anyway, unless they're huge
<kellnola> twb, yes it's cloud
<twb> Yeah, I think we avoid that because of concerns about data sovereignty and such
<qman__> the prospect of going entirely down when the comcast modem craps out is not appealing to our customers
<twb> Or just because users want to keep reading mail when their shitty .au DSL falls over for a week
<kellnola> well we have other concerns like frequent evacuations, hurricanes, etc.
<qman__> and actually, we've been trying to get people to move their mail in-house because of how terrible the SBS POP3 connector is
<twb> I'm about to switch from ADSL2+ to "naked" ADSL2+ at home, and the migration time for Telstra to do their part is FOUR WEEKS
<qman__> and how difficult it is to get email to phones when all they have is pop to some other host
<twb> For what amounts to unplugging a cable from one DSLAM and patching it into a different DSLAM
<twb> qman__: well, IMAP/MAPI/webmail, not POP
<kellnola> how fast is ADSL2+?
<twb> kellnola: theoretical maximum is something like 24mbps down, 4mbps up
<free99> does this look like a correct ldif to modify the pre-existing database?
<free99> dn: olcDatabase={1}hdb,cn=config
<free99> changetype: modify
<free99> add: olcDbIndex
<free99> olcDbIndex: uid pres,eq
<free99> -
<kellnola> we're almost all HFC, some metro ethernet, a couple of DS1
<twb> free99: that all depends
<qman__> unfortunately one of the hosts most of our customers are on does not offer any of that, only POP
<twb> free99: here's a working one for lucid, that shuts up slapd syslog some: http://paste.debian.net/122044/
<qman__> they're stuck in the 90s, and keep getting on spam lists
<twb> free99: but I don't know what your current cn=config database contains, or what you want it to contain
<qman__> it's been a nightmare
<kellnola> wow I haven't seen anyone using POP in quite some time ... and I live in a backwater
<twb> kellnola: but in .au a privatized ex-government company has a monopoly on the copper, and they're letting it rot because they want to migrate to FTTH at the government's expense
<twb> kellnola: so it's usually more like 2-6mbps down
<kellnola> no so bad
<kellnola> DSL here is just terrible
<kellnola> the support won't even speak to you if the modem's bridged
<free99> twb: it doesn't have the right suffix, it got picked based on my FQDN which isn't good enough
<twb> Yeah, well, I expect better connectivity in the continent's second biggest city...
<free99> that script you linked me is a big help though, thanks
<twb> free99: ah, well, that's a major pain in the arse to fix
<kellnola> samba 4 is becoming like Duke Nukem 3D
<twb> free99: because you will have to rename all the dn's in the {1}hdb
<kellnola> I am so sick of waiting for it
<free99> kellnola: I thought it came out already
<kellnola> though I didn't give a crap about Duke Nukem 3D
<twb> free99: btw, you should read the ldapmodify and ldif manpages and such
<free99> duke-nuke 'em forever?
<free99> I'm working through a tutorial right now actually, and trying to adapt it lol
<kellnola> free99, LDAP is wonky but once you get used to it you'll appreciate it
<twb> https://secure.wikimedia.org/wikipedia/en/wiki/Duke_Nukem_Forever
<free99> I already have big plans for it, but that's if I can get the SOB running
<twb> "the game was released in 2011 but had been in development since 1996."
<kellnola> yeah "Forever" sorry
<kellnola> so, you folks that service outside clients, how do you deal with the crap of users running their desktops as administrator? Most of ours insist on it
<kellnola> windows users I mean
<kellnola> we are thinking of moving to an SLA based system where the price would be less the more restrictive it is
<qman__> the software they run requires it
<qman__> it's the only option
<kellnola> qman__, much of the time, yes ... thinking about having them run a dedicated terminal server for garbage like that
<qman__> tried terminal services with one, it's a total mess
<qman__> and expensive, really expensive
<qman__> a server and some CALs costs enough, but then they want office
<kellnola> I don't know, we're doing that with one of them, it's working out pretty well
<kellnola> so far
<qman__> and they can't use the office they already bought and have the license to, you have to get a volume license
<qman__> and then when their proprietary app needs an update
<kellnola> the app itself is so expensive they don't notice the CAL's really :-/
<qman__> an administrator has to log on to the server console directly and update it
<qman__> because it won't update over TS
<qman__> just all the licensing bull you have to work around is insane
<kellnola> qman__, well that goes for anything with windows
<kellnola> who can figure that BS out it is total insanity
<kellnola> not to mention the "upgrade paths"
<qman__> trying to explain to a customer that they bought the wrong version of the software
<qman__> despite it being the right software they need, just not licensed for the other software they're running
<qman__> and that the version they need costs five times as much
<qman__> just because
<kellnola> qman__, yes that's lovely
<kellnola> I'm thinking of trying to get out of all this and maybe develop and sell POS systems for people ... something where I would not be pulling my hair out every day
<kellnola> over retarded shit
<riz0n> I have an Ubuntu Server, and have some email aliases in the aliases file. Is there a way to create a wildcard alias? (like, for instance, account-??? would accept from account-000 or account-123 etc. to the address accounts)
<kellnola> riz0n, don't think so, at least not in /etc/aliases. There might be an MTA that does that
<twb> riz0n: that is called "sub-addressing"
<twb> For example foo+bar@gmail.com will be delivered to foo@gmail.com
<kellnola> wow ... jellyfish have shut down the second nuclear plant in two weeks
<DougJ> is there a way to run the explorer with admin powers
<DougJ> so I don't have to use a terminal to manipulate files in system directories?
<twb> riz0n: I think it's $recipient_delimiter in postfix
<qman__> DougJ, not a server question, but the answer is gksudo nautilus
<twb> DougJ: what is "explorer"
<twb> qman__: nooo, current gvfs will have something like "sudo://" I expect
<twb> qman__: better than running the whole app with escalated privds
<twb> *privs
<DougJ> twb, it's nautilus, you did not know what I was talking about?
<qman__> I suppose
<twb> DougJ: I don't use GUIs
<qman__> command line is better anyway
<twb> qman__: +1
<riz0n> right i am familiar with the "+" subaddressing, but thats not what im going after
<riz0n> ill just make some aliases for the #'s i need
<DougJ> twb, you never have ever?
<twb> riz0n: well, that's all you can have AFAIK, though obviously you can use "-" instead of "+"
<qman__> and as said before, that is not a server question
<qman__> as server does not have a GUI
<qman__> so if you want to reliably get answers to GUI questions, you're asking in the wrong channel
<DougJ> qman__, your answer was plenty reliable thanks
<DougJ> qman__, I don't have access the the regular support channel as I am banned
<twb> DougJ: that is no excuse to ask the wrong channel
<DougJ> twb, but it is a reason
<qman__> and probably a good way to get banned in more channels
<twb> Hear, hear.
<DougJ> qman__, any way to get unbanned?
<qman__> dunno, I'm just a user
<DougJ> well, I don't have many options then do I
<twb> DougJ: the freenode documentation probably discusses the general process
<twb> http://freenode.net/faq.shtml#unban
<DougJ> how can you speak to an op if you arn't in the channel?
<qman__> find out who they are, and /msg directly
<qman__> as for who the ops are, it's definitely documented somewhere
<DougJ> oh really I didn't know that worked when you weren't in a channel with someone
<twb> qman__: the page I linked to shows how to list ops
<DougJ> yeah, that link twb...
<DougJ> yeah
<free99> so this ldif is getting very tedious. considering that the package installer for slapd uses the FQDN to make the choice of domain *for* me, can I temporarily change my FQDN?
<free99> I mean, how can I change it temporarily
<free99> oh, wtf?
<free99> I did a dpkg-reconfigure and first thing it asks is if I want to skip having it configure ldap for me
<hackeron> hey, question - how do I connect to a wireless access poing using a WPA passcode from the command line?
<qman__> last time I tried to do that was years ago, and I didn't succeed
<qman__> it required wpa_supplicant and some significant handwriting of configuration files
<qman__> the situation may or may not have improved since, but I don't know
<twb> free99: with priority=low it asks IIRC
<twb> free99: ICBW, because currently I disable auto-setup
<free99> auto-setup is what got me chasing my tail for the past week lol
<twb> http://paste.debian.net/122047/ shows the server side of my setup; NOTE that client-side setup is already done, so the ldap utilities are already looking at/for slapd before it exists.
<free99> so if I want the autosetup to ask all the questions the first time around, how do I do that in one shot?
<hackeron> qman__: yeh, the guides are can find look unreasonably hard :( -- except for this one: http://modelr.wordpress.com/2009/06/01/how-to-get-wireless-network-on-ubuntu-server/ - but that one is kind of hard coded to just 1 wireless access point
<twb> hackeron: WPA2 PSK or Enterprise?
<hackeron> twb: just WPA PSK
<twb> Install hostapd.  Write hostapd.conf.  You are done.
<free99> hackeron: I know network-manager, as crappy as it can be, has a good CLI system that almost nobody uses, and it's good at roaming
<twb> Writing hostapd.conf is about as easy as writing wpa_supplicant.conf, i.e. trivial.
<twb> free99: it doesn't have a good CLI system.
<twb> free99: NM uses wpa_supplicant, and since wpa_supplicant has perfectly good roaming and CLI functionality, there is absolutely no reason to use NM
<twb> http://paste.debian.net/122048/ <-- NM-less WPA2-PSK client with pre-defined networks
<hackeron> twb: so you would recommend hostapd?
<twb> hackeron: hostapd is really your only choice
<hackeron> twb: what about http://paste.debian.net/12204 you just posted?
<twb> That's the client side
<hackeron> I am talking about the client side
<free99> that's a good script
<twb> Do you want to configure an AP or a client
<twb> Oh right
<hackeron> my "server" is an access pont
<hackeron> point*
<free99> the ldap one you sent me I mean
<twb> hostapd is for the AP, wpa_supplicant is for the client side.
<hackeron> twb: ah, awesome :) - thank you!
<twb> They are built from the same codebase
<twb> free99: note that it's rather peculiar in places, e.g. no root bind dn
<free99> http://paste.debian.net/122050/
<free99> that's mine
<hackeron> twb: is there a script that will join a know SSID if it can find one, otherwise try all the open ones one by one until it can find one that has access to the internet?
<hackeron> join a known*
<free99> lol hackeron, that'd be pretty cool
<hackeron> heh, indeed :P - especially in a car
<free99> so when I run apt-get install, is there a way to get an in-depth configuration screen?
<twb> hackeron: I don't know about open APs, because I've never encountered one
<twb> I don't think that's particularly on-topic for -server tho
<twb> free99: dpkg-reconfigure debconf ?
<hackeron> twb: why not? - if I ask on #ubuntu they'd say network manager, heh - but I'm doing this on ubuntu-server :P
<free99> ok, that's for all of 'em
<free99> but what about doing it for only packages I'm interested in?
<hackeron> twb: the info in your link worked beautifully btw, thank you!
<twb> Well, Ubuntu users are idiots
<hackeron> heh, that's another reason why I ask here, heh
<free99> ....
<free99> hey man, when I was a BSD head, I got everything done and well
<twb> free99: then you need to set... DEBCONF_PRIORITY=low, I think, prior to your apt-get run
<free99> but hal killed everything
<twb> free99: you can't do it per-package, you can do it per-run, or you can invoke dpkg-reconfigure on a package AFTER it's installed
<twb> If hal is still alive, you should kill it
<free99> I heard debian was doing something like bringing their packages over to freebsd or something of that nature...
<twb> The useful functionality was rolled into udev, and the stupid XML RPC crap is still present, but in the newer equally dumb udisks/uthingy
<free99> including udev
<twb> free99: debian supports two kernels -- linux and freebsd's
<free99> really?
<free99> hot-damn!
<free99> wait, there's got to be a caveat or three there
<twb> There's also nexenta, which was nominally Debian/kOpenSolaris, but due to the cuddle of death, I think it's pretty denatured now.
<twb> free99: well, Debian/kFreeBSD has a lot fewer eyeballs than Debian GNU/Linux or FreeBSD.
<free99> freakin' awesome, I got it
<poseidon> So I have a long script on my local computer.  It's in bash.  I want to be able to ssh into a server, run the script, then go into a terminal (while being able to see that info).  So far all I've been able to do is something along the lines of ssh host command && bash.
<poseidon> Any ideas?
<twb> ssh host -t /path/to/script ?
<poseidon> twb: the script is on the local computer
<poseidon> Not on the remote
<twb> Ugh
<twb> Either scp it across, or do something evil and wrong like { cat script; cat; } | ssh -t host
<free99> wth does it mean when you get "ldap_modify: Insufficient access (50)" despite having the system set to allow local root to do anything/
<twb> -YEXTERNAL
<free99> hmm, I am doing -Y EXTERNAL
<twb> Same thing
<free99> I mean I'm doing that and it's still not working
<free99> as root: ldapadd -x -D "cn=admin,dc=itech,dc=portal,dc=baruch,dc=cuny,dc=edu" -W  -H ldapi:/// -f test2.ldif
<twb> I see no -YEXTERNAL there.
<free99> oh, right, that's my attempt w/o it lol
<free99> ldapadd -Y EXTERNAL -H ldapi:/// -f test2.ldif
<free99> http://paste.debian.net/122057/
<free99> that's the ldif I'm trying to add in
<free99> I appreciate the help a lot twb
<twb> free99: you probably should not tell us your hashed passwords
<free99> I messed with it a little just in case, don't worry
<twb> And if you intend to only use -YEXTERNAL, don't set an oldRootPW at all
<twb> *olc
<twb> Lines 1 and 2 are pointless
<twb> And you can omit "changeType: modify" if you're passing it to ldapmodify
<free99> well... I'm going to need a web front-end for the server, we have several people who are going to be adding/removing users
<twb> ldapadd and ldapmodify are basically identical except for the default ChangeType
<twb> free99: fair enough
<twb> free99: although you could theoretically give object creation rights to those users, and have the web app "sign in" to ldap as them to make changes
<free99> (sigh) you know that feeling where you're at the limit of your knowledge and stuff keeps getting piled on you?
<twb> Most existing web apps don't operate that way, they just assume they have full root access
<free99> I've been working on this for about 3 weeks straight, bootstrapped
<twb> (Where "root" means ldap root bind dn, not unix root user)
<twb> free99: yep, BTDTBTTS
<free99> what's that mean?
<twb> Been There, Done That, Bought The T-Shirt.
<free99> yeah man..
<twb> Or, you know, JFGI
<free99> lol do I even want to know?
<twb> https://duckduckgo.com/lite?q=JFGI
<free99> aw maan
<free99> JFGI, you have no idea how much I'm going to wear that word out and bring further shame to unix peeps everywhere
<twb> Not saying "peeps" would be a start.
<free99> oh werd? I'm getting sleep drunk...
<free99> I think I should read a book
<free99> so I guess I'll see you later
<free99> and thanks again for your help twb
<free99> peace
<twb> Oh *awesome*.
<twb> New client, they have a machine accepting password-based root logins from the internet, with a dictionary-based password, and they are running... Debian 4.0
<greppy> ...
<twb> Ahaha, and proftpd instead of vsftpd
<greppy> what's wrong with proftpd?
<twb> It's not vsftpd
<greppy> that's not a helpful explanation.
<twb> Or better than either, would obviously be OpenSSH's SFTP
<twb> greppy: the short version is that vsftpd cares about security more than anything else, and proftpd doesn't.
<twb> greppy: ICBF digging up the MITRE security history of both
<w00> http://www.h-online.com/security/news/item/Vsftpd-backdoor-discovered-in-source-code-update-1272310.html
<twb> w00: yes, I know
<twb> Though that doesn't affect Ubuntu or Debian.
<twb> I should be very clear that I recommend OpenSSH, and I only recommend vsftpd if SFTP is not an option for stupid non-technical reasons.
 * greppy feels the same way, just s/vs/pro/ :)
<twb> I dunno about proftpd, but one thing I like about vsftpd is that every feature is off by default
<twb> So you have to opt into e.g. rw or auth
<greppy> I almost never trust defaults, even if they are default in the current version, I explicitly set things.
<twb> http://mywiki.wooledge.org/FtpMustDie
<twb> I guess I also haven't run an FTPd for about eight years...
<greppy> due to running a shared hosting server, I have had to keep running one.
<twb> Bah
<twb> SFTP
<twb> Anyone too stupid to use SSH doesn't deserve access to your box
<twb> Especially since even windows ftp clients can speak SFTP
<greppy> in a perfect world, yes, I certainly point people to sftp if it is an option for them.
<ruben23> hi guys how do i set conjob to run every two days it will run a particular script
<twb> * * */2 * *
<ruben23>  twb: if i set at 12 noon time..?
<twb> Oh sorry
<twb> It should be more like 0 12 */2
<twb> I'm used to just writing @daily
<twb> But I don't htink you can write @daily/2
<szpuni> cronetab -e will help you ;)
<ruben23> 0 12 */2 /usr/share/astguiclient/AST_CRON_audio_3_ftp.pl --MP3
<twb> ruben23: you need to supply all five fields
<ruben23> like that..? that script will run every 2 days and 12 noon time
<szpuni> rather than have settings in separate daily monthly etc files
<twb> ruben23: have you read "man 5 crontab" yet?
<ruben23> im reading with google now- but im confuse of what the meaning of /2..?
<twb> "every second one"
<twb> Because third field is day of month
<ruben23> 0 means..?
<twb> ruben23: please read the crontab(5) manpage in full THEN ask me if you still don't understand, I have other work to do right now
<piquadrat> Hi! Does anybody know of a PPA with packages for solr 3.1, 3.2 or 3.3?
<kiranmurari> piquadrat: https://launchpad.net/~trevor/+archive/solr
<ed8> hi, which software do I use to scan a server for viruses ?
<ed8> I was serious~
<ed8> or at least rootkit scan
<w00> rkhunter
<ed8> I used chkrootkit, but still looking for free virus scanner
<w00> clamav
<ed8> w00: any generic command for both of them ?
<van7hu> hello
<van7hu> how could I configure multi vhost in my machine? I mean using Apache
<linuxnizer> hi everyone
<linuxnizer> can Ubuntu Server support 32TB RAID setup? (I know ext4 can go up to 16TB only)
<uvirtbot> New bug: #806432 in backuppc (main) "package backuppc 3.2.0-3ubuntu4~lucid1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/806432
<asdfasdf> i need help making a custom kernel
<smoser> jamespage, around ?
<jamespage> smoser: sure am - just reviewing ec2 testing results
<jamespage> smoser: have you seen this udev error before?
<jamespage> udevd[186]: failed to create queue file: No such file or directory
<jamespage> udevd[186]: error creating queue file
<smoser> i dont recall that.
<smoser> so... the 20110706 failed to publish. i can re-run and it will continue
<smoser> s/re-run/re-start/
<Ursinha> good morning :)
<smoser> good morning
<metap0d> Hi everyone, I want to see all services that boot with my Ubuntu Server .. s there a GUI or console tool or file etc I can edit to modify them?
<Ursinha> metap0d: I believe you can do that with update-rc.d
<kim0> Hi everyone, just letting you know we're having the Ubuntu Cloud Days irc event on the 25th/26th. Everyone is invited to add a session at https://wiki.ubuntu.com/UbuntuCloudDays/Timetable Please add your session as soon as you can, if unsure about the title, just write TBD. Ping me for any details, thanks
<pmatulis> metap0d: right now there is a mix of sysvinit and upstart files
<smoser> ok. so i resumed the publish of the 20110706. looks like python, bind and libdrm2 changed
<pmatulis> metap0d: update-rc.d works with most sysvinit-based services, but not all IIUC
<pmatulis> metap0d: you need to edit upstart jobs directly AFAIK
<pmatulis> metap0d: for sysvinit and upstart files, see /etc/init.d and /etc/init, respectively
<smoser> jamespage, how did it go so far? on 20110705?
<jamespage> smoser: OK I will re-run the tests once it publishes out
<jamespage> so generally OK
<jamespage> or maybe not
<smoser> ?
<jamespage> cloud-config still looks broken (all tests failed)
<jamespage> found bug 806453
<uvirtbot> Launchpad bug 806453 in udev "udevd fails with error creating queue file, instance fails to boot" [Undecided,New] https://launchpad.net/bugs/806453
<jamespage> and I did not realised that ec2 endpoint IP addresses change so half the tests failed from the new QA lab
<smoser> yeah, :-(
<metap0d> pmatulis,Ursinha: This is my first server install so I'm not too familiar with everything yet, but thanks I think that should be enough to get started :)
<jamespage> damn those outbound firewall rules!
<smoser> so, for 806453, i've seen the "falling back to /dev/udev on my system here even"
<smoser> maybe something needs to create /run that is not
<smoser> i have no /run on my system
<smoser> jamespage, how is cloud-config failng ?
<jamespage> yeah - I see that message all the time
<smoser> i dn't recall why we were seeing that before
<jamespage> just looking at the cloud config stuff
<Ursinha> metap0d: np :)
<smoser> a result of bug 784937 ?
<uvirtbot> Launchpad bug 784937 in cloud-init "/mnt not mounted, swap not used, disk is xvde" [Medium,Confirmed] https://launchpad.net/bugs/784937
<smoser> are we able to see historic results in iso tracker?
<jamespage> smoser: http://paste.ubuntu.com/638881/
<smoser> where does that happen ?
<smoser> and is it reproducilbe
<smoser> i understand the "can't mount"
<smoser> swap is probably wrong
<smoser> but it shouldnt fail
<jamespage> smoser - so that one appears to happen on ebs storage
<jamespage> this one - http://paste.ubuntu.com/638884/ - happens on instance-store
<smoser> not on all boot
<smoser> right?
<jamespage> So it looks like its always on the reboot after first boot
<jamespage> cc contains:
<jamespage> mounts:
<jamespage>  - [ ephemeral0, /opt , auto, "defaults,noexec" ]
<jamespage>  - [ swap, null ]
<uvirtbot> New bug: #806459 in bind9 (main) "package bind9 1:9.7.3.dfsg-1ubuntu2.2 failed to install/upgrade: sub-processo script post-installation instalado retornou estado de saÃ­da de erro 1" [Undecided,New] https://launchpad.net/bugs/806459
<smoser> happening after reboot would make sense.
<jamespage> TBH the results are being clouded by the network issues to the ec2 endpoints
<smoser> it is fall out of bug 784937
<uvirtbot> Launchpad bug 784937 in cloud-init "/mnt not mounted, swap not used, disk is xvde" [Medium,Confirmed] https://launchpad.net/bugs/784937
<jamespage> I need to get that resolved and re-run against the new image
<smoser> what is in /etc/fstab ?
<smoser> well.... i really need to be going for a couple hours.
<Deesl> hello... has anyone got an idae about why the Ubuntu installer would be unable to find a cdrom after it has booted off it inside a domU?
<jamesiarmes_> I am trying to create an AMI on EC2 built from the Ubuntu 10.10 x86_64 instance-store AMI (ami-08f40561). I am having issues launching an instance from my custom AMI. In an attempt to track down the issue, I launched an instance from the original AMI and immediatly created a new AMI by running euca-bundle-vol follwed by euca-upload-bundle on the instance and registering the new AMI through the console. However, when I launch an instance from my
<jamesiarmes_> new AMI, it goes from pending to terminated with a reason of "Client.InstanceInitiatedShutdown" and no console output available. Could I be doing something incorrect when I create my new AMI?
<Deesl> anyone around?
<uvirtbot> New bug: #799973 in tftp-hpa (main) "package tftpd-hpa 5.0-11ubuntu2.1 failed to install/upgrade: Unterprozess installiertes post-installation-Skript gab den Fehlerwert 1 zurÃ¼ck" [Undecided,New] https://launchpad.net/bugs/799973
<ppetraki> Deesl, what's your question?
<Deesl> ppetraki: I am trying to get a Ubuntu server domU working in a gentoo dom0.. I am mounting the ISO as xvdc and using pvgrub and the VM boots up fine... but once its through the initial phases, the installer says it could not mount the cdrom and cant proceeed
<Deesl> I am clueless about what is happening here..
<ppetraki> Deesl, it had to be Xen...
<ppetraki> Deesl, do other domUs find the cdrom fine? like fedora?
<Deesl> ppetraki: I have a Gentoo domU. I can check
<Deesl> but the question is, if it was xen, then how come the Ubuntu domU even booted up
<Deesl> it actually booted up and allowed me to select the language and the Country
<ppetraki> Deesl, well, it would be an installer bug, though it helps to verify.
<ppetraki> Deesl, how is xvdc defined?
<Deesl> disk = [ 'tap:aio:/home/subhro/ubuntu-11.04-server-amd64.iso,hda:cdrom,r' , 'phy:/dev/VolumeGroup00/pocVolume,xvda,w' ] ... This is the precise line
<ppetraki> Deesl, dump the tap, just use "file://"
<Deesl> I just changed xvdc to hda as an attempt
<Deesl> with file also does not work
<Deesl> hang on let me check once
<Deesl> disk = [ 'file:/home/subhro/ubuntu-11.04-server-amd64.iso,xvdc:cdrom,r' , 'phy:/dev/VolumeGroup00/pocVolume,xvda,w' ] this is what it says now
<ppetraki> Deesl, ok, that's better.
<Deesl> just created it
<Deesl> hang on
<Deesl> it booted off the CD GRUB and allowed me to select country and Language
<Deesl> now its stuck... absolute blank screen
<Deesl> and it tells me that its unable to find a CDROM to mount
<ppetraki> interesting...
<Deesl> want a screenshot?
<ppetraki> nah
<ppetraki> been a while since I've debugged xen, that's all
<Deesl> hmm
<Deesl> is there a way to get a install shell?
<Deesl> I am old hands at Gentoo but brand new to Ubuntu.
<ppetraki> Deesl, alt Fx
<Deesl> does not work
<Deesl> I am just SSHed in to the dom0
<Deesl> and connecting over xl console
<Deesl> so probably my alt and function keys dont reach the domU
<ppetraki> Deesl, what we want to see is how the guest is interpreting the block device
<Deesl> right...
<Deesl> so what could be a way?
<Deesl> there is an option to get a shell in the install menu...
<Deesl> but there is no /dev/xvd? or /dev/[hs]d? inside the devfs for that install shell
<ppetraki> Deesl, could create an ftp install, using the dom0 as the host
<Deesl> O_o
<Deesl> FTP is so much of a trouble :(
<Deesl> how can I do a net install?
<ppetraki> Deesl, retry with --scsi option
<Deesl> --scsi where?
<ppetraki> Deesl, in the VM cli, when you start the machine
<ppetraki> Deesl, http://wiki.debian.org/Xen#DomU_.28guests.29
<Deesl> am I just using pygrub......
<ppetraki> Deesl, I don't know whether our kernel has xen block support compiled in or not
<Deesl> my host is Gentoo though
<binBASH> Hi there, what is correct way of reporting kernel crashs like this one? http://imgur.com/a/75ACq
<ppetraki> Deesl, I'm talking about the guest. that would explain why no xvd devices are found
<Deesl> ppetraki: I wonder how to translate a xen-create-image that works on Debian to one on Gentoo
<ppetraki> Deesl, got me
<Deesl> ppetraki: let me see how to pass --scsi to create-image
<Deesl> since I am NOT creating an image
<Deesl> my main disk is completely empty.. I am trying to boot off the CDROM (ISO) and install
<Deesl> later on will paravirtualize it
<Deesl> ppetraki: still didnt find anything :(
<ppetraki> Deesl, hmmm.
<ppetraki> Deesl, would really help if I had a xen host handy.
<Deesl> I dont have any spare play dom0s to offer you :(
<ppetraki> Deesl, you could try an expert install, drop to a shell, and try to modprobe the xen blockback drivers
<ppetraki> Deesl, err blockfront
<Deesl> ppetraki: can you guide a little bit on that?
<ppetraki> Deesl, it's just "F6" at the installer menu, select expert, and boot from there. you get a drop down menu from there
<Deesl> okay I am on the menu which starts off with Change LAnguage, country etc
<Deesl> the third one says Detect CDROM
<Deesl> whcih obviously is going to fail
<ppetraki> Deesl, so drop to shell, and modprobe xen-blkfront
<Deesl> okay hang on
<ppetraki> Deesl, verify its loaded, then exit the shell, and try to detect the cdrom
<Deesl> FATAL: Module xen_blkfront not found.
<Deesl> phew...
<Deesl> so there is no such module...
<Ursinha> Daviey: hai :)
<Ursinha> Daviey: did you get to understand that keyring error you got with that launchpadlib script?
<Ursinha> that's insanely vague, I'm counting on your memory to know what I'm talking about :)
<zul> ouch :)
<Daviey> Ursinha: hello and no
<Daviey> are you experiecing it?
<Daviey> I suspect it's related to the user wide launchpad auth?
<Ursinha> Daviey: yes, I am
<Ursinha> I'm trying to run a script in another machine
<Ursinha> so I wonder if that's requiring UI interaction of some kind...?
<Ursinha> like typing password in gnome keyring or something
 * Ursinha tries
<Daviey> Ursinha: Well recently oneiric desktop started asking for a password when connecting to wireless.  I suspect it's the same issue.
<jamespage> jhunt: around? I have an upstart question re differences in behaviour lucid->maverick->natty
<DarkLordZim> has anyone worked with ettercap on a 64bit ubuntu based install? i'm getting the following error: "Dissector "dns" not supported (etter.conf line 70)" i've tried to google it, and i keep finding everyone saying it has to do with 64bit systems, would it work if just installed a 32bit OS?
<jhunt> jamespage: hi
<jamespage> jhunt: so it relates to how upstart deals with non-zero return codes in the pre-start block of a configuration
<ronnie> i have one server, with 3 virtual machines. One for static media, one for the database and one for the web-application. How can i best connect to the database, if all the servers have an own IP?
<jamespage> bascially on lucid it looks like it ignores them; but on natty it definately is not - i.e. the pre-start fails as a result
<jamespage> any thoughts?
<jamespage> I'm specifically talking about the samba nmbd.conf which calls testparam during pre-start
<marrusl> RoAkSoAx, o/ .... do know of any ubuntu-specific cobbler documentation?
<RoAkSoAx> marrusl: yes
<jhunt> jamespage: checked the code and can't see a change post-lucid. Also, a quick pre-start test that does "exit 1" correctly fails on lucid.
<jhunt> jamespage: and hi to you! :)
<RoAkSoAx> marrusl: we have basic documentation https://help.ubuntu.com/community/Cobbler
<RoAkSoAx> marrusl: what are you looking for exactly >?
<marrusl> RoAkSoAx, no that should do!  just looking for a customer.  I didn't think we did.
<RoAkSoAx> marrusl: hehe yeah it's still very basic
<jamespage> jhunt: so its more related to the return code of something the pre-start block calls rather than what it specifically exits with
<marrusl> RoAkSoAx, that will work, anything more detailed and they can still just hit up the upstream cobbler docs.  thanks!
<RoAkSoAx> marrusl: ;)
<jhunt> jamespage: if you change "exit 1" to "/bin/false" (full path to avoid shell builtins), you still get the expected behaviour.
<jhunt> jamespage: I pulled apart nmbd.conf and tried a basic test on lucid+natty, but I can't see the problem you're describing. Could you come up with a minimal test case?
<jamespage> jhunt: sure can
<smoser> jamespage, around ?
<smoser> Daviey, where are we wrt the uec images ?
<Daviey> smoser: hola.. jamespage gave them a sniff earlier and reported success.
<Daviey> smoser: although, he found one bug which i think he raised.. and also had to update for the new ec2 endpoint.
<Daviey> (firewall)
<smoser> ok. i asked in -release to populate iso with 20110706 images
<smoser> and am pre-publishing those right now
<Daviey> smoser: seems he discovered an issue with i386 images.. but can't see the bug
<zooko> Anybody have a trick for finding a fast package mirror without the GUI MirrorTest.py?
<smoser> Daviey, https://bugs.launchpad.net/ubuntu/+source/udev/+bug/806453
<uvirtbot> Launchpad bug 806453 in udev "udevd fails with error creating queue file, instance fails to boot" [Undecided,New]
<Daviey> smoser: thassim
<Daviey> smoser: Do you want to add that to the release notes, or should i?
<smoser> you please.
<smoser> its minor
<smoser> i *think* not 100%
<Daviey> smoser: ok, thanks.
<Daviey> smoser: now get back to the beach.
<jamespage> smoser, Daviey: around now
<smoser> jamespage, just see above.  the iso tracker being populated with images as soon as someone in -release sees it.
<jamespage> I ran tests against 20110705 and 20110706 - I found bug 806453 only in i386 instance-store instances
<uvirtbot> Launchpad bug 806453 in udev "udevd fails with error creating queue file, instance fails to boot" [Undecided,New] https://launchpad.net/bugs/806453
<jamespage> smoser: also reconfirmed those issues during reboot with the cloud-config tests that mount swap/ephemeral as being repeatable
<jamespage> do you want me to update that previous bug report with more information?
<smoser> jamespage, please do.
<smoser> really i want the kernel issue fixed.
<jamespage> key difference was that we saw it on ebs and instance-store types this time; also got different results between i386 and amd64
<jamespage> I'm going todo it tomorrow.
<RoAkSoAx> irc
<hggdh> smoser: we still are being hit by cloudconfig, correct? If so, do you remember the bug #?
<flyback> what's the boot option or installer option to force assume a 586 cpu instead of installing 686 versions of the kernel and glibc
<flyback> ubuntu server 10.04LTS
<flyback> I know the newer ones are 686 only
<yeason> I'm trying to configure openvas in 11.04 but can't seem to get it to listen on any address. I found that these changes need to be made /etc/default/openvas-<servicename> but I'm not sure how to get it to listen to anything other than 127.0.0.1
<yeason> anyone know how to get it to listen any address?
<alamar> http://manpages.ubuntu.com/manpages/natty/man8/openvasd.8.html -a option looks good..
<yeason> I know about starting it manually, I'm trying to figure out how to get the automatic startup scripts working this way
<yeason> I've tried removing that particular field from the conf file as well as setting it to a blank but it still errors
<alamar> what field?
<yeason> within the configuration file for each service (there's 3 or 4) there are fields such as "ADMINISTRATOR_ADDRESS=127.0.0.1" which provides the script in the init.d folder with the parameters for starting the server
<yeason> in that case when starting the openvasad service it fills in localhost for the -a option
<alamar> try 0.0.0.0
<yeason> ffs... the ONLY thing I didn't try... good call and thanks
<alamar> did it work?
<alamar> well np ;)
<yeason> yep, netstat -tlp shows *:<theport>
<alamar> :)
<yeason> it's one of those that in hindsight is obvious but I never would have thought of it
<rallias> can someone help me install mod_gzip on my server?
#ubuntu-server 2011-07-07
<goddard> craigslist is giving me some trouble
<goddard> http://www.craigslist.org/about/help/generic_DNS
<goddard> with my emails
<goddard> I put the correct resolver in my mx records
<Patrickdk> you can't send or receive emails from them?
<goddard> i can recieve just not send
<Patrickdk> cause you just said stuff about both
<Patrickdk> and what ip are you sending from?
<goddard> 173.12.190.242
<Patrickdk> heh, no wonder
<Patrickdk> that will never ever work to send to most people
<Patrickdk> you need to fix your reverse dns
<Patrickdk> perferably it should match your email server name forward address
<goddard> it should match the email servers domain name?
<Patrickdk> no
<Patrickdk> perferably it should match what you used in your mx entry, and helo name
<Patrickdk> something like mine
<Patrickdk> dig mx patrickdk.com
<Patrickdk> dig -x 38.96.163.135
<Patrickdk> they both match
<goddard> hmm ok
<Patrickdk> mx for patrickdk.com is kishi.patrickdk.com
<goddard> i suppose i need to contact my isp then
<Patrickdk> well, I have a few extra in there cause of ipv6 workarounds :)
<goddard> i dont think they give control of that to me
<Patrickdk> no, but normally they will change it if you ask
<Patrickdk> if not, well, don't attempt to host your email there
<goddard> haha
<goddard> what if i have multiple domains on one server
<Patrickdk> I have yet to day anything about domains
<Patrickdk> does your email server have multible names?
<goddard> just a few
<goddard> no more then 3
<Patrickdk> heh?
<Patrickdk> how the hell does your email server id itself as so many names?
<Patrickdk> currently, it id's itself as server2.kinggoddard.com
<Patrickdk> so hopefully that is what you used in your mx entry
<goddard> ok what about the TXT entry they suggest they use
<goddard> http://pastebin.com/UtJPX4sb
<Patrickdk> there is no law that says you must, but the more things don't match, the less likely other stricter email server will take email from you
<goddard> that is my records
<alamar> Patrickdk: the reverse should match?
<alamar> I always thought it was only necessary to HAVE a PTR configured
<alamar> not that it matches the forward entry referenced in the MX entry
<goddard> i thought i had a TXT ptr setup
<Patrickdk> alamar, depends on how big of a bofh the email admin is
<Patrickdk> personally I configure email servers both ways, you just have a ptr, and ptr must match
<goddard> no no makes sense
<Patrickdk> TXT != PTR
<Patrickdk> your TXT entries are spf, read up on spf, lots of info on google
<goddard> ahh i see
<goddard> so i should just put a ptr record in
<fluvvell> I have 4 ubuntu desktops and a desktop/server at a church, I'm running apt-cacher-ng but having varying results - the cache seems to be out of date, or I get an Apt error on the desktops. Is there a better solution for caching repositories, saving bandwidth?
<pmatulis> fluvvell: maybe provide the errors you're seeing
<fluvvell> pmatulis, mostly apt-authentication errors on the desktops. there is a general feeling of clunkyness, or of updates not happening.
<fluvvell> I'll mouse around to see if I can find a server log error
<pmatulis> fluvvell: that would be best.  also provide what releases are involved (desktop & server)
<smoser> hggdh, the root cause is bug 784937
<uvirtbot> Launchpad bug 784937 in cloud-init "/mnt not mounted, swap not used, disk is xvde" [Medium,Confirmed] https://launchpad.net/bugs/784937
<smoser> hggdh, thank you for your help today.
<Patrickdk> hmm, I have good results with apt-cacher-ng, bad with squid
<hggdh> smoser: yes, I concluded it should be this bug, and marked it in the results
<hggdh> smoser: thank you for confirming it
<goddard> what do professionals use to test for server security?
<uvirtbot> New bug: #806782 in php5 (main) "package php5-fpm 5.3.5-1ubuntu7.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/806782
<rallias> How do I install mod_gzip on apache 64bit?
<twb> rallias: sure you don't mean mod_deflate?
<Hannz> greetings
<acklee> hello everybody..
<acklee> just want to ask about apache2 on 11.04
<acklee> is it safe to chown /var/www/*.php to administrator rather than root?
<twb> acklee: no.
<acklee> so how could I edit or modify php files inside /var/www using Text Editor / gedit?
<twb> You don't.
<twb> Firstly, your server should not have a GUI.  Secondly, /var/www is not FHS-compliant and you should not use it.
<twb> Thirdly, best practice is to version control your code, and to only package and upload versions that pass self-tests to the server.
<twb> If you aren't packaging your web app as a proper .deb, this could be achieved using rsync and ssh, with rrsync to restrict the uplaoders' privileges.
<twb> Finally, since a quarter to a third of ALL security issues are PHP-related, you should never use it under any circumstances, since clearly there are systematic problems with the PHP community's ability to produce secure code.
<acklee> oh ok.. one more question.. if /var/www is not FHS-compliant so where is the best place to put DocumentRoot?
<twb> It would make sense to separate (immutable) programs from mutable state, so e.g. /usr/share/foo-app/foo.php, reading config from /etc/foo.ini and writing data to /var/lib/foo-app/
<lei_> Guys, who use ubuntu 11.04 and had installed libvirt?
<twb> If it's inherited code from people who don't understand such things, putting it in /srv/foo or /srv/www would be a reasonable short-term workaround.
<twb> lei_: what is your real question?
<twb> acklee: oh, and /usr/share assumes your program is interpreted; if it's compiled (e.g. prayer is a web-app written in C), you would use /usr/lib instead.
<twb> Actually prayer is a poor example; it has a built-in web server, so its binary is in /sbin.
<lei_> I updated my system yesterday but i found that my libvirtd can not started
<acklee> ok twb  that's great, thanks for your suggestions, I really appreciate it..
<twb> lei_: does it give an error?  If so, what?
<lei_> No, it just can not start, continue to restart, but when i use "ps -ef | grep libvirtd/(or libvirt-bin)" , i can not find it
<lei_> i re-install it, it can not work too...
<twb> Did you check syslog?
<lei_> let me check
<twb> tail -fn0 /var/log/syslog /var/log/auth.log &
<twb> Then "restart libvirt" or something
<nonotza> I just got this error on a new install of 10.04: -bash: php: command not found
<twb> nonotza: PHP is not installed by default.
<nonotza> I installed php
<nonotza> and I printed phpinfo
<twb> nonotza: php5-cli?
<nonotza> ahhh
<nonotza> that's right
<nonotza> thanks
<nonotza> do you know the apt-get package name?
<twb> nonotza: php5-cli?
<nonotza> that's it
<nonotza> hehe
<nonotza> all good now
<twb> (apt-cache search)
<lei_> virt-CommandWait:1229:internal error Child process.
<lei_> then libivrtd exited.
<twb> OK, stop the init job, then run it by hand in the foreground
<twb> Wait a minute... are you saying that *libvirt* doesn't start, or that your VM(s) don't start
<twb> Oh, also, IIRC libvirt defaults to writing logs directly instead of using syslog(), because it's bloody stupid
<twb> So you'll have to look around in /var/log, e.g. find /var/log -mtime -1 -ls
<lei_> I tried it.  I use "libvird -d" or "service libvirt-bin start" ,but both were failed
<lei_> "ps -ef|grep libvirt " can see libvirt
<lei_> sorry can Not
<Alan> How would I go about removing a massively broken package?
<twb> apt-get remove
<Alan> Removing hptraidconf ...
<Alan> dpkg (subprocess): unable to execute installed pre-removal script: No such file or directory
<Alan> this is the problem
<Alan> I can't even --purge it...
<Hannz> hi all, i need help. i've just installed a fresh 10.04, and i can't find eth0 anywhere. ifconfig -a returned only eth1 and lo. after restarting, it changed to eth2 and lo. another restart and it changed to eth3 and lo. i can't make the network running to connect to my router.
<Hannz> note that i'm still very new in command line interface (just learn a bit from https://help.ubuntu.com/10.04/basic-commands/C/index.html). is there any other good resources for me to learn regarding to cli?
<twb> Alan: pastebin output of "more /var/lib/dpkg/info/hptraidconf.p* | cat"
<twb> Hannz: apparently your network card changes its PCI address every time you reboot
<twb> Hannz: is this a VM or something?
<twb> !RUE
<twb> !RUTE
<ubottu> documentation is to be found at http://help.ubuntu.com and http://wiki.ubuntu.com - General linux documentation: http://www.tldp.org - http://rute.2038bug.com
<Hannz> twb: i'm really sorry, is VM = Virtual Machine? i dunno how to answer your question, seriously. i just tried to make a network server for my upstart company's files.
<twb> Hannz: yes, "virtual machine"
<twb> Did you install onto a real computer that you can throw out a window, or is it a virtual computer
<Hannz> no, i don't think it is a vm. i installed it to a real computer
<twb> Then I dunno, your hardware is really weird
<Hannz> googled for vm, and now i'm sure it's definitely not a vm
<Alan> twb: http://paste2.org/p/1506845
<Alan> i think it's possible that the package failed to install properly
<Alan> but even so - nothing in those scripts could error because they're using rm -f, right?
<twb> Alan: there's no reason that should fail
<twb> Unless your root user doesn't have permission to remove files or something...
<twb> If you are feeling ballsy, just rm the prerm script and try again, though this will "void your warranty", as it were
<Alan> twb: http://paste2.org/p/1506848
<Alan> that's the full output of attempting to remove --purge
<Alan> twb: doesn't that just mean it's going to miss stuff now? :|
<twb> Alan: I don't know what's going on
<twb> Alan: maybe those scripts aren't executable?
<twb> Alan: or could be a biarch issue, that gives funny errors.
<Alan> well it seems to have gotten everything plus what's listed in the prerm script...
<twb> Like it says "file not found" instead of "I can't execute 64-bit binary in 32-bit kernel"
<Alan> twb: there's no chance of that kind of error
<Alan> I'm not sure what screwed up there - removing the script "fixed" it...
<Alan> i do know that the package never installed properly in the first place...
<Alan> yay, now i can do updates again
<Alan> every time i went to do updates it was trying to complete the installation of that broken package...
<Alan> well thanks for your help twb :)
<Hannz> twb: i tried to reboot (sudo shutdown -r now) again, and it changed to eth4 now -.-
<twb> 18:01 <twb> Hannz: apparently your network card changes its PCI address every time you reboot
<Hannz> i guess i'll just try to re-install it from scratch
<twb> Hannz: as a workaround you can remove the persistent-net-GENERATOR script from /etc/udev/rules.d/
<twb> Though this can cause problems if you ever have >1 NIC
<Alan> heh, i remember the days before persistent network device names...
<Alan> you update your kernel and BAM no network
<Hannz> i do have 2 nic, but i disabled 1 of them from bios settings. could it be the problem?
<Alan> "What do you mean eth0 is now my firewire port?"
<twb> Hannz: the problem is almost certainly SOMETHING in the BIOS
<Hannz> twb: would reset the defaults in the bios fix that something?
<Hannz> *resetting
<twb> That depends on what the BIOS defaults to.
<Hannz> hmm.. i'll just try something.. thanks for your help :)
<lodott> Hi all, I have a dual-boot issue on an EFI system (Lenovo S205): win installs and boots, but grub in the Server install messes up the boot sequence.
<Hannz> twb: i'm currenty reinstalling, is it okay to have the network configured with dhcp? or should i go back and configure manually?
<EricJ> lodott: are you installing both windows & ubuntu on the same harddrive?
<twb> Hannz: DHCP is fine, as long as you are on a trusted network and the DHCP server is well-behaved
<lodott> EricJ: yes, windows has sda1/2, Ubuntu sda3
<lodott> It probably has to do with the EFI thing, which have not really yet a handle on
<twb> In theory, as long as you install win first and linux second, it should Just Work
<twb> But I haven't dealt with such a system in a looong time
<lodott> yeah, I hoped so too.
<lodott> I followed instructions in the help page "RecoveringUbuntuAfterInstallingWindows" but after "overwriting the MBR" the system does not boot up
<EricJ> I've had some problems setting up dual-boot, but that was splitting win & ubuntu onto different disks.
<EricJ> lodott: you don't even boot into grub?
<lodott> nope, I get into a reboot loop and have to switch off/boot from CD
<EricJ> meh
<lodott> I can get windows back to work by fixing the mbr with the install disk
<rurufufuss> what's the easiest and most secure way to set up a user with root priviledges?
<rurufufuss> I just set up a ubuntu server, probably not a good idea to run around as root eh?
<EricJ> rurufufuss: I'd add him to the sudoers.
<rurufufuss> the user's not set up yet, IIRC there was a command to set up the user, including his home page etc
<rurufufuss> I was wondering if that's correct?
<lodott> Another attempt was to use EasyBCD to boot Ubuntu via Windows, but no luck
<lodott> About the EFI: in the windows install it apparently made a difference if I let the system find the CD or if I manually selected the CD. I am not sure why that should be but could that have an effect on where Ubuntu puts the MBR data?
<lodott> With system finding the CD, windows creates a boot entry on the BIOS level, otherwise installs to the MBR normally
<lodott> With this specific Lenovo the MBR install is needed, otherwise the installed system has problems with shutdown (lenovo bug)
<acklee> lodott: afaik, you can sacrifice the powers of Grub and shift to Windows Boot Loader to boot you into Linux..
<jibel> On Oneiric Alpha2 ISO testing, RAID1 and UEC install are untested
<jibel> http://iso.qa.ubuntu.com/qatracker/test/5890
<jibel> http://iso.qa.ubuntu.com/qatracker/test/5889
<jibel> Anyone to give them a try ?
<lodott> acklee: how would I do that? I tried the EasyBCD tool which is supposed to do just that, but maybe you have a better alternative.
<lodott> acklee: the EasyBCD tool actually located the GRUB2 partition on its own, so my fear is that it has to do with installing the MBR somehow.
<acklee> lodott: http://www.supergrubdisk.org/ provides a specialized rescue disk to restore Windows/Linux.. I havenât used it anytime though..
<Hannz> hello, i have a problem with ethernet settings. it seems that my ethx keeps changing its name (eth1 to eth2 to eth3 and so on), and apparently the hwaddr is also changing its mac address everytime i reboot the server.
<acklee> I don't know the answer to your question, but one way to search for text in files is this: "sudo find /etc|xargs grep eth20" could you pastebin the output of that?
<acklee> Hannz: pastebin for sudo find /etc|xargs grep eth20
<jamespage> jhunt: thanks for taking a look at my upstart query yesterday - turns out I was being a dunce :-)
<Hannz> i'm currently on another notebook so i can't pastebin it. but it returned 20+ lines, all ended with 'Permission denied'.
<jhunt> jamespage: np. If there is some way we can improve the man pages/cookbook to avoid confusion though, let me know.
<acklee> I discovered that others had experienced similar problems with ASUS boards with nVidia NICs, changing their MAC addresses..
<drj_> Hi all. is there a way to "unencrypt" an ecryptfs-encrypted homedir other than copying everything and restoring afterwards?
<acklee> Hannz: Looks like Gigabyte and ASUS have been shipping invalid MAC addresses on some of their boards..
<Hannz> i'm using gigabyte board and its onboard nic
<acklee> Hannz: it just generates a new (valid yet) random MAC address..
<Hannz> acklee: so i have to switch my mainboard?
<acklee> Hannz: cat /etc/udev/rules.d/70-persistent-net.rules
<Hannz> or can we find a way to stop it from generating new mac addresses?
<acklee> Hannz: it would be nice if you can show me the output..
<acklee> Hannz: no, last option is disable your obloard nic in the BIOS..
<Hannz> acklee: i think the 70-persistent-net.rules is making new lines of rules everytime i reboot the box. i checked it before boot and after boot, it just adds a new # PCI device
<acklee> Hannz: and put your new nic to PCI slot..
<uvirtbot> New bug: #806887 in drbd8 (main) "package drbd8-source 2:8.3.7-1ubuntu2.1 failed to install/upgrade: drbd8 kernel module failed to build" [Undecided,New] https://launchpad.net/bugs/806887
<rurufufuss> what is the proper way to start a persistent process on a server?
<rurufufuss> assuming that " ./someprocess &" is actually not the right way
<rurufufuss> that process being one of my binaries made from gcc that is
<lodott> acklee: thanks, I will have a look later
<RoyK> rurufufuss: ./someprocess & will start it well, but unless the process traps SIGHUP, a logout will then stop it
<RoyK> rurufufuss: nohup ./someprocess & will trap SIGHUP
<RoyK> the best way would be to trap SIGHUP from the process itself and perhaps fork in the background also from the process
<knowtheledgeee> I cant seem to be able to call g++ using the exec() function in php, any ideas?
<rurufufuss> RoyK: thanks, I suppose if you trap sighup the process will then have to be killed manually huh
<uvirtbot> New bug: #806930 in mysql-5.1 (main) "package mysql-server-5.1 5.1.54-1ubuntu4 failed to install/upgrade: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 100" [Undecided,New] https://launchpad.net/bugs/806930
<uvirtbot> New bug: #806911 in nova "Split nova-compute into nova-compute-{kvm,xen,etc.}" [Undecided,New] https://launchpad.net/bugs/806911
<Ursinha> good morning teammates
<jamespage> morning Ursinha
<lynxman> Ursinha: o/
<lynxman> jamespage: o/
<zul> yo
<lynxman> zul: o/
<zul> hey lynxman
<Daviey> ls
<Daviey> bah
<Daviey> hello Ursinha !
<lynxman> $ ls
<lynxman> porn
<lynxman> Daviey: :)
<Daviey> lynxman: :o
<serge_> SpamapS: around?
<Daviey> serge_: he's away this week.
<lynxman> Daviey: hehe, still need to send you the pics!
<lynxman> Daviey: and the video
<serge_> Daviey: yeah, but i thought he said he might be on and off around :)
<serge_> Daviey: i gather jameshunt is out too
<Daviey> lynxman: oh dear!
<Daviey> serge_: hmm, i spoke with jhunt yesterday.
<lynxman> Daviey: there's some very scary ones
 * koolhead11 looks at lynxman 
 * lynxman feels stared at
<serge_> Daviey: yeah, i'm pinging him on #upstart, thx
<Daviey> groovy
<koolhead11> lynxman, i thought i joined some other channel :D
<koolhead11> hey Daviey
<lynxman> koolhead11: heh :)
<lynxman> zul: I have a new version of mcollective (1.2.1) ready for you if you fancy :)
<zul> lynxman: sure ill take a look this afternoon
<lynxman> zul: cool, thx
<jibel> jamespage, do you know what's the status of Ubuntu Server EC2 HVM testing ? There's no result on the tracker.
<zul> hggdh: lemme know when i can use the test rig
<hggdh> zul: as soon as UEC testing ends
 * Daviey imagines it'll end abrubtly
<zul> wouldnt have it any other way ;)
<serge_> zul: i want to sync the latest (non-release) lxc for oneiric.  Do you have any reason for me to wait?
<zul> serge_: nope
<serge_> k
<serge_> it'll be a kick-ass update :)
<zul> although /dev/pts doesnt seem to get mounted in the container under libvirt
<stgraber> serge_: I guess with everything that went in git recently it's probably worth trying to convince Daniel to just release ;)
<serge_> stgraber: i've asked him, can you also ask him?
<stgraber> serge_: sure
<serge_> i agree, 0.7.5 seems worth yagginh
<serge_> tagging, even
<serge_> thx
<RoyK> rurufufuss: not really - read up about unix and signals
<rurufufuss> RoyK: so you mean if I have a C program, do signal(SIGHUP, whatverfunction)
<rurufufuss> and whatever function just does nothing
<rurufufuss> you mean that's actually not enough?
<RoyK> rurufufuss: basically, yes
<RoyK> rurufufuss: and the signals have different meanings, different use etc
<RoyK> for instance, HUP is sent when a terminal is closed, TERM is the basic signal sent by kill(1), some signals shouldn't be trapped (for example SIGSEGV) and others can't be trapped (SIGKILL)
<alamar> advanced programming in the unix environment is a good lecture fo stuff like this (if a library of yours has it you should take a look)
<alamar> lecture? I mean reference Ithink
<rurufufuss> hmm ic
<rurufufuss> I mean, I just want a program of mine to not terminate
<rurufufuss> like, I want to log in to a remote box, run it, and log off
<rurufufuss> (it's a fastcgi application)
<rurufufuss> I suppose using nohup suffices huh
<alamar> you could run it in screen, with nohup or disown
<alamar> or do signal handling yourself. if you want it to act like a daemon there is a good entry in the unix programming faq for that
<alamar> http://www.unixguide.net/unix/programming/1.7.shtml if you're interested
<rurufufuss> thanks
<rurufufuss> when you said with screen, nohup or disown
<rurufufuss> that's "either screen, nohup, or disown", not "with screen AND either nohup or disown" right?
<RoyK> rurufufuss: man screen etc
<RoyK> either one will do
<rurufufuss> cool, thanks!
<RoyK> there's usually some 10+ ways to do things :)
<rurufufuss> what's the chances handling a signal to SIGHUP and doing nothing on the handler will also work?
<rurufufuss> I would test this myself if I could, but its not compiled yet :/
<RoyK> that'll trap SIGHUP, yes
<rurufufuss> sweet
<RoyK> and ignore it
<RoyK> but if something sends it a SIGTERM, it'll die
<RoyK> unless that's trapped as well
<rurufufuss> but if I run it with & it wont get sigterm would it?
<rurufufuss> well, I suppose I could just test when I get the chance to
<RoyK> nohup is the only wrapper I know that traps signals - & is only to background it, and that one doesn't trap anything
<RoyK> you could write a trapeverything wrapper, but normally you want software to stop when it's told to
<RoyK> or if it crashes
<RoyK> trapping SIGSEGV could lead you into interesting times indeed
<uvirtbot> New bug: #807038 in dbconfig-common (main) "dbconfig-common fails to preseed phpmyadmin on natty/lucid" [Undecided,New] https://launchpad.net/bugs/807038
<RoAkSoAx> adam_g: ping
<Daviey> everyhting seems oddly quiet... has disaster hit?
<RoyK> Â 
<serge_> zul: oh, silly me.  we're in soft freeze
<stgraber> serge_: not anymore. Got lifted this morning (european time)
<serge_> ah, cool, thx
<TheEvilPhoenix> this channel is always quieter than some of the other ubuntu channels :P
<TheEvilPhoenix> question.  any idea why Server won't install correctly on a Dell POweredge 2600 in hardware RAID5?
<TheEvilPhoenix> i end up with an infinite boot loop
<genii-around> TheEvilPhoenix: Did you set up the raid array in the hardware before installing?
<TheEvilPhoenix> yeah
<genii-around> TheEvilPhoenix: Is grub entry using the uuid of the array, or sdaX type entry for loading the kernel from?
<TheEvilPhoenix> i'll have to check, i'm not at the system atm.
<uvirtbot> New bug: #807091 in nova (universe) "error: internal error character device (null) is not using a PTY" [Undecided,New] https://launchpad.net/bugs/807091
<TheEvilPhoenix> i'll come back once i got that info
<adam_g> RoAkSoAx: hey
<RoAkSoAx> adam_g: hey, never mind :)
<uvirtbot> New bug: #807110 in nmap (main) "Sync nmap 5.21-1.1 (main) from Debian unstable (main)" [Wishlist,New] https://launchpad.net/bugs/807110
<smoser> Daviey, around ?
<smoser> Ben is still utlemming? he's not here.
<Daviey> smoser: ack
<smoser> http://uec-images.ubuntu.com/releases/oneiric/ has 'alpha-2' and 'alpha-2a'
<smoser> on nectarine 2a has been deleted.
<smoser> i'm going to run 'trigger-sync' there, which will delete from uec-images also
<smoser> they seem to have identical content, but didn't know what 2a was and wanted to check before i cleaned there.
<Daviey> utlemmin
<Daviey> smoser: I just pinged him on another irc network, think he should be here soon.
<Daviey> ]
 * Daviey spots utlemming's irc failure.
 * utlemming was on other irc channels
 * utlemming but is now in the right spot
<zul> soren: ping
<soren> zul: 'sup?
<zul> soren: why do you want to break up nova-compute?
<uvirtbot> New bug: #807153 in bind9 (main) "named does not shut down after "service bind9 stop"" [Undecided,New] https://launchpad.net/bugs/807153
<soren> zul: I thought I explained in the bug?
<zul> soren: right it looks overly complicated i think
<soren> How so?
<soren> zul: I thought you of all people would be happy with an easy way to use Xen or LXC with nova without mucking around with config files.
<zul> nm...im not thinking today
<outer_space> how can ubuntu render php files instead of downloading them, latest ubuntu with tasksel lamp installed
<jeeves__> is anyone here today?  I'm getting "rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=199, length=20" and I'm trying to figure out why
<jamespage> jibel: I believe the HVM AMI's are broken ATM - utlemming or smoser would be able to confirm
<utlemming> Yes the HVM AMI's are broken. We are working with Amazon to address the problem
<jamespage> thanks utlemming - I thought that was the case
<utlemming> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/791850
<uvirtbot> Launchpad bug 791850 in linux "oneiric cluster compute instances do not boot" [Undecided,Confirmed]
<jamespage> ta
<jeeves__> do I have to make a new entry into the client.conf file for each access point I need access to my FreeRadius server for?
<lifeless> serge_: hi :)
<jeeves__> lifeless, hey
<lifeless> hi?
<serge_> lifeless: hey
<lifeless> serge_: would you like a new lxc script that takes a shutdown container, makes an aufs overlay and starts it up
<serge_> lifeless: yeah
<lifeless> ok, ew have one, I'll see about generalising
<lifeless> *we*
<lifeless> on the cgroup-bin thing
<serge_> lifeless: cool, thanks.  should we integrate that into lxc-start you think?
<serge_> lxc-start -a for aufs?
<lifeless> making everyone that wants to use lxc manually mount the filesystem seems ugly
<lifeless> I replied to the bug
<serge_> lifeless: we don't make everyone
<lifeless> but as its closed you might not see it ;)
<serge_> what's the bug# again?
<BrixSat> hello, i have a site and it has a lot of users and it makes the machine not respond to all  with all the accesses (overloaded) how can i make with a second machine reduce the overload of the first one?
<lifeless> serge_: bug 800456
<uvirtbot> Launchpad bug 800456 in lxc "no dependency on cgroup-bin" [Undecided,Invalid] https://launchpad.net/bugs/800456
<lifeless> BrixSat: what sort of site?
<BrixSat> it is a radio network site
<lifeless> I mean, is it a website? static content or dynamic?
<BrixSat> dynamic
<serge_> lifeless: what exactly does a 'Suggests' entry do then?  pop up a msg while installing?
<lifeless> serge_: nothing, but its one of the first places people look when something doesn't work.
<BrixSat> lifeless: dynamic website
<serge_> I'm fine adding a suggests now that cgroup-bin plays nice :)
<lifeless> serge_: recommends or stronger would be better
<serge_> lifeless: ok
<serge_> wonder how i can gauge whether users would be annoyed by that
<lifeless> serge_: http://www.debian.org/doc/debian-policy/ch-relationships.html#s-binarydeps
<serge_> th
<lifeless> serge_: if cgroups-bin can be disabled
<serge_> x
<lifeless> serge_: then users who want to do it manually could disable
<serge_> well i suppose a .override file should work, if those are in upstart now
<lifeless> though recommends is the usual place to put 'you should have this but can decide not to if you want'
<lifeless> 'The Recommends field should list packages that would be found together with this one in all but unusual installations.'
<BrixSat> lifeless:  any ideia?
<serge_> right but we treat Recommends as stronger than debian does right
<serge_> ?
<uvirtbot> New bug: #807222 in tomcat6 (main) "Sync tomcat6 6.0.32-5 (main) from Debian unstable (main)" [Wishlist,New] https://launchpad.net/bugs/807222
<lifeless> serge_: nope, we, like debian, install recommends by default but allow it to be removed (or not installed if the user toggles the option)
<lifeless> BrixSat: if its a dynamic site, do you know if the database is overloaded, or your (php|perl|python) code, or the memory use on the machine?
<serge_> lifeless: and if existing users do an upgrade, will it auto-install a new recommends?
<lifeless> BrixSat: the solutions are different based on the actual problem :)
<serge_> stgraber: if you still ahve that source tree handy,
<lifeless> serge_: yes; but we're going to have more users eventually than we have today, so upgrades are a consideration not an overriding rule :)
<BrixSat> lifeless:  well the machine just can hang thousands of connections per seconds
<stgraber> serge_: yep, it's still there
<lifeless> serge_: oh, let me rephrase - if you dist-upgrade I think it installs new recommends, a daily upgrade won't.
<serge_> do you mind adding cgroup-bin to the Recommends?  :)
<serge_> stgraber: for bug 800456
<uvirtbot> Launchpad bug 800456 in lxc "no dependency on cgroup-bin" [Undecided,Invalid] https://launchpad.net/bugs/800456
<lifeless> BrixSat: for that, I suggest rate limiting in your front end
<BrixSat> rate limiting? humm
<BrixSat> lifeless:  whtat would that consist?
<lifeless> BrixSat: determine what concurrent request count your server can serve without bogging down,and then configure apache|haproxy|squid|varnish - whatever you have as your entry point - to only forward that many connections to your dynamic code at once
<stgraber> serge_: uploaded
<lifeless> it will stop the machine hanging, though it won't add capacity.
<serge_> stgraber: remind me to buy you a beer at the sprint
<serge_> thanks, gnight
<BrixSat> lifeless: cant i have a second host able to do the same as the first host?
<lifeless> separately, if you need more capacity, you need to determine what you need more capacity of - database, frontend, bandwidth - and cluster-or-increase that somehow
<lifeless> BrixSat: yes, but if you don't manage the concurrent work, it will still overload and fail and then that will cascade across your whole cluster.
<lifeless> BrixSat: the very first thing you need is a concurrent work limiter, it makes everything else -much- easier to tackle
<lifeless> we use haproxy for launchpad.net, for instance.
<BrixSat> haproxy does that?
 * patdk-wk is just using ipvs these days
<lifeless> serge_: thanks!
<patdk-wk> the linux firewall can do that :)
<lifeless> BrixSat: yes,
<lifeless> patdk-wk: not as nicely (for users that exceed the limits)
<BrixSat> if server1 fails will the second one be able to reply?
<patdk-wk> ya, defently doesn't give you a nice error though :)
<lifeless> patdk-wk: also things like persistent connections aren't handled by iptables solutions, it can't tell 'possible work' vs 'actual work'. haproxy can be configured to do that.
<lifeless> BrixSat: not for the failed request. For subsequent requests, yes.
<BrixSat> nice :)
<BrixSat> thanks
<patdk-wk> heh? possible vs actual?
<patdk-wk> any request that hits the server is actual work
<uvirtbot> New bug: #807233 in mcollective (universe) "mcollective not working with rabbitmq" [Undecided,New] https://launchpad.net/bugs/807233
<uvirtbot> New bug: #807240 in rrdtool (main) "Please merge rrdtool 1.4.3-3.1 (main) from Debian unstable (main)" [Wishlist,Confirmed] https://launchpad.net/bugs/807240
<lifeless> patdk-wk: yes, but tcp connection != http request
<lifeless> patdk-wk: so http persistent connections will sit idle for (usually) up to 30 seconds
<lifeless> patdk-wk: if you say 'machinehas 4 cores, can handle 4 requests concurrently, and then limit to 4 http connections, you'd lost 30 seconds of processing per core per connection
<lifeless> patdk-wk: if you fudge it and multiply out to get a guesstimate, then a bunch of near-simultaneous requests coming in can flood the server and bog things down
<jeeves__> why does my server keep trying to use "::1..." (the local ipv6 address) and NOT 127.0.0.1?
<cloakable> check /etc/hosts
<WMP> hello
<WMP> how to build package with my, modyfited kernel?
<MACscr> which is the name of the kernel that i should be running for 10.4 LTS. Is it kernel 2.6.32-32-server?
<MACscr> this is a xen guest. The xen kernels i guess arent used anymore
<patdk-lap> that is not a xen kernel
<patdk-lap> 2.6.32-316-ec2 is
<MACscr> that doesnt seem right. why the -ec2?
<MACscr> i thought the paravirt drivers were included after 2.6.27
<MACscr> whats the difference between -server and -generic
<WMP> server have other kernel timing
<patdk-lap> depends
<WMP> generic is to desktop
<patdk-lap> tz clock rate, pae enable, ...
<WMP> yes
<WMP> server is to server ;)
<MACscr> hmm, well i upgraded a xen guest (whihc is being used as a web server) which was Ubuntu 8.04.3 LTS, kernel 2.6.24-25-xen to 10.4 LTS, but it only seemed to install the generic kernel
<MACscr> and it didnt even touch menu.1st. So luckily i caught that before rebooting or else it wouldnt have even booted since the xen kernel isnt compatible with 10.4
<patdk-lap> last time I did that, the guest was trashed
<MACscr> this a 64bit system mind you
<patdk-lap> so was mine
<patdk-lap> so I use the -ec2 kernel now
<patdk-lap> looks like kernels since 2.6.23 have included xen stuff
<MACscr> well i have another system that is runnng 10.4 LTS with 2.6.32-32-server #62-Ubuntu SMP Wed Apr 20 22:07:43 UTC 2011 x86_64 GNU/Linux
<MACscr> and its fine, but wasnt sure if that was still the correct way to go
<cb1609> is there a good logging program for ubuntu-server? all my users are logging in via ssh.
<MACscr> grr, my timing is off again though on that working system.
<lifeless> serge_: where should I get the source for your current lxc package?
<patdk-lap> hmm, looks like the kernel should work
<patdk-lap> guess my issue was the xen blkdev is a module and wasn't in initrd correctly
<smoser> it was today
<serge_> lifeless: it's in the oneiric archive
<serge_> (i dont' have my own lp branch for the latest)
<lifeless> kk
<adam_g> smoser: W: Failed to fetch bzip2:/var/lib/apt/lists/partial/us-east-1.ec2.archive.ubuntu.com_ubuntu_dists_natty-updates_universe_binary-i386_Packages  Hash Sum mismatch  , any idea?
<BrixSat> hey
<BrixSat> i have a questioni have a site wich is often confronted with high bandwidth and cpu, will ubuntu cloud and 2 servers make a kind of load balance?
<WMP> anybody know how to in make-kpkg make tiny and nice kernel name?
<MACscr> patdk-lap: i still wonder though if the ec2 kernel is a bit more optimized and might be a little faster/leaner than the -server kernel
<MACscr> update-grub still doesnt work on a xen guest either =/
<WMP> BrixSat: hmmm, maybe nginx? but nginx havent loadbalancing per bandtwitch
<BrixSat> WMP: is it diferent having ubuntu-server or ubuntu-cloud? will i notice diferent performances?
<WMP> i don't know ubuntu-cloud
<WMP> all servers i make in ubuntu-server
<BrixSat> WMP:  the problem is one of my servers get a lot of ddos
<patdk-lap> there is no thing as ubuntu-cloud
<patdk-lap> unless you mean ubuntu-uec
<patdk-lap> and yes, you will see a difference
<MACscr> patdk-lap: also, are you doing anything special to get your ubuntu guests to keep the correct date/time?
<BrixSat> patdk-lap: if a server get a ddos atack will all the cloud stop?
<patdk-lap> macscr, nope
<WMP> BrixSat: you shoud invest in hardware firewall
<MACscr> patdk-lap: are you by chance using pvgrub or pygrub though?
<patdk-lap> brixsat, depends on the ddos
<BrixSat> WMP:  cant afford it
<patdk-lap> macscr, nope
<BrixSat> patdk-lap:  ddos (udp flood=
<patdk-lap> ddos can be hundreds of thousands of things
<patdk-lap> all it means is you have too much from too many places at once
<BrixSat> patdk-lap:  usualy from 3 or 4 ip's
<patdk-lap> what udp services do you provide?
<patdk-lap> that is hardly a ddos, that is much more a dos
<patdk-lap> and easy to block using simple firewall rules
<BrixSat> patdk-lap:  none, i have no udp
<patdk-lap> then how the hell could a udp flood take you down?
<BrixSat> cause thousands of connections per second
<patdk-lap> udp doesn't make connections
<patdk-lap> therefor that isn't the issue
<BrixSat> the machine was goind up and down no network availiable
<patdk-lap> do you have stats on incoming/outgoing packet counts?
<BrixSat> sim
<BrixSat> yes
<patdk-lap> how many packets in and out?
<patdk-lap> hmm, actually might of been icmp replies, so probably wouldn't help
<patdk-lap> you need to configure a firewall desperately
<patdk-lap> be it soft, hard, or other
<BrixSat> patdk-lap:  i was having 11mpbs of network load
<patdk-lap> but a crapload of udp shouldn't be able to take down a server
<patdk-lap> expecually at 11mbit
<patdk-lap> I have handled that much ntp traffic without an issue
<BrixSat> but in my case the server stops reacting and crashes
<BrixSat> or i shutit down first
<patdk-lap> so you say
<patdk-lap> therefor I don't believe it was udp traffic that did this
<BrixSat> my datacenter said it was
<patdk-lap> well, you have two solutions
<ahs3> what kind of udp traffic?  ntp?  icmp?  dns?  there are all sorts of dns attacks in the wild
<patdk-lap> get a firewall to reject stuff, and hopefully ban ip's that do that
<patdk-lap> or get your datacenter to do it for you
<patdk-lap> he said he wasn't running a udp server, so it shouldn't matter what type
<BrixSat> ahs3:  it was icmp, and ntp
<patdk-lap> what ip address?
<BrixSat> the source?
<BrixSat> or my machine?
<patdk-lap> the ip address on your machine they where *attacking*
<BrixSat> 79.143.184.210
<patdk-lap> hmm, that seems good atleast
<patdk-lap> there are craploads of really bad ntp stuff, that when it doesn't get a reply, it hammers the server harder
<BrixSat> patdk-lap:  yes now it is i had to replace the ip
<patdk-lap> heh?
<BrixSat> it was before .209
<patdk-lap> I asked what ip they attacked
<patdk-lap> not what you have now
<patdk-lap> no difference
<BrixSat> hoo it is a 79.143.184.209
<BrixSat> that is not assigned to anything now (only dns resolution)
<patdk-lap> ya, you badly need to fix your firewall
<patdk-lap> install a firewall on that box, and set it to DROP everything
<patdk-lap> that will kill the icmp stuff
<patdk-lap> and should kill the load you had
<patdk-lap> I also see all kinds of fun stuff open, like dns, you said you where not running udp services
<alamar> BrixSat: you get a "ddos" from 3 or 4 ips?
<patdk-lap> also your x11 ports are exposed
<BrixSat> yes
<BrixSat> american ips
<BrixSat> x11 ports?
<patdk-lap> http://pastebin.com/AQN6GLKj
<patdk-lap> those closed ports, should say stealth instead
<alamar> well if they are static you could just block them using netfilter. (or even ask upstream to do it for you)
<patdk-lap> alamar, and if he just didn't produce icmp replies to every packet, he probably wouldn't have to block them
<alamar> patdk-lap: having icmp work is not a bad thing per se
<patdk-lap> I didn't say break icmp
<patdk-lap> but have icmp not reply with port closed
<alamar> but you should probably rate limit it if it causes problems
<BrixSat> alamar:  how can i do it?
<alamar> there is an iptables module for that. google icmp rate limiting. but it's probably the easiest way to just nullroute or filter the source addresses that cause your problems in general
<BrixSat> thks
#ubuntu-server 2011-07-08
<mares> hello
<mares> hello
<mares> xczxczx
<mares> hello
<mares> i have a question about installing ubuntu-server 64bit on vmware
<mares> is there anyone willing to help me ?
<twb> !anyone
<ubottu> A high percentage of the first questions asked in this channel start with "Does anyone/anybody..." Why not ask your next question (the real one) and find out? See also !details, !gq, and !poll.
<twb> mares: vmware what, esxi?
<mares> twb: hey, i downloaded ubuntu-server 64bit and try to install it on vmware
<mares> twb: but wen i restart machine, black screen pop up with no options !?
<twb> mares: vmware is a company, not a program.
<twb> mares: what vmware product are you using?
<mares> twb: sry, vmware workstation
<mares> i just want to setup lamp server to practice with php,mysql etc.
<twb> Does that product normally give you any (emulated) BIOS boot screens?
<mares> twb: yes
<twb> Do you see those?
<mares> yep
<twb> And it goes black immediately after that?  You don't see *anything* from the install CD?
<mares> i installed it, but when i restart my machine it goes black
<mares> i installed it from iso image downloaded from ubuntu site
<twb> OK, so after the install, you reboot, and see the BIOS prompts again?  And immediately after the BIOS part, it goes black?
<mares> yea
<twb> This is 10.04
<twb> ?
<mares> 11
<mares> latest version
<mares> is there any guide that i can follow up on installing virtual ubuntu server
<twb> I'm not sure what's happening, but I would guess that it's either switching to the wrong VT (in which case, try Ctrl+Alt+F1) or the splash crap is doing the wrong thing, or it's switching to a video mode that confuses vmware-workstation.
<twb> Also try hitting Escape once you hit the black screen
<mares> ill try that, thanks
<twb> Try booting a live CD, and turning off vga/vesa/splash-related stuff in grub's config
<twb> Try installing 10.04 instead of 11.04.
<mares> ok
<twb> Also try using kvm instead of vmware crap :_)
<mares> hehe, i installed vm virtualbox and same happens
<mares> i went through installation wizard and all stuff
<mares> and when i restart , black screen :P
<twb> oracle virtualbox is also proprietary crap
<mares> lol
<mares> so u suggest kvm ?
<twb> Yes.
<mares> ok, lets try it, thanks!
<MACscr> hmm, is php-fpm not available directly from ubuntu?
<MACscr> aka, is a third party ppa required?
<twb> php5-fpm
<MACscr> no diff
<MACscr> im following a third party tutorial and they never mentioned loading an extra ppa. So thats why im wondering
<MACscr> i loaded the brianmercer ppa, but then noticed that after i got php5-fpm installed and nginx, then tried to install php-apc, it tries to install apache as well, which i obviously dont need
<twb> MACscr: you are wrong.  php5-fpm is in Ubuntu.
<twb> Enable the "universe" component.
<twb> http://paste.debian.net/122267/
<MACscr> i dont see lucid mentioned there
<twb> Ah, sorry
<MACscr> so maybe its not available for LTS?
<twb> Looks like it was removed for a while, then came back in oneiric
<MACscr> which is what i would think most server users would be using
<twb> Probably because it had release-critical bugs when lucid was released
<twb> So yeah, you will have to do a PPA or something
<twb> Or maybe PEAR, dunno if that's a good idea on Ubuntu
<MACscr> ok, so how about installing php-apc without it wanting to do apache stuff?
<twb> MACscr: as in, you "apt-get install php-apc" and it pulls in apache?
<twb> That's because php-apc depends on phpapi-20090626, which is a virtual package provided by apache, php5-fpm, php5-cgi and php5-cli
<twb> Ah, php5-fpm is a binary package built from the php5 source package.  So as to why it is absent, you will have to look at the /usr/share/doc/php5-fpm/Debian.changelog.gz
<twb> Looks like FPM was turned off in 5.3.3-2 and reenabled in http://bugs.debian.org/603174 (5.3.5-1).
<MACscr> hmm, so i need to be running maverick or newer?
<twb> Sorry, I have work to do
<uvirtbot> New bug: #807324 in bind9 (main) "BIND 9.7.0 (ie., lucid) is overly strict on authoritative responses missing the "aa" flag" [Undecided,New] https://launchpad.net/bugs/807324
<MACscr> how can i change the name of my partitions from xvda to sda, etc? Its a xen guest, but im using a premade image and i want to change it so that its using the same naming scheme as the rest of my guests
<MACscr> its a xen guest btw. I know how to change it within grub and fstab, and with the guest.cfg, but im not 100% sure where else it needs to be changed
<twb> MACscr: well the bootloader/initrd is probably going by UUID, so you only need to edit /etc/fstab
<MACscr> i dont think it is, because it didnt boot when i tried that. Got to busy box and i did: cat /proc/partitions and it still showed xvda
<twb> Well, grub is exceptionally stupid
<twb> MACscr: OK, what *is* in partitions?
<MACscr> twb: http://pastebin.com/ahY0MEQQ
<twb> Guess you want xvda1 then
<MACscr> right, but im trying to change it to sda1 and so on =P
<twb> Uh, what?
<cjs> What channel would be good to ask questions about SATA vs. e-SATA connectors? (I have an allegedly-e-SATA cardbus card that has SATA conectors, and the same for a drive. I also have cables that have a SATA connector on one end and e-SATA on the other.)
<lifeless> uhm
<lifeless> here, or perhaps google around for FAQs about sata?
<lifeless> serge_: lxc-start looks like C; I'll just do the shell script for now ;)
<cjs> Well, my question's above. WTF is up with an external SATA card and external SATA drive both using internal connectors?
<twb> cjs: the main reason esata has different connectors is because the cable needs to work outside the case's shielding
<twb> cjs: there's no real reason internal sata cabling won't work externally, although I admit it's weird and dumb to ship gear that way
<cjs> I understand that. The cables are driven at higher voltage, better shielded, and have stronger connectors that are rated for more insertions/removals.
<cjs> Well, I'd wonder about RF issues if using internal cables externally.
<cjs> But this silly PC-Card says "e-SATA" right on it.
<cjs> Perhaps they're using SATA connectors due to space issues (the limited height on the edge of the card) but it's otherwise an e-SATA interface?
<rurufufuss> ahem, how do you get bash to run a command for you?
<rurufufuss> e.g "bash -e ls", but that seems to spit out some weird error
<cjs> Did you want "bash -c ls"?
<cjs> Oh, I see: "bash -e -c ls".
<rurufufuss> thanks
<twb> cjs: I think he expected bash -e to be like perl/sed -e
<cjs> rurufufuss: -e means exist on any untested error. E.g., "false" will exit, but "if false; then true; fi" will not.
<rurufufuss> ah, I see
<rurufufuss> yeah I thought -e is execute
<twb> rurufufuss: that's called -c in bash
<twb> cjs: technically both will EXIT
<twb> But cf. bash -xec 'false;pwd' vs. bash -xec ':;pwd'
<cjs> Of course I meant, "exit immediately after executing the failing command."
<lifeless> serge_: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/807351
<uvirtbot> Launchpad bug 807351 in lxc "it would be cool to be able to clone an lxc container onto aufs for test runs - ephemeral containers" [Undecided,New]
<MACscr> why would ipv6 ip addresses be showing in ifconfig if they arent listed in /etc/network/interfaces?
<MACscr> i definitely dont have any type of dhcp going either
<ayambit> you should disable iv6 on ur system
<MACscr> grr, i had a system running, installed linux-server (so i could switch from generic to server for the kernel), ran grub-update, rebooted. Now it says the disk im trying to load doesnt exist. Its trying it using whatever UUID it created. So in grub, i tried doing root=/dev/xvda instead, but same error
<MACscr> just seems odd that the UUID would be wrong if thats obviously what was automatically generated because thats what it had found
<MACscr> but either way, the /dev/xvda should have worked
<MACscr> now neither kernel will load
<jibel> jamespage, about bug 791454, you think the test case is wrong ?
<uvirtbot> Launchpad bug 791454 in mdadm "RAID1 Test Failed: Device need to be readded manually" [High,Opinion] https://launchpad.net/bugs/791454
<jamespage> jibel: well it might have been right once - but its not for natty or oneiric
<jamespage> I have not had time to test maverick/lucid
<jamespage> its kind of an odd test todo anyway
<jamespage> if you had an actual drive failure and had to replace then automated recover would not be an option
<jamespage> as you would have to create the partition table first and then re-assemble the array
<Daviey> jibel: I was thinking the same as jamespage.
<jibel> Daviey, jamespage I tend to agree. Could someone from the server team update the test case with the expected behavior then ?
<Daviey> jibel: is this step 16 or 17?
<jibel> Daviey, 16.l There should be no need to add any missing devices back to the RAIDs manually. Otherwise, there is a bug!
<Daviey> Ah!
<Daviey> This isn't testing inserting a new disk.. but if a disk gets disconnected, reconnected - does mdad rebuild it without requiring input
<Guest19514> hi, would appreciate help with updating midnight commander
<Guest19514> i'm running 10.04 LTS, and just installed "sudo apt-get install mc"
<Guest19514> however, this resulted in version 4.7.0 of mc, while their website says that 4.7.5 is stable
<Guest19514> how do I get that new version?
<SpamapS> Guest19514: looks like the debian maintainer hasn't updated the package yet. You should probably file a bug against it in debian at bugs.debian.org
<Daviey> hey SpamapS !
<SpamapS> Daviey: hello!
<slhsen> hi, we noticed that one of our web servers started to appear in public proxy lists. Previously we received huge amount of traffic and disabled foreign ip blocks via iptables. Obviously these two are related. Any advice for preventing this from happening again?
<patdk-wk> if that is all you did, you still have the proxy issue
<patdk-wk> fix the proxy issue?
<slhsen> patdk-wk, i suppose so
<patdk-wk> that can either be a webserver config issue, or a security hole in an webcgi
<slhsen> no we haven't fixed it yet. iptables was just a temporary solution.
<slhsen> and frankly, i have no idea about the solution
<patdk-wk> I don't blame you there, cause we don't know where the issue is yet, other than there is one
<patdk-wk> this is where looking at your log files, during that massive traffic usage normally helps
<slhsen> i think, probably something wrong with our apache mod_proxy configuration but i'm not sure what it is.
<slhsen> log files shown outgoing http requests from a lot of different ips
<Ursinha> good morning
<lynxman> Ursinha: bom dia
<jpds> ÑÑÐ¾?
<Ursinha> lynxman: buenos dias :)
<Ursinha> jpds: kak dela
<jpds> Ursinha: Ð²ÑÐµ Ð¼Ð½Ðµ Ð¾ÑÐµÐ½Ñ ÑÐ¾ÑÐ¾ÑÐ¾, Ð¸ Ñ ÑÐµÐ±Ñ?
<Ursinha> I understand, but don't know how to reply
<Ursinha> hahahaha
<Ursinha> jpds: are you fluent in Russian?
<lynxman> Ursinha: he is by now
<Ursinha> haha
<lynxman> zul: hey you think you can get to my package today? :)
<zul> lynxman: yes hopefully but there is other people who can review it as well
<lynxman> zul: that's why I'm asking, don't want to stress you ;)
<zul> lynxman: im not stressed...just busy
<lynxman> zul: np then :)
<orudie> whats a good way to upgrade ubuntu server from 10.04 to 11.04 ?
<patdk-wk> going from 10.04 -> 10.10 -> 11.04
<tyreza> hello
<tyreza> after an error on /dev/sda1 i reboot my system with a livecd
<tyreza> where i have done
<tyreza> fsck.ext3 /dev/sda1
<tyreza> is it the correct way ?
<tyreza> after an error on /dev/sda1 i reboot my system with a livecd
<orudie> hmm, I just tried sudo do-release-upgrade
<orudie> but i'm getting - already at the latest version
<orudie> anyone ?
<uvirtbot> New bug: #807534 in exim4 (main) "package exim4-base 4.74-1ubuntu1.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/807534
<orudie> I have server 10.04 and when I do sudo do-release-upgrade it tells me already at the latest vesrion
<orudie> any idea what I'm doing wrong here ?
<patdk-wk> orudie, no newer lts release is out yet, 12.04
<serge_> Daviey: hey, in an hour or so, can I get you to sponsor a cgroup package for me?
<Daviey> serge_: sure thing!
<serge_> Daviey: thx
<stgraber> serge_: fixing the init script? :)
<serge_> stgraber: yeah, rolling that in with one other fix
<stgraber> cool
<serge_> it was an idiotic snafu on my part
<stgraber> I also need to upload a new arkose today as libcgroup broke it :)
<serge_> now i just want to make sure i didn't accidentally break something :)
<serge_> how did it do that?
<serge_> i'm looking for some time to try out arkose
<serge_> i want to start running everything under it :)
<serge_> especially once you integrate apparmor (you said you were doing that right?)
<stgraber> arkose used to mount a cgroup filesystem just before calling lxc-execute. That used to work quite well but now the mount call fails as cgroup is already mounted ;)
<serge_> ah, so waht really broke it was lxc now recommending cgroup-bin?
<stgraber> yep, the idea is to get apparmor support into it and just use apparmor or lxc or both depending on what the profile describes
<stgraber> yeah, arkose depends on lxc which recommends cgroup-bin :)
<stgraber> anyway I made this specific mount() call optional, so if it fails it'll just continue and use whatever cgroup fs already exists
<stgraber> just need to release 1.2.2 with that fix and upload it to the archive
<Daviey> serge_: Are you able to assist with bug 776103?
<uvirtbot> Launchpad bug 776103 in open-vm-tools "package open-vm-dkms 2011.03.28-387002-0ubuntu2 fails to build against 2.6.39 kernels, due to missing linux/smp_lock.h" [High,In progress] https://launchpad.net/bugs/776103
<serge_> Daviey: i was sort of hoping to get some time on user namespaces after finishing with all this qemu, libvirt, lxc, and cgroup stuff :)
<serge_> Daviey: this is in multiverse?  or universe?
<Daviey> serge_: open-vm-tools, is this not main?
<serge_> Daviey: libcgroup package is at "dget http://people.canonical.com/~serge/libcgroup_0.37.1-1ubuntu3-package/libcgroup_0.37.1-1ubuntu3.dsc
<serge_> Daviey: no it's not, lemme check
<serge_> Daviey: multiverse
<Daviey> bah
<serge_> right, we need to decide whether to move it up to at least universe, bc it's taking up a lot of time
<Daviey> serge_: The assignee is looking for assistance in solving the ftbfs.  If it's not too time intensive, would you be able to help?
<serge_> does it not have a maintainer?
<serge_> sure
<Daviey> serge_: not urgent for *today*.. but you made yourself the team expert in open-vm-tools :)
<serge_> who is that guy who has been posting all the patches?  does he care to be its maintainer?
<Daviey> serge_: shrug.
<serge_> i know almost nothing about open-vm-tools, i looked at the last one bc  i'm comfortable with kernel stuff
<serge_> all right, your sponsoring of libcgroup squashes two bugs, i'll go look at open-vm-tools :)
<utlemming> Daviey: on Bug 791850, it looks like a dead-lock. I spent two hours yesterday with Amazon taking a look at it. The kernel initializes the CPU's and then just sits and spins with high CPU.
<uvirtbot> Launchpad bug 791850 in linux "oneiric cluster compute instances do not boot" [Undecided,Confirmed] https://launchpad.net/bugs/791850
<serge_> Daviey: oh, ok - at least it's on oneiric.  i was afraid this was against natty with a newer kernel or something bogus
<serge_> wonder if nmuench ever hangs out on irc
<Ursinha> Daviey: what's the role of the person that attends the release meeting for each team?
<Daviey> Ursinha: tradionally it's been the tech lead, but there is no reason it has to be that.
<Daviey> zul has also taken the burden of driving it previously aswell.
<Ursinha> right
<Ursinha> trying to understand the teams and who is who
<zul> right i did..
<Ursinha> 6
<Ursinha> argh
<kim0> Hey o/, Got something interesting to talk about in Ubuntu cloud days? â Please add a session to https://wiki.ubuntu.com/UbuntuCloudDays/Timetable .. Thanks
<ColoBill> Folks, I asked some USB 3.0 questions on my local lug mailing list but got only one response saying I should ask here.  I've purchased a few 3 Tb external USB 3.0 hard drives to use as backup devices on ubuntu server 10.04 x86_64.  I am currently using them as USB 2.0 because I have no hardware with 3.0 ports.  I'd sure like to speed this up.  This brings me to a couple questions before a...
<ColoBill> ...purchase any cards.  Is this a good place to ask?
<pmatulis> ColoBill: for where to get hardware?
<RoyK> ColoBill: what do you need to know? if there are drivers available or not?
<RoyK> btw, personally I'd recommend setting up a backup server instead of using USB-connected drives, but that's up to you
<uvirtbot> New bug: #807649 in nagios3 (main) "package nagios3-common 3.2.3-1ubuntu1.2 failed to install/upgrade: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 1" [Undecided,New] https://launchpad.net/bugs/807649
<ColoBill> Roy, the drives are to be put on the backup server to take another copy offsite
<ColoBill> Q1: I believe USB 3.0 is supported in recent kernels.  I am going to put the card in a box running Ubuntu Server 10.04 x86_64.  It should be fine right?
<ColoBill> Q2: I just found one 2-port card on newegg.com for $30 and then went to the manufacturer's website to read the specs.  Although USB 3.0 speeds can be up to 10x USB 2.0 speeds, they are honest enough to say with their card you will only get up to 2x USB 2.0.  Is this a function of the card, PCI or both?  Can I find better that will work?
<ColoBill> Q3: Has anybody out there done this and do you have card suggestions?
<RoyK> ColoBill: 10.04 drivers haven't been updated in a while, so you may need to backport drivers or use a newer distro - try first or get the PCI ID of the card to verify
<ColoBill> RoyK, good idea.  I didn't even think of that.
<adam_g> zul: ping
<zul> adam_g: whats up?
<adam_g> zul: are those lio-utils packages available anywhere?
<zul> adam_g: they are still sitting in binary new i can upload them to a ppa
<adam_g> zul: if you could that'd be sweet, i'd like to test. i haven't touched lio in a while and looked at the utils earlier this week but couldnt get them to work with recent kernel
<zul> adam_g: what went wrong?
<adam_g> zul: it wasn't working with whatevers changed in lio's use of sysfs.
<zul> adam_g: interesting
<adam_g> zul: what version of the utils did you package?
<zul> they should be in ppa:zulcss/ppa in a bit
<adam_g> cool
<adam_g> thanks
<uvirtbot> New bug: #807675 in augeas (main) "please port 0.8.1 for Natty" [Undecided,New] https://launchpad.net/bugs/807675
<serge_> Daviey: did you ever push libcgroup?
<serge_> (not seeing it in rmadison)
<RoAkSoAx> smoser: ping
<serge_> RoAkSoAx: do you mind sponsoring http://people.canonical.com/~serge/libcgroup_0.37.1-1ubuntu3-package/libcgroup_0.37.1-1ubuntu3.dsc ?
<RoAkSoAx> sure thing
<xamanu> Hello, I'm having problems with my ubuntu dedicated server: The IPs of my VPSs are not visible from outside only nmap x.x.x.x -PN shows me that the server is up. So, i guess there is a firewall in between, I removed ufw, bastille and only iptables is running,but seems to be open: http://pastebin.com/szVgpb5P
<xamanu> How can I find another firewall that is blocking my IP?
<xamanu> I'd appreciate your help so much
<RoyK> ask the provider
<xamanu> RoyK Would the provider block all ports of my IP subnet?
<RoyK> give me the IP/subnet and I'll run a scan if you like ;)
<xamanu> RoyK thanks! but I'd like to learn. Is there a command to scan at which state the firewall is active?
<RoAkSoAx> serge_: I get this patch : debian-changes-0.37.1-1ubuntu1 http://paste.ubuntu.com/640383/
<RoyK> xamanu: what happens if you nmap -sT -O x.x.x.1-254 ?
<RoyK> substitute 1-254 with your range
<RoAkSoAx> serge_: which comes from an upload to natty
<xamanu> RoyK Nmap done: 14 IP addresses (0 hosts up) scanned in 12.28 seconds
<RoAkSoAx> serge_: is that intented or something created by quilt :)
<RoyK> xamanu: ask the provider - if you haven't setup a firewall yourself, and ufw is set to allow ICMP, the machine(s) should be visible
<xamanu> RoyK ok thank you. I'll do that. I have set up firewall myself but now opened up everything for testing and couldn't find anything else
<RoyK> xamanu: most providers have a firewall protecting things - I have asked my provider to allow everything through so that I can use ufw to control it myself
<serge_> RoAkSoAx: i'm not sure.  i don't remember why that showed up
<serge_> RoAkSoAx: jbernard may remember.  as i recall he did push it
<serge_> (that is, he applied a debdiff from me)
<RoAkSoAx> serge_:k other than that it looks good but I think we'd need to figure out why's that been created and if we really want it
<RoAkSoAx> if not we could just drop it
<RoAkSoAx> serge_: im building now and will upload after
<xamanu> RoyK ok.but wierd that they activate this from one day to another. anyway I'll just ask them. Thanks!
<serge_> RoAkSoAx: i think i'll open a bug for it, bc none of it rings any bells for me
<RoAkSoAx> serge_: k, uploaded
<serge_> RoAkSoAx: plus, it changes things (like /etc/init.d/cgred.in) which we don't use.  it's weird
<serge_> RoAkSoAx: thanks!
<RoAkSoAx> serge_: yeah that must be a left over from some changes that are not reflected in a patch, or changes that are not really necessary
<serge_> accidental git update maybe
<Deathray> Is it possible to somehow limit/throttle the percentage of CPU my Ubuntu (or a specific user) is allowed to use? The reason I ask is if my virtual server reaches 100% cpu for several seconds, Amazon starts throttling it down to extreme slow speeds. So I want to make sure no process can reach higher than 80%, or if thats not possible that any process can not reach above 50%. Or if thats not possible EITHER, than any user
<Deathray> can not go above X percentage.
<utlemming> Deathray: are you using a t1.micro?
<Deathray> Yes, exactly.
<Deathray> I tried cpulimit which works great, but it will not work with apache2 since it has several workers, and cpulimit will just bind itself tio the first PID it finds named apache2 and neglect the others
<utlemming> Deathray: the t1.micro, well cheap, is prone to that due to the severe resource starvation.
<utlemming> Have you tried cgroups?
<jMCg> How do I list all packages that depend on a certain package -- installed or not?
<Deathray> Yeah exactly which is why I'm trying to work around that by throttling myself. But never heard of it, quite new to Linux so I'll read up on it and see if it can help :)
<utlemming> Deathray: cgroups will likely do what you want. But if you are taking any sort of consistent load, then upgrading to a m1.small might make your life easier.
<jMCg> apt-cache rdepends foo
<utlemming> Deathray: I have lost more sleep over the t1.micro than I care to admit. While it is a useful instance type for prototyping, using as a shell account, etc., any production usage should probably move to an m1.small or bigger.
<Deathray> Yeah that is true, but the thing is im just running a personal blog & teamspeak3 for the small gaming community im in, So the price difference is big for this small project when cheap alternatives are available. but since I'm a nerd i want THIS to work :)
<Deathray> free tier first year/15 usd a month after vs. 70 a month I think it is, is too much :(
<fosterdv> clear
<utlemming> Deathray: Give cgroups a look. The other thing I would watch is memory usage with Apache or even switch to Lighttd to reduce your memory footprint. A common problem with the micro is that they are very memory starved, so swapping is easy. Once you get into a swapping situation, that can push your CPU usage up and lead to hitting the scheduler.
<utlemming> Deathray: Another idea would be to limit the inbound traffic to keep Apache from doing to much, i.e. setup security groups
<fosterdv> Hello everyone... is anyone here pretty familiar with setting up web servers?
<fosterdv> That can help me understand how to set up  virtual hosts, and not need permissions higher than 755?
<Deathray> Interesting, I'll have to look into that. I already implemented CloudFlare to filter out botnets and other bad stuff which has saved my server lots of bandwidth which translates to resources which helps a bit. But sometimes when google crawls my website or some other random linux process decides to do something which spikes at 100% for a couple of seconds, Amazon's incapacitating throttle kicks in and my server dies to t
<Deathray> he point of not even accepting SSH.
<utlemming> Deathray: Google robots.txt and how to opt out of Google indexing -- unless you want the indexing.
<utlemming> Deathray: The not accepting SSH is the scheduler, and is not surprising if your instance is working hard.
<Deathray> Allthough I don't believe Amazon's incapacitating throttling kicks in if I use too much memory, I think it's soley based off of CPU utlization (i even mounted a few gigs of EBS for swap). Based off of Amazon's own documentation I can actually confirm that: http://bit.ly/cGwR3o
<Deathray> Aha, cool
<utlemming> Deathray: the other thing you might want to look at is fail2ban. It is a script that setups iptables for you and looks for patterns in logs and then blocks on it.
<Deathray> That sounds like some cool stuff I would like looking into. But I think a better solution would be to find something more global for the entire OS and all processes, since it would just be a matter of time before some cron task or other Linux task uses enough cpu % to induce the Amazon throttle.
<Deathray> Which is where cgroups that you mentioned may be the solution, I'll have work on it :)
<utlemming> Deathray: One problem that you'll with it your performance may go out the window with cgroups because you'll have to figure out what the max CPU utilization is and then limit the spikes.
<utlemming> Deathray: If you figure it out, blog it. It would be immensely useful to the community
<Deathray> utlemming, Hah this is turning into an interesting project :D You can bet i will! Do you have any tools you can suggest for benchmarking the cpu for testing purposes, so I dont have to open 30 tabs of my blog to cause the throttle to accure?
<utlemming> Deathray: :) I'm an OS and Cloud Guy. I don't have much experience with benchmarking application stacks.
<uvirtbot> New bug: #807770 in backuppc (main) "package backuppc 3.2.0-3ubuntu4 failed to install/upgrade: ErrorMessage: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 1" [Undecided,New] https://launchpad.net/bugs/807770
<Rinsmaster> Is it bad to have postfix running publicly, won't spammers abuse it for sending bulk emails? It seems many sites and ISPs have public SMTP servers, doesn't this get abused?
<alamar> Rinsmaster: define public
<alamar> public as in open relay
<alamar> yes this will get abused
<alamar> and any serious business shouldnt run an open relay as they will get blacklisted very soon(and can no longer serve their customers an appropriate mail service)
<patdk-lap> isn't this why usernames and passwords where invented?
<alamar> this is why all kinds of authentication mechanisms in the smtp field were invented
<Rinsmaster> Ah okay, I understand. Thanks guys :)
<cloakable> virgin runs a semi-restricted smtp server; you can only use it from the virgin network.
<cloakable> but no auth needed
<rewt> what good is that for spammers outside the virgin network? :/
<alamar> if they get a drone inside the virgin network they also get an open relay ;)
<Deathray> utlemming, I've done some tests which seem to prove that limiting the CPU % will not help. They don't throttle you based off of the percentrage of CPU your instance is currently using, but the average over time. I ran sysbench to calculate prime as many times possible for 10 seconds, repeating itself for a minute. And despite throttling 10-20-50%, the total amount of calculations is close to the same at the end, although
<Deathray>  the results dont fluctuate as much on the one's where the benchmark was limited to low amounts such as 10%
<Deathray> So even though sysbench was staying at 50% for the one minute duration, the results every 10 seconds were sometimes very high, but sometimes dropped immensely which is where the amazon throttle kicks in.
<Deathray> But the total amount compared to the test results from the test i made capped to 10%, were the same, just the independent results every 10 seconds were more "stable" and not sometimes dropping to ridiculous amounts.
<utlemming> Deathray: What is your out of cgroup CPU utilization?
<Deathray> I don't know :/ I used cpulimit to limit the benchmark. How would I find that out?
<Deathray> As a conclusion though, I guess I was stupid assuming the amazon throttle was unintellegint enough to never touch my server if i just didnt reach the cap, but it seems it works in a mory dynamic way, balancing your server.. Actually looking at this graph: http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/images/Micro_Bad_Fit_Background_Throttled.png also proves that (which eric hammond actually pointed out)
<Deathray> The interesting thing I found out though, was looking at "top" when the results severely dropped indicating where the amazon throttle occurs, the small "st" inccreases to 95-100%, but the cpu total % would stay the same. What does the "st" in top exactly mean?
<Deathray> and when the test  results go back to normal the st goes back to 0%
<utlemming> Deathray: "st" is more or less "stolen time", which indicates that the guest is blocked on the hypervisor
<Deathray> Aha!
<Deathray> Hmm, so I guess throttling my ubuntu server on my own won't really benifit in any way, I'll have to live with amazon's throttle and find other ways to optimize my server so it uses less CPU, such as the fail2ban you mentioned
<adam_g> are there any UEC images for oneiric server that contain all kernel modules that typically come with -server?
#ubuntu-server 2011-07-09
<Rinsmaster> Quick question: Is there an easy way to make postfix read user:password lines from a passwd file? (but not /etc/passwd)
<patdk-lap> rinsmaster, postfix can't do that
<patdk-lap> but you can configure dovecot-auth to
<Rinsmaster> patdk-lap, I've got dovecot working, it reads from its own passwd file. But I can't get postfix to read from that too
<patdk-lap> postfix doesn't do that at all
<patdk-lap> you have to configure postfix to use dovecot-auth
<patdk-lap> there are examples both on postfix and dovecots website, on how to do so
<RoyK> iirc sasl can be used for postfix
<Rinsmaster> I'm actually using sasl right now: "smtpd_sasl_type = dovecot" In postfix's config
<Rinsmaster> But it doesn't seem to work, and I can also not figure out how to debug it
<patdk-lap> http://www.postfix.org/SASL_README.html
<patdk-lap> http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL
<patdk-lap> first two google hits
<Rinsmaster> I know, I've read through those a few times, but I can't get it working. Thanks anyway :)
<patdk-lap> then your going have to post your dovecot -n and postconf -n configs
<Rinsmaster> Alright, I have to go now though, 2:17 AM already -.-
<Rinsmaster> Thanks for the help, I'll probably be back soon though
<erichammond> utlemming: Just read the last server team minutes.  Congrats on the new position.
<erichammond> utlemming: Are you working with smoser?  The description wasn't clear.
<pr0zoid>  Hey guys i'm running openvpn on an ubuntu server and every few days i have to clear the iptables because i can't hit any sites after i've connect  to the vpn.  i took a dump of the ip tables right before i reset and here is what is there http://pastebin.com/JhQSX79k . I'm not sure how to resolve the problem but someone mentioned removing ufw???
<pr0zoid> how do i do that?
<pr0zoid> but still have iptables
<patdk-lap> man, I dunno how people can use firewalls like that anymore
<patdk-lap> mine are way too complex for that anymore atleast
<pr0zoid> with ufw?
<patdk-lap> ya
<pr0zoid> i just disabled it
<patdk-lap> ufw is nothing more than almost plain iptables
<patdk-lap> I find it odd resetting your firewall fixs the issue
<patdk-lap> most of my issues with openvpn are dropped routes
<sp00fz> anyone can help me with the error when i want to connect on ftpd. It says "421 Service not avalible, remote server has closec connection"
<a1fa> anybody know any service ala dyndns, that runs on your own dns servers?
<flyback> whats the program that runs on login
<flyback> I need to disable that
<flyback> the sysinfo type program
<flyback> cause it hangs for 5-10 mins on this embedded board
<flyback> nm think I found it
<flyback> nope
<flyback> still can't find it
<lifeless> flyback: what does the program do? Have you looked in /etc/init?
<flyback> it was in update-mod something like that
<flyback> I just -x all the programs
<flyback> under that dir
<linux_newby> i have added the following rule into iptables but nat is still not working iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
<rurufufuss> I take it putting ~/bin is dangerous
<rurufufuss> what's the proper way to install your own binary to the system?
<rurufufuss> (that is, so that I can just type its name instead of its absolute path)
<rurufufuss> my bad, ~/bin was already registered, but only got into #path because It didnt exist
<RoyK> rurufufuss: ~bin shouldn't be in $PATH by default, but then, there's no harm in doing so
<rurufufuss> is there any way to check outgoing mails in the past hour or so?
<rurufufuss> e.g ones that were invoked using the sendmail command etc
<oCean> rurufufuss: try /var/log/mail.info and mail.err
<linux_newby> how can i get ip forwarding to stay enabled after a reboot?
<hurp> can ubuntu-server be installed from usb? it's not working for me, using http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/
<RoyK> hurp: there's a howto on how to copy the iso to a usb stick on the ubuntu download page - no need for other software
<hurp> well thing is, i can boot from the usb stick
<RoyK> linux_newby: add it to /etc/sysct.conf
<hurp> but when i click "install to hard drive" all i get is a *beep* sound
<hurp> same if i try to run it from the usb stick
<RoyK> then something is fucked up
<hurp> :\
<RoyK> try with a CD if you have an optical drive
<RoyK> or another usb stick
<hurp> well reason i use usb is because it's the only option..
<linux_newby> so i just add echo "1" > /proc/sys/net/ipv4/ip_forward on a new line in sysct.conf?
<RoyK> erm ... no
<linux_newby> how would you do it?
<RoyK> in sysctl.conf (or preferably a new file under /etc/sysctl.d), add net.ipv4.ip_forward = 1
<RoyK> preferred way is to use a new file under /etc/sysctl.d
<RoyK> so that an upgrade can update /etc/sysct.conf
<RoyK> so that an upgrade can update /etc/sysctl.conf
<linux_newby> ok, what should i call the file?
<RoyK> doesn't matter, something descriptive
<linux_newby> ahh, ok
<RoyK> here_I_turn_on_ip_forwarding.conf
<RoyK> :)
<linux_newby> lol
<flyback> man what was ubuntu server 10.04LTS compiled with? --with-buttplug?
<flyback> seems they went with optimizations for newer cpu's that REALLY CRUSH older cpu's
<flyback> not so bad for servers and desktops that are too damn old anyways but for embedded gear it's CAUNCKED
<flyback> CANUCKED even
<dob_> is there any ipv6 package mirror
<dob_> ???
<stgraber> ch.archive.ubuntu.com, gb.archive.ubuntu.com, se.archive.ubuntu.com probably some others
<jpds> dob_: Of course.
<dob_> ah just. de.archive.ubuntu.com did not work
<dob_> what about security.ubuntu.com?
<jpds> dob_: Try: http://ftp.uni-erlangen.de/pub/mirrors/ubuntu/
<jpds> dob_: No.
<RoyK> flyback: works for me...
<stgraber> security is v4 only and it's one of those things that's not mirrored (to avoid delays when pushing a security update)
<jpds> stgraber: It is mirrored, all the -security repos are on all the mirrors.
<stgraber> jpds: Indeed -security is on all mirrors (as it's on archive.u.c) and packages usually get copied to -updates quite quickly to avoid killing security.u.c. I guess what I meant it that on a default install you won't be using a local mirror for security but you'll for everything else.
<linux_newby> sudo iptables-save > /etc/firewall-rules gives me a permission denied error?
<linux_newby> i am running it as sudo with 110% sure password
<dob_> thank u guys, everything seems to work for me!
<dob_> changed to ftp.uni-erlangen.de
<stgraber> I know cjwatson spoke to elmo at the sprint to get AAAA records added to archive.u.c (pointing to one of the mirrors that has bandwidth and v6 connectivity). The same should probably be done for security.u.c as well.
<linux_newby> echo 1 > /proc/sys/net/ipv4/ip_forward gives same permission denied error
<hurp> tried another usb stick same problem RoyK
<hurp> >_>
<hurp> no way i can check what's actually wrong?
<Aison> why is mysql so extremly slow on my server?!?  eg. restarting mysql takes minutes. but htop reports cpu usage almost 0%
<hurp> btw, i have a windows server i want to change into linux, will my windows (ntfs) partitions, and raids still work under linux?
<Aison> hurp, ntfs itself works, but I don't recommend it
<hurp> why not? and how can i fix it
<Aison> do you use hardware or software raid?
<hurp> hw
<Aison> I mean REAL hardware raid like some adaptec thing
<hurp> areca 1880 and a sas expander
<Aison> well, I guess this array still works
<Aison> but ntfs should be changed to some linux file system
<hurp> can you convert it on the go?
<hurp> without formatting?
<Aison> no idea, but I guess not :(
<hurp> not like i have 30TB of space available for backup:\
<hurp> what's the cons with ntfs?
<hurp> any performance issue, or just formal stuff
<Aison> well, all the things with the rights
<hurp> like permissions?
<Aison> then writing to ntfs with linux maybe cause problems
<Aison> yes
<Aison> brb
<hurp> alright
<hurp> my idea was to have 2 seperate hdd's, 1 with my old windows install, another with linux, and being able to swap back and forth with the same file system for storage, sort of like dual boot, with 2 drives
<hurp> so kind of need the file system to be windows compatible as well
<RoyK> linux_newby: add 'sudo' in front of that command
<mcahornsirup> hi. is there a nice way to display the ip connections for a specific port constantly?
<RoyK> mcahornsirup: iptraf
<mcahornsirup> Thanks! I hope this works on a vm too...
<mcahornsirup> @RoyK ... just stumbled over iptstate ... like top for connections...
<RoyK> mcahornsirup: not really, it's an iptables wrapper, it won't show connections unless iptables is setup to manage them
<brixsat> hello i have a problem with wackamole " Conf_init: My proc id (127.0.1.1) is not in con$ Exit caused by Alarm(EXIT)" any one able to help?
<linux_newby> goodnight... thanks everyone
<mcahornsirup> ok. I understand... I stay with iptraf : )
<pr0zoid> my iptables seem to revert back after only a few hours of me making changes... not sure what is modifying them to default.  here is what i need them to stay as http://pastebin.com/09PavYP8 here is what i woke up to this morning http://pastebin.com/jEBMFXL0
<alamar> pr0zoid: check your cronjobs?
<RoyK> pr0zoid: iptables rules doesn't change unless you reboot
<Aison> hurp, does it make sense to switch a server between operating systems?
<Aison> hurp, if you need some special things from windows, maybe install windows server on a virtual box?
<hurp> i want the opportunity to change back if i don't like it to start off with
<hurp> i first tried installing ubuntu in vbox on the server, but performance was poor so trying with a full isntall
<RoyK> performance probably won't be very good with ntfs on linux
<RoyK> use ext4
<RoyK> ext4 and samba should work fine
<hurp> i am mounting exsisting volumes dude
<hurp> i'm not creating new ones
<RoyK> then you won't get very good performance
<RoyK> ntfs3g uses fuse, meaning it runs in usermode
<RoyK> that adds a few layers of abstraction, and more code to be run for each request
<hurp> well i'm sure it'll beat the 15 MB/s i got from vbox
<RoyK> lol
<RoyK> well, try
<RoyK> and monitor the system during testing
<hurp> yeah i'm trying
<RoyK> with 'htop' or even old 'top' or something more fancy ;)
<hurp> all the space on the partitions are showing up as "unknown" though
<RoyK> with what tool?
<hurp> installed gnome and used the disk utility that comes with it
<RoyK> do you have ntfs-3g installed?
<hurp> unless it comes with 11.04 by default, no
<RoyK> apt-get install ntfs-3g
<RoyK> and btw, for servers, it's usually recommended to stick to LTS releases, meaning 10.04 for now
<hurp> yeah but 11.04 had native support for my raid controller
<RoyK> ok, ic
<RoyK> simplifies things a bit ;)
<pr0zoid> alamar: what should i be looking for in the cronjobs?
<hurp> sure does
<RoyK> pr0zoid: if you haven't created a cron job that manipulates iptables, then never mind
<pr0zoid> RoyK: i did reboot but after the reboot i applied the rules i needed a few hours later everything was reverted.. will  check the last reboot time
<hurp> i already had ntfs-3g
<RoyK> then mount -t ntfs /dev/blah /mountpoint
<RoyK> hurp: make sure you have a backup
<hurp> backup of the partition?
<RoyK> hurp: can you pastebin the contents of /proc/partitions?
<RoyK> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<pr0zoid> royk: uptime is 7 hours.. changes were made 6 hours ago when i applied the new rules.
<RoyK> pr0zoid: that's strange indeed
<RoyK> never seen iptables 'lose' rules
<pr0zoid> is there a way of logging iptable changes
<pr0zoid> (getting an audit trail going)
<RoyK> dunno
<hurp> RoyK https://pastee.org/5rkhq
<RoyK> what controller is this?
<RoyK> looks like linux sees each drive, not the array as a single disk
<hurp> areca 1880
<hurp> it sees the full parititons, they show up as 10TB each in the gui utitily
<hurp> utility
<RoyK> do you have three 10TB logical volumes?
<hurp> no 2
<hurp> + some smaller
<RoyK> ok
<RoyK> try to mount /dev/sdb3
<RoyK> mount -t ntfs /dev/sdb3 /somewhere
<hurp> no workie
<hurp> NTFS signature missing
<hurp> they are GPT btw
<RoyK> GPT should be supported, but if those are 'dynamic' volumes, that may be the problem
<hurp> they are dynamic yes
<pr0zoid> royk: i think my approach has been incorrect
<pr0zoid> to
<pr0zoid> fix issues i've been flush my iptables... but i think this command is only temporary
<pr0zoid> always run this fw.stop script -> http://pastebin.com/JkMTJHSE
<RoyK> hurp: hm... AFAICT that's LDM partitions, and that should be supported
<RoyK> hurp: why do you want to move this server to Linux?
<hurp> stability issues with windows
<hurp> and other stuff
<RoyK> ok
<hurp> i'll have to do more research on this later, goto run now, if something hits your mind you can always q me, i'll idle here
<hurp> later
<RoyK> hurp: is sde1 also an ntfs partition?
<hurp> all are
<hurp> cept for the OS one
<RoyK> try to mount sde1
<hurp> oh wiat, i have my OS on that one
<hurp> so it's already mounted
<hurp> it's the only one not NTFS
<hurp> but i really goto run
<RoyK> hurp: the thing I don't understand is what those small partitions do
<RoyK> sdb[12]
<RoyK> for instance
<hurp> storing RAID info
<RoyK> not likely - the raid controllers stores that on hidden sectors
<hurp> well they are hidden in windows
<RoyK> I have areca controllers in some of my systems, and there are no such partitions there
<RoyK> I guess Windows might be using them
<RoyK> which windows version is this?
<dob_> is the ubuntu dhcp3-server ipv6 compatible?
<dob_> is there any isc-dhcp v4 package for lucid?
<alamar> pr0zoid: for things that  reset or modify your iptables?
<alamar> dob_: dhcp server? what about dhcp3-server?
<dob_> not ipv6 compatible
<alamar> you asked forr ipv4
<dob_> alamar: no i asked for isc dhcp version 4
<dob_> and not isc dhcp version 3
<dob_> version 4 is ipv6 compatible
<alamar> v4 reads to me like you want ipv4. sorry for that
<dob_> no problem
<dob_> i found a ppa
<dob_> and ppa's are not ipv6 compatible YEAH :-(
<RoyK> dhcp in ipv6? I thought that was covered by SLAAC
<pr0zoid> alamar: yeah
<uvirtbot> New bug: #808053 in amavisd-new (main) "package amavisd-new-postfix 1:2.6.5-0ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/808053
<ChmEarl> geany can work in lucid-server via ssh forwarding?
<ChmEarl> fixed it! added `X11UseLocalHost no` to sshd_config
<ChmEarl> ~/.Xauthority was no longer created when ssh'ing in
<RoyK> ChmEarl: didn't know that was needed - I use X forwarding on most of my servers...
<ChmEarl> RoyK, geany via ssh threw error: `cannot open display` without it
<RoyK> strange - works for me...
<ChmEarl> RoyK, its broke since june 20... not sure what happened. yes it worked before without that param
<RoyK> ChmEarl: I just tried to ssh into a server that was updated today, ran xeyes (my favourite test app) and it worked well
<alamar> RoyK: no slaac is not something you always want
<alamar> also you previously needed dhcpv6 in addition to slaac to provide a dns server
<alamar> (rfc 5006 iirc changes this)
<RoyK> I thought slaac was the preferred one
<alamar> no
<alamar> preferredis whatever the usecase requires
<RoyK> when would you want dhcp over slaac or the other way around?
<alamar> RoyK: you want slaac in your homelan for example. you want dhcpv6 prefix delegation to provide your different pops (and the home router that will do the ra) with prefixes
<alamar> and you want dhcpv6 for everything you want to statically configure
<alamar> you don't want different ips for a service if you change the network interface
<alamar> (like mail or http or whatever)
<RoyK> for those I'd use static
<alamar> static is easier managable with dhcp
<RoyK> that depends on whoever's the boss - my boss doesn't like that for some reason
<alamar> your boss might be an idiot
<RoyK> but then - if I only need a few machines on static and the rest dynamic, would slaac be just as good as dhcp?
<RoyK> my boss isn't really an idiot, but there are several other idiots in the IT dept and he tries to keep a low profile and not move everything to new ideas at once, something I can understand
<RoyK> the elder ones are dying out soon anyway, so we can wait :P
<uvirtbot> New bug: #808067 in amavisd-new (main) "package amavisd-new-postfix 1:2.6.5-0ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/808067
<alamar> also in hosting environments you don't necessarily want to send out RAs
<alamar> (and have everybody configure for v6 without them knowing)
<RoyK> true
<RoyK> but again, with non-static dhcp, will that be necessary with slaac?
<RoyK> talking about a private LAN with some 200 hosts or so
<alamar> hm?
<alamar> will what be neecessary?
<RoyK> what can dynamic DHCP do that SLAAC can't?
<alamar> provide dns information? (and other stuff) at least until rfc 5006 will be implemented in both clients and routers
<RoyK> heh - better try dhcp, then...
<RoyK> we got some address blocks at work, and I'm trying to get that stuff implemented
<RoyK> problem is the company that setup the checkpoint firewall knows nada about ipv6 and in fact little about checkpoint :(
<alamar> who wants firewalls anyway it's all about end to end connectivity again!!!!!!
<alamar> ;)
<RoyK> upgraded the firewall recently and the consultant installed IDS on all interfaces, including the internal ones, and separated the two address blocks we use internally (one official, the other rfc1918) so that NFS mounts triggered IDS on internal systems
<RoyK> with some rather eldritch systems installed, you want a firewall
<RoyK> we have an old HP/UX system running, hasn't been patched for years
<RoyK> some windows 2000 machines, some win98, a win95 box, some VAX...
<RoyK> still solaris 8 in production - not fun
<alamar> well most of those don't speak v6 anyway ;)#
<RoyK> nah :)
<ntoombs> hey. I dan't ping google.com
<ntoombs> can't*
<qman__> can you ping 4.2.2.1?
<ntoombs> yea
<qman__> how about yahoo.com?
<qman__> or ubuntu.com
<ntoombs> nope
<qman__> sounds like DNS is failing then
<smw> ntoombs, can you resolve google.com?
<smw> ntoombs, dig google.com
<qman__> try dig google.com
<ntoombs> qman__: you were helping me with network problems like  2 weeks ago
<ntoombs> and nope dig google.com doesn't work either
<ntoombs> and ping times out with unknow host or something like that
<smw> ntoombs, that is a dns problem
<alamar> do you have a dns server configured?
<alamar> check yourb resolv.conf
<ntoombs> my gateway is 192.168.1.1 and my nameserver is 192.168.1.10
<alamar> well it seems your nameserver does not resolve names correctly
<RoyK> ntoombs: try nameserver 8.8.8.8
<ntoombs> k
<ntoombs> RoyK: That fixed it thanks
<alamar> is 8.8.8.8 a public recursor?
<smw> alamar, run by google :-)
<alamar> yes i know but i didnt know it was a public recursor
<smw> alamar, who else could afford such a great ip? :-)
<ntoombs> that's the dns1 server for my isp
<alamar> just thought authoratative for google domain or something likethat
<alamar> good to know
<uvirtbot> New bug: #808090 in mcollective (universe) "mcollective dependencies and other misc things" [Undecided,New] https://launchpad.net/bugs/808090
<b0nghittr> is it a bad idea to install 11.04 on a production server? if so, why? thanks
<jpds> b0nghittr: You can if you want.
<jpds> b0nghittr: It just won't be supported as long as an LTS release will be.
<b0nghittr> ok, cool ty
<jpds> It's all about choice.
<b0nghittr> from a security standpoint, would 11 be safe?
<jpds> Yes, it will receive security updates.
<b0nghittr> awesome. i hope there are PPA repos for 11.04 soon, i could really use FreeNX :p
<jpds> Well, PPAs aren't officially supported by Ubuntu, so you use them at your own risk.
<ikonia> having a server with an OS life span of 18 months is a terrible idea in my view
<jpds> ikonia: 'tis a long time.
<ikonia> adding unsupported software to it makes it worse
<ikonia> 18 months is the blink of an eye
<jpds> I guess time is relative.
<b0nghittr> ikonia: yeah, i plan to stay on top of it though
<ikonia> b0nghittr: on top of it ?
<b0nghittr> updated
<ikonia> what's your plan for when support ends and all the security updates stop
<ikonia> in 1 years time
<b0nghittr> i figure there will be another release by then
<ikonia> and your sure you'll be able to upgrade more so using PPA's ?
<b0nghittr> good point
<alamar> jpds: 18 months is nothing
<jpds> alamar: It's 18 months.
<alamar> enterprise distributions (rhel / sles) normally have support times between 5 and 7 years
<ikonia> 8 years for rhel
<alamar> hoping every 18 months that everything still works after an upgrade and doing immediate fixes etc. really sucks
<ikonia> depends on the role of the server though
<ikonia> bedroom server - who cares,
<ikonia> production database server.....people care
<lifeless> alamar: thats why we have LTS as well :)
<ikonia> LTS is only 5 years
<lifeless> ikonia: depends on the DB type too ;>
<lifeless> ikonia: like, if you're running twitter or something, you're growing your cluster so fast, probably running your own build of the db engine etc
<ikonia> I think you've missed the point of what I was saying
<b0nghittr> if i was to have virtualboxrunning on my current OS, and had vbox using raw space on a 2nd empty hdd, could i install ubuntu 10.04 to that 2nd hdd and boot from it on the actual machine? or would i need to make some changes first?
<ikonia> I don't know if vbox supports partitions, I know kvm does
<ikonia> I think vbox doesn't
<b0nghittr> i have not used kvm by its self before
<alamar> lifeless: i know. this is why i administrate a bunch of lucid servers ;)
<b0nghittr> would it be possible to install ubuntu 10.04 to a 2nd hdd using KVM, and boot on that 2nd hdd on the actual machine?
<b0nghittr> i have to install 64bit though
<b0nghittr> the datacenter will swap hdd's for me
<maxb> It sounds potentially feasible, but no promises
<maxb> You can't manage to take the downtime of installing more traditionally?
<uvirtbot> New bug: #804211 in upstart (main) "package foo2zjs 20110210dfsg-1ubuntu2.1 failed to install/upgrade: problemas de dependencias - se deja sin configurar" [Undecided,New] https://launchpad.net/bugs/804211
<Bipul> is there any one know  any application for video confreing on LAMP server ruing on Ubuntu
<Bipul> runing*
<ntoombs> my server isn't showing up in my routers attached devices.
<ntoombs> my interfaces file is set to autorun eth1
<StevenR> ntoombs: how does your server gain an IP address?
<ntoombs> dhcp
<StevenR> hmmm.
<ntoombs> ubuntu was newly installed a few minutes ago
<ntoombs> i changed my resolv file to 8.8.8.8
<StevenR> can the server talk to the internet?
<ntoombs> well there's a problem with that...
<ntoombs> my server is headless
<StevenR> so?
<ntoombs> so i had to install it on a different machine
<ntoombs> and it can connect to the internet there
<StevenR> but?
<ntoombs> and the interfaces file is eth0
<ntoombs> but eth0 doesn't work in the server
<StevenR> ntoombs: ok. So really, what's actually the problem you're having?
<ntoombs> so i had to change it to eth1 which has worked before
<ntoombs> i have lots of problems but none that you would want to get into fixing
<ntoombs> my problem at the moment is the one i mentioned first
<ntoombs> my router can't see my server
<StevenR> ok. scan your local subnet with nmap
<StevenR> from another pc
<ntoombs> nmap?
<Bipul> can any one look at on my problem ?
<ntoombs> how about a unix based pc?
<StevenR> ntoombs: yes.
<StevenR> anything
<ntoombs> i don't know how to do that
<StevenR> nmap -sP 192.168.1.0/24 or similar
<ntoombs> thank you
<StevenR> Bipul: we see your query, if someone knows, they'll answer. Maybe search synaptic for video conferencing
<ntoombs> Steven nmap will cause me too many complitations to install
<ntoombs> it requires xcode on a mac
<StevenR> hmm
<ntoombs> unless you know a command that will install a non gui version of it
<jmarsden> ntoombs: sudo apt-get install nmap     # installs a non-gui version of nmap :)
<Bipul> StevenR,  i am talking about web server video confreincing
<ntoombs> lol
<ntoombs> jmarsden already tried it
<ntoombs> no command found
<jmarsden> ntoombs: Please give the *exact* error message?
<ntoombs> oh it's apt-get that's not found
<jmarsden> On a ubuntu server?  How did you manage to remove apt-get ??
<ntoombs> no on a mac
<ntoombs> what's the installer for mac?
<ntoombs> aptitude?
<StevenR> ntoombs: for I in `seq 1 254` ; do ping -c 1 192.168.1.$I ; done | grep icmp_req
<Bipul> http://www.nefsis.com/Best-Video-Conferencing-Software/server.html << can i able to install such application on my ubuntu
<StevenR> ntoombs: it's ugly, and it'll take a while to run, but it'll give you all the things on your local subnet that respond to ping.
<ntoombs> seq: command not found
<jmarsden> ntoombs: or use fink or macports to install their version of nmap... see  http://nmap.org/book/inst-macosx.html
<ntoombs> yea i like the macports option a lot better
<jmarsden> BTW if you don't have seq you can do for i in {1..254} ; do whatever $i ; done    # assuming a fairly modern bash shell
<ntoombs> running it now
<ntoombs> just getting a blinking cursor
<ntoombs> i'm assuming it's just gonna take a long time like you said
<StevenR> ntoombs: yeah, it's 255 * whatever your ping timeout is
<StevenR> ugly, slow, but works.
<ntoombs> StevenR: I'm still not getting anything. I guess i'll wait
<hurp> is it possible to mount a dynamic GPT ntfs partition in ubuntu?
<jmarsden> ntoombs: You could do something like   for i in {1..10} ; do ping -c 1 192.168.1.$i ; done    # as a quick check of the first ten IP addresses, if you think the command is not working as intended.
<jmarsden> ntoombs: Or use ping -c 1 -w 100 192.168.1.$i    # to set the timeout to 100milliseconds, if your ping command supports the -w option.
<jmarsden> ntoombs: But by now you have presumably managed to install nmap using macports anyway, I'd think??
<ntoombs> no
<ntoombs> i tried macports
<ntoombs> it needs xcode too
<ntoombs> and i can't be bothered to install it
<ntoombs> i'm trying your other command now
<ntoombs> the grep is what messed it up before
<ntoombs> but it's working fine without it now
<jmarsden> The grep was probably linx-specific, not not mac-specific enough... I don't know enough about the ping command on macs to comment on that...
<ntoombs> so by the looks of it this just shows me what local ip address have something connected right?
<jmarsden> Right.  If it pings something, that thing exists and is on the network.
<ntoombs> or at least something that i can connect to
<jmarsden> So... where is your server, and is it pingable, is the question... right?
<ntoombs> well not exactly
<ntoombs> i don't need to know it's location
<ntoombs> i just need to be able to see it
<ntoombs> know that it's connected
<ntoombs> my router is telling me that it's not
<jmarsden> Right... Where as in "at what Ip address"...
<ntoombs> i don't need to know it's ip address
<ntoombs> just that my router can see it
<jmarsden> if you don't know its IP address how will you ever connect to it?? :)
<ntoombs> and at the moment it cannot
<ntoombs> my router shows me the attached devices in a list
<ntoombs> right now there is only one device
<ntoombs> my laptop
<ntoombs> ergo, my server isn't connected
<jmarsden> So ... it is a server that noone ever needs to connect to...?  Or, you need to know what IP it has to test it further.
<ntoombs> ergo, something is wrong with my servers network settings.
<jmarsden> OK.  If it does not show up in the ping responses, it's not "really" active on the network.
<ntoombs> jmarsden: sorry, i must not be explaing this very good
<jmarsden> I'd not trust some random router for network scanning, but OK...?
<ntoombs> it's seen it before with the right settings
<jmarsden> What IP do you *think* you configured the server to use?
<ntoombs> it could be anything
<ntoombs> it's usind dhcp
<ntoombs> using*
<jmarsden> Ouch... why would you configure a headless server to use DHCP?
<ntoombs> anything from 192.168.1.2 to 192.168.1.254
<ntoombs> because my router has the ability to make it static
<ntoombs> then i can just ssh into it
<ntoombs> using the same ip every time even if dhcp changes it
<jmarsden> Why is that a sane approach to server configuration?  Do you mean you can set a reservation in the DHCP server config for the MAC address of the server??
<jmarsden> Most normal people run servers on a static local IP.  As documented in the Ubuntu Server Guide.  Is there some reason you cannot use that approach?
<ntoombs> yea
<ntoombs> althought i don't know exactly what the reason is :P
<ntoombs> if you really want to help me figure out how to get a static network configuration working i would very much welcome it
<ntoombs> althought it will likely prove to be a headache for both of us
<jmarsden> Did you read https://help.ubuntu.com/10.04/serverguide/C/network-configuration.html and note the bit about Static IP Address Assignment ?
<jmarsden> What part of that does not work for you?
<ntoombs> the part where it connects to the internet
<ntoombs> i just had lots of problems with it
<jmarsden> Can you be a bit more specific? :)
<ntoombs> i've read that gide already and many like it and none of them seemed to do the trick
<jmarsden> That is the official Ubuntu Server Guide.  Ignore the others.
<jmarsden> Five lines of text in /etc/network/interfaces.  How hard can it be?
<ntoombs> lol
<ntoombs> thats what i thought
<jmarsden> It works for me, and I've used it many many times...
<ntoombs> how many times have you tried it on a compleately headless server?
<ntoombs> not to mention an hp headless server?
<ntoombs> built for windows home server
<jmarsden> No serial port for a serial console?
<alamar> hp servers shouldve ilo
<ntoombs> nothing
<ntoombs> i bought a SATA cable
<ntoombs> but i have nothing to plug it into
<jmarsden> How did you install the OS?
<ntoombs> E-SATA
<jmarsden> How do you know it even booted the OS?
<ntoombs> i removed the hard drive from the server. pluged it into my windows desktop then ran the installer
<ntoombs> i don't
<ntoombs> i have no way of knowing anything without the network
<ntoombs> which is why this particular issue is such a problem
<jmarsden> So... you have no idea this is actually a network issue at all... after we have spent *how* long on network troubleshooting???
<alamar> .o(is this for real?)
<TheEvilPhoenix> yep
<ntoombs> jmarsden: it has worked before using the same instilation process i recently used.
<ntoombs> i only said i have no way of knowing if ubuntu has booted is because obviously, I can't see if it's booted unless my network recognizes it
<ntoombs> because i didn't change anything in the install process, i know it loads but i can't get the network to recognise it
<jmarsden> ntoombs: If "it worked before", then by definition either your process accidentally changed, or something about the network environment changed, or your server suffered a hardware failure.
<ntoombs> right, the netowrk environment has changed
<ntoombs> last time it worked. i was tinkering with all the networking files and i got it to work with eth1 dhcp in my interfaces file
<ntoombs> i know i changed other things but that's all i can remember
<jmarsden> ntoombs: So you used a semi-random undocumented install process that worked before, but now it doesn't.  You probably need to start over and carefully document what you do, so that you don't have an "I can't remember" issue next time.  You could also try running the dhcp servier on a machine under your control (Ubuntu workstation for example) instead of a closed router, and watching for the DHCP traffic as the server tries to obtain an ad
<jmarsden> dress.
<ntoombs> ok
<Bipul> can any one help me?
<alamar> depends
<TheEvilPhoenix> it depends on what the issue is
<TheEvilPhoenix> because we cant help you without information
<hggdh> in other words: don't ask to ask, just ask
<TheEvilPhoenix> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<TheEvilPhoenix> i KNEW there was a factoid for that!
<alamar> oh this thing actually does something besides posting bug notices %)
<TheEvilPhoenix> that's a different system :P
<TheEvilPhoenix> !botsnack
<ubottu> Yum! Err, I mean, APT!
<TheEvilPhoenix> anyways...
<TheEvilPhoenix> Bipul:  what's the issue you're getting
<alamar> oh yes I see, I mixed it up :D
<alamar> doesn't seem to be a problem which demands immediate attention.. (or so much of it that he has no time to explain it anymore %))
<TheEvilPhoenix> lol
<Bipul> i want to install some application on my ubuntu webserver thats allow us to conduct video confrencing
<hurp> is it possible to mount a dynamic GPT ntfs partition in ubuntu?
<hurp> :(
<lcb> !info twin
<ubottu> Package twin does not exist in natty
<lcb> :o
<lcb> anything like twin on 11.04?
<hurp> been trying to figue this out all damn day
<lcb> on/for
<kiichiro> hey, I'm using ubuntu server to run my minecraft server, how do I go about doing tht
<TheEvilPhoenix> kiichiro:  easy
<TheEvilPhoenix> kiichiro:  java
<TheEvilPhoenix> i run minecraft servers on a centos system, but the same basic requirements are still there.
<TheEvilPhoenix> kiichiro:  install sun-java6-jre
<TheEvilPhoenix> then run the minecraft_server.jar file per the instructions on minecraft's site
<kiichiro> I only have a text based? is that normal? is there a way to switch to a gui.
<TheEvilPhoenix> kiichiro:  you dont run minecraft_server.jar via a gui
<TheEvilPhoenix> it doesnt run in GUI
<TheEvilPhoenix> it runs ONLY in CLI
<TheEvilPhoenix> the client however needs to be run in the GUI
<TheEvilPhoenix> but the server is CLI only
<kiichiro> a guessed, didn't know if you could switch,
<TheEvilPhoenix> nope, servers for minecraft are CLI
<TheEvilPhoenix> the clients are GUIs
 * TheEvilPhoenix should know, he runs 6 Minecraft servers
<kiichiro> alright, how do I cd into my flashdrive? I'm currently testing ubuntu-server via virtual box
#ubuntu-server 2011-07-10
<kiichiro> nvm think I found it, sorry not used to this, I just recently switched away even from the evil windows world and still learning basic terminal, sorry.
<kiichiro> ya I might need help actually.
<TheEvilPhoenix> kiichiro:  it might not work then of course.
<kiichiro> figures
<kiichiro> the server found it but don't know how to cd into it
<TheEvilPhoenix> well you'd have to ssh into it or something
<TheEvilPhoenix> which is sort of an issue
<TheEvilPhoenix> because it'd need its own IP on your local net or something
<kiichiro> since it's only a virtual box
<TheEvilPhoenix> mhm
<kiichiro> I set up a bridged connection
<kiichiro> reason I want to test all of this now in a virtual box is to keep downtime to a minimum
<TheEvilPhoenix> ahh
<TheEvilPhoenix> well if all you want to do is run a minecraft server
<TheEvilPhoenix> you can run that from a non-server  setup
<TheEvilPhoenix> even in windows
<kiichiro> I want to have it 100% dedicated
<kiichiro> nothing to cause lag, nothing to risk crashing the server
<TheEvilPhoenix> there's always that risk
<TheEvilPhoenix> regardless of how you set stuff up
<TheEvilPhoenix> heck, I have a minecraft server right now
<TheEvilPhoenix> 50 slots
<TheEvilPhoenix> all 50 are full
<kiichiro> thus why I'm switching to a server OS to reduce chance
<TheEvilPhoenix> its eating up 99.8% of the RAM on a box
<TheEvilPhoenix> and i'm on a server os
<TheEvilPhoenix> even in server operating systems
<TheEvilPhoenix> ***you always run the risk that it will crash, even if you are only running 3 things***
<kiichiro> I understand that it can still crash
<kiichiro> but switching to an os server reduces it greatly, doesn't prevent, just reduces.
<TheEvilPhoenix> state your source
<TheEvilPhoenix> i've run a linux server off of a GUI setup of ubuntu desktop edition
<TheEvilPhoenix> for two years before the drive wore out
<TheEvilPhoenix> physically
<kiichiro> I'm running a bukkit server atm with it
<TheEvilPhoenix> and i still do it :P
<kiichiro> I'm running it via terminal atm. I'd just feel better with it with 0 other things besides the server. I don't even want the gui to slow it any.
<TheEvilPhoenix> well  here's the thing
<kiichiro> getting the feeling you are trying to talk me out of switching to a server os just for minecraft server
<TheEvilPhoenix> there's always sub processes running alongside minecraft
<TheEvilPhoenix> take for instance my server which runs 3 minecraft servers
<TheEvilPhoenix> its got about 65 other processes that i dont even use
<TheEvilPhoenix> 50% of those i dont even know wth they do
<TheEvilPhoenix> but the system remains stable
<TheEvilPhoenix> and that's a dedicated box, dedicated OS for server stuff, CLI only.
<TheEvilPhoenix> take my other server here
<TheEvilPhoenix> this one runs 1 minecraft server, and IRCD, multiple web sites, and a buncha other crap (including a mail server)
<TheEvilPhoenix> stable
<TheEvilPhoenix> even with 250 processes sharing a quad core based system
<TheEvilPhoenix> (its just a desktop box with the GUI operating installed and then the server packages)
<TheEvilPhoenix> so you don't need to switch to a dedicated server OS to run a minecraft server
<TheEvilPhoenix> if that's ALL you need to run, then you're better off using some system you already have
<TheEvilPhoenix> if you need another, say, 5 minecraft servers, eradicating the GUI may be a good idea
<TheEvilPhoenix> but you're still going to have all the base packages and tools that come with ubuntu server
<TheEvilPhoenix> which will still  eat up resources
<TheEvilPhoenix> so its irrelevant really  whether you want to run the minecraft server or not.  especially on linux
<TheEvilPhoenix> because even in a GUI environment, you load up a terminal and type java -args ./minecraft_server.jar
<TheEvilPhoenix> and it STILL  works
<TheEvilPhoenix> its not worth switching over to a server OS just to run one item
<TheEvilPhoenix> unless of course its a mirror of google or a mirror of Ubuntu's keyservers, or a Debian Repository mirror
<TheEvilPhoenix> in which case, god help you
<TheEvilPhoenix> but for just a minecraft server?
<TheEvilPhoenix> the amount of work you'd need to learn the server environment outweighs the benefits
<TheEvilPhoenix> just for the one minecraft server
<TheEvilPhoenix> s/the one/one/
<kiichiro> well I plan on probably doing hosting which means I want less lag as possible
<TheEvilPhoenix> define "hosting"
<TheEvilPhoenix> because that also has numerous other definitions
<kiichiro> as in hosting a server for other people.
<kiichiro> thus I will need more than 1 server running, so more the better. since you yourself even said you use 3 on your non gui and only 1 on your gui
<TheEvilPhoenix> yes, but those systems have >= 16GB RAM
<TheEvilPhoenix> you realize that in order to run effectively, a 20 slot minecraft server takes up 2GB of RAM right?
<kiichiro> 20 slot?
<TheEvilPhoenix> any number of slots actually
<TheEvilPhoenix> bare minimum usage to operate lag-free
<TheEvilPhoenix> well
<TheEvilPhoenix> bare minimum allocated that is
<TheEvilPhoenix> so if you have a 32GB RAM system, you can run 15 minecraft servers
<TheEvilPhoenix> put 16 on, your  system runs implosion risk :P
<kiichiro> wow
<TheEvilPhoenix> so you've got to consider: how BADLY do you want to run minecraft servers for people?
<TheEvilPhoenix> (and btw, I charge inordinate amounts of money for minecraft servers, so its not a free hosting thing I do)
<kiichiro> I would not freely host
<kiichiro> but I think I should get a lil better comp even before switching to just a server os server computer.
<TheEvilPhoenix> probly not a bad idea :P
<TheEvilPhoenix> lets keep in mind my dedi i spent a couple thousand for
<TheEvilPhoenix> but that's because its an actual server
<TheEvilPhoenix> :P
<kiichiro> figured my computer handles it so well thought it might be able to at least hold 4-5 more
<TheEvilPhoenix> oh god no :P
<TheEvilPhoenix> one minecraft server anything with enough ram and CPU can run
<TheEvilPhoenix> two, depends
<TheEvilPhoenix> three, pushing it on a high-end system
<TheEvilPhoenix> four, god help you
<kiichiro> yikes
<TheEvilPhoenix> for standard consumer-level people :P
<TheEvilPhoenix> (granted I'm not a consumer... i'm a power user, so I have the money to spend on even higher end boxes and setups)
<kiichiro> nice, I've always wanted enough money for high end computers, owell in the future
<kiichiro> so in other words, atm no reason to switch to ubuntu server?
<TheEvilPhoenix> nope
<Guest1474> Having issue with mounting 3 out of 4 raid5 disks (first disk failed)... keep getting "no superblock" errors... can someone please help me???
<lifeless> Guest1474: what do you mean by 3 out of 4? do you have 4 separate raid arrays, or a single 4-disk array ?
<Guest1474> 4 disk array, one disk died today
<Guest1474> I'm trying to recover some files off it
<lifeless> is it a md raid / lvm raid / dm raid / hardware raid ?
<Guest1474> the disk that had the OS on it is the one that died, so I've booted SystemRescueCd
<Guest1474> md raid
<Guest1474> when I start sysrescuecd it detects the raid's and sets up /dev/md0, but when I go to mount it it throws errors about one of the disks having a bad superblock and then the /dev/md0 file is no longer there
<druciferre> any help you can give me in recovering some of my files will be much appreciated
<notAsysAdmin> i am trying to do sudo iptables-save > /etc/firewall-rules, prmission denied? anyone know why?
<druciferre> notAsysAdmin, have you checked to make sure firewall-rules isn't a directory ?
<notAsysAdmin> yes, i'm sure it is not
<jmarsden> notAsysAdmin: The redirect >/etc/firewall-rules is happening in your normal user shell, not inside sudo.
<jmarsden> Try something closer to    sudo iptables-save |sudo tee /etc/firewall-rules
<notAsysAdmin> what about if i do sudo passwd **
<jmarsden> notAsysAdmin: You need to explain what you are trying to do with that strange command...
<notAsysAdmin> login as root, then run the iptables-save command
<jmarsden> Don't do that.  If you want, you can do    sudo -i
<jmarsden> and then in the resulting root shell, do    iptables-save >/etc/firewall-rules
<jmarsden> And then type exit.   But it's more work than the command I suggested!
<jmarsden> Did you try my suggestion?  Did it work?
<notAsysAdmin> i just did your original suggestion - it did work, the firewall-rules file contains all iptables rules i have recently typed.
<notAsysAdmin> thank-you
<jmarsden> You're welcome.
<notAsysAdmin> if i put: pre-up iptables-restore < /etc/firewall-rules into /etc/network/interfaces, it has to go after the loopback device entry, right?
<druciferre> have 4 disks in raid5 array, one died today, need help recovering files... mdadm --examine /dev/md0 returns "no md superblock detected"
<lifeless> druciferre: hi, sorry, was afk for a bit
<druciferre> no problem, I'm trying out openSUSE and I don't thin the open source nvidia drivers like dual monitors... it locked up
<druciferre> but that's a different issue
<druciferre> lifeless, if I do mdadm --assemble /dev/md0 /dev/sda5 /dev/sdb5 /dev/sdc5, it returns "/dev/sda5 has no superblock"
<druciferre> lifeless, but I can do "mdadm --examine /dev/sda5" and it says everything is okay ?
<lifeless> http://www.tldp.org/HOWTO/Software-RAID-HOWTO-8.html might help
<lifeless> I don't have a canned answer in my head for your situation, sorry :(
<druciferre> if it has just been one of the disks that didn't have the darn OS on it, I think i would have been alright
<notAsysAdmin> i'm having trouble doing an iptables-restore at boot. how would you guys do it?
<druciferre> I found a great article on doing it once before, if my damn server hadn't crashed today I could tell you in 4 seconds, but let me see if I can find the article again
<druciferre> the basic idea is that the network daemon actually has scripts that can be run when a device goes up or down
<notAsysAdmin> thanks - i've googled and googled and googled
<notAsysAdmin> ... and googled
<druciferre> https://help.ubuntu.com/community/IptablesHowTo       scroll down to the section titled "Configuration on Startup for NetworkManager"
<druciferre> assuming you're using NetworkManager, I think this will be what you're looking for
<notAsysAdmin> nah, just stock standard ubuntu server and iptables
<druciferre> wait... that's not the same thing I used...
<druciferre> http://www.debian-administration.org/articles/445
<druciferre> not exactly the same article, but everything looks about the same
<uvirtbot> New bug: #808224 in openvswitch (universe) "ovs-brcompatd not built" [Undecided,New] https://launchpad.net/bugs/808224
<druciferre> notAsysAdmin, try the second article I linked you to, let me know if it works...
<notAsysAdmin> -bash: !/bin/sh": event not found
<qman__> missing a #
<notAsysAdmin> if i put: pre-up iptables-restore < /etc/firewall-rules into /etc/network/interfaces, where does it go in the file?
<druciferre> after the #!/bin/sh line
<phaidros> is there any mechanism which alters config files back to original state once in a while?
<phaidros> funnily my sshd_config gets set to "permitrootlogin yes" again a couple of hours I have set it to "no"
<phaidros> sounds much like an open system imho, so probably I have to kill the machine asap and set it up again.
<nandemonai> phaidros: That's certainly not normal. I'd be checking your access / auth logs.
<phaidros> but for further investigation: 1. are there config altering tools? 2. last and auth.log don't tell a thing, where else to look? 3. root/.ssh/authorized_keys has nothing obvious
<nandemonai> You could compare the modified time on the ssd conf file and your logs for anything suspicious.
<phaidros> what does the /etc/ssh/moduli file do? that got altered at the same time
<phaidros> nandemonai: okay .. nothing supicious, found it.
<phaidros> *pohew
<phaidros> *phew
<phaidros> it was a puppet instance set up once for testing which got forgotten ..
<nandemonai> :)
<phaidros> logs at the same time confirm that :)
<nandemonai> Glad you sussed it out.
<phaidros> yeah, pretty happy, I dont have to set up the whole thing again :)
<phaidros> thanx for hinting!
<nandemonai> No worries.
<Ozik> hi there. I have Ubuntu Server 10.04. I need help with WoL. I confugured it and it worked fine. Even at night I could halt and then wake. Now I can't. Server is behind Linksys WRT54G2, ip reserved for 166hrs (but it disappeared from DHCP table, other offline devices didn't) ports 7-9forwarded
<tkeith> Can much performance be gained by self-compiling the kernel?
<StevenR> tkeith: probably not.
<uvirtbot> New bug: #808297 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/808297
<uvirtbot> New bug: #808311 in clamav (main) "ERROR: Invalid setting true for option LogInfected" [Undecided,New] https://launchpad.net/bugs/808311
<dob_> somebody using dibbler-client?
<dob_> can i bring up a interface without configuring it?
<dob_> somebody using dibbler client?
<SpamapS> s
<dob_> why is ubuntu using a dhcp server which is older than my grandfather. There is a isc dhcp version3 in lucid and no backport to version 4 which supports ipv6 available. That really sucks!
<jMCg> dob_: https://launchpad.net/~network-manager/+archive/ppa/+sourcepub/1714818/+listing-archive-extra first hit in my favourite search engine.
<dob_> yes, but if i try to install the client package, everything like apache mysql etc in my host will be removed
<dob_> this is so GREAT! ;-)
<dob_> the isc server works
<dob_> but ppa is also not available via ipv6
<jMCg> dob_: that means *no* PPA is available via IPv6.
<dob_> yes
<dob_> but tried it via ipv4 and the client package isn't working without killing my system :-)
<dob_> and it's not possible to use the dhcp init script with -6 mode. I had to rewrite the initscript
<dob_> for the server. After that, the server works, but the client can't be installed under lucid without loosing all network aware packages
<dob_> somebody using dibbler client? How will i have to configure my interfaces
<dob_> can i obtain if a address is currently in tentative status?
<ubuntufreak21> hey is impiza on here
<b0nghittr> Adobe Flash Media Server installs fine on ubuntu server 10.04.2, but does not start when themachine boots. there is a /etc/init.d/fms script which works, but is not executed during boot
<tm0> Hi. I need some help, i want to created a cron or anacron that makes lynx(links or elinks) refresh, does anyone have knowledge in this?
<ikonia> tm0: those programs are interactive
<ikonia> that would be quite hard to do
<b0nghittr> 'update-rc.d fms defaults' just gives me "update-rc.d: warning: fms start runlevel arguments (2 3 4 5) do not match LSB Default-Start values (3 4 5)", "update-rc.d: warning: fms stop runlevel arguments (0 1 6) do not match LSB Default-Stop values (0 1 2 6)", "System start/stop links for /etc/init.d/fms already exist."
<tm0> Ikonia couldn't i kill it and restart it to a URL"?
<ikonia> tm0: sure, but again, they are not automated style events, they are interactive programs,
<ikonia> tm0: there is an interesting argument for elinks -remote
<tm0> Pardon ikonia, i don't understand your last statement.
<ikonia> tm0: elinks has an option -remote which allows you to send certain commands to remote elinks sessions, that maybe a possibility for you
<tm0> Is there a refresh command for Elinks?
<ikonia> tm0: check out the option I've just given you
<tm0> Alright, thanks Ikonia
<b0nghittr> can i install freenx with only xfce, not gnome and all its nonsense?
<b0nghittr> and/or once i have installed freenx with all the gnome pkgs it installs has completed, can i remove all the unnecessary gnome pkgs and just keep xfce?
<qman__> b0nghittr, try with --no-install-recommends
<qman__> also, try installing the desktop of your choice first
<b0nghittr> qman__: ty, apt-get install --no-install-recommends xubuntu-desktop, then install freenx?
<qman__> I meant the other way around, no recommends on freenx
<qman__> plenty of packages depend on 'a webserver' or 'a gui'
<qman__> and since apache and gnome gnome are default, it chooses them
<b0nghittr> how do i clean an interrupted install? it downloaded a bunch of files and i ctrl+c'd
<qman__> apt-get clean
<b0nghittr> thanks
<b0nghittr> i need to manually run /etc/init.d/fms start after boot, since the script was made for rhel and update-rc.d complains.... which file do i add '/etc/init.d/fms start' to?
<qman__> well, as a dirty hack you could add it to rc.local
<qman__> but you really should find out why it's not working
<qman__> upstart is still sysv-compatible right now
<b0nghittr> 'update-rc.d fms defaults' just gives me "update-rc.d: warning: fms start runlevel arguments (2 3 4 5) do not match LSB Default-Start values (3 4 5)", "update-rc.d: warning: fms stop runlevel arguments (0 1 6) do not match LSB Default-Stop values (0 1 2 6)", "System start/stop links for /etc/init.d/fms already exist."
<b0nghittr> should i just edit the script to match those runlevels?
<b0nghittr> i wasnt sure if thats safe to do
<qman__> yeah
<qman__> you can always delete them and re-add
<qman__> it might be trying to start too soon and failing
<b0nghittr> http://173.192.153.144/~bong/fms is the undedited script
<qman__> oh, it's opposite of what I thought
<qman__> change the script to start on level 2
<qman__> that's why it's not starting
<b0nghittr> how? lol
<qman__> move 2 to the top line
<qman__> then update-rc.d
<b0nghittr> i don't see where you mean, in the fms script?
<qman__> yes
<qman__> # Default-Start:     3 4 5
<qman__> change to
<b0nghittr> those lines are not commented out?
<qman__> # Default-Start:     2 3 4 5
<b0nghittr> ah, ok
<qman__> and respectively remove 2 on the stop line
<qman__> then update-rc.d to apply the changes
<qman__> IIRC it's a debian thing, unlike redhat, we run at level 2 by default
<qman__> and levels 3, 4, and 5 are unused
<b0nghittr> awesome, thanks again
<RoAkSoAx> fwereade: ping
<tiphares> any lightweight alternative for a desktop/gui for my server for use with vnc? or is gnome OK?
<tiphares> always used gnome
<io> !info xubuntu-desktop
<ubottu> xubuntu-desktop (source: xubuntu-meta): Xubuntu desktop system. In component universe, is optional. Version 2.128 (natty), package size 3 kB, installed size 48 kB
<io> tiphares: there's nothing more lightweight than Terminal, though ;-)
<tiphares> cool
<tiphares> yeah but i need apps that use a gui
<tiphares> prefer just a simple shell for most stuff though
<io> tiphares: what applications?
<tiphares> wine stuff
<tiphares> and i prefer using a gui text editor
<b0nghittr> tiphares: i'm in the process of setting up FreeNX, which is like VNC but much more lightweight on the bandwidth
<b0nghittr> https://help.ubuntu.com/community/FreeNX
<b0nghittr> along with XFCE (xubuntu-desktop)
<tiphares> yeah i generally don't like vnc, but i'm rather new to nix so don't know bout much else
<tiphares> i will check that out b0nghittr thanks :)
<b0nghittr> if you decide to use freenx, install the desktop first
<io> tiphares: what application is going to be run under Wine?
<b0nghittr> or freens will want to install gnome
<tiphares> ah i understand
<tiphares> will do
<tiphares> why is that imporant io
<ubuntufreak21> yesss whooo!1
<io> it was merely a question, it seems weird that you've moved to Linux but are running GUI applications under Wine on a server. isn't there a native alternative that you can you?
<ubuntufreak21> i figured it out
<tiphares> this is an external server io
<tiphares> i use it for several things
<tiphares> some nix, some win
<b0nghittr> shes good
<b0nghittr> oops wrong window
<io> tiphares: I was only asking, chill. it would make your life a lot easier if you used the Linux alternatives to whatever secretive application you're running. I'll be quiet now :-)
<tiphares> i'm chill dude, whats up:p?
<tiphares> not all application has a linux equivalent :)
<b0nghittr> tiphares: unfortunately
<tiphares> btw b0nghittr
<tiphares> https://bugs.launchpad.net/freenx-server/+bug/589723
<uvirtbot> Launchpad bug 589723 in freenx-server "[lucid] [regression] Session resume not working anymore" [Undecided,New]
<tiphares> doesn't look too good
<b0nghittr> i just booted xfce from my nx client, i'll try to close it andresume the session
<ubuntufreak21> i figured out how to format and mount my usb! yea'ha!
<b0nghittr> tiphares: works fine with a fresh install
<b0nghittr> on lucid
<tiphares> yeah but think the bug only is if you connect from win?
<b0nghittr> installing xubuntu-desktop first, then freenx when that has finished
<tiphares> Note: Running FreeNX as server on Ubuntu with the free "NX Client for Windows" from NoMachine on a Windows workstation is working fine, except resuming sessions.
<b0nghittr> i am connecting from winxp
<tiphares> hm
<tiphares> yeah alright
<tiphares> maybe it's related to gnome
<tiphares> either way, i'll give it a try
<b0nghittr> cool, it works for me :)
<ubuntufreak21> i just figured it out woohaa!
<ikonia> ubuntufreak21: you said, please stop
<ubuntufreak21> sorry i thought i was blocked again
<ubuntufreak21> how come unetbootin isnt working for mint 11
<ikonia> ubuntufreak21: please - this is not the support channel for your desktop, or mint
<uvirtbot> New bug: #808446 in mcollective (universe) "mcollective, rubygems and libstomp-ruby" [Undecided,New] https://launchpad.net/bugs/808446
<ikonia> ubuntufreak21: this is for ubuntu server OS support
<Ozik> hi, I have a problem with bind9, can't start because permission denied to file /etc/bind/named.conf both - file and cat are 744 and chown -R bind:bind
<RoyK> Ozik: files should be 644, dir should be 755
<ikonia> Ozik: are you sure you're not using chroot
<Ozik> I did as some tutorial to make it more secure, yes chroot
<Ozik> how to check it?
<ikonia> Ozik: ok then the config file won't be in /etc/bind - it will be ing $chroot/etc/bind
<Ozik> ikonia: so $chroot/etc/bind chmod ... ?
<ikonia> Ozik: no, find where the config file should be, and make sure it's there first
<ikonia> Ozik: once you know where it is you can sort the permissions out
<Ozik> it is /var/lib/named/etc/bind
<ikonia> Ozik: ahh, there we go, so look at the permissions on that file
<Ozik> ikonia: nope
<ikonia> Ozik: what do you mean nope
<Ozik> ikonia: logs saying still perm denied
<Ozik> chown -R bind:bind is okay?
<RoyK> Ozik: it means you allow the bind user write access to your zone files, so if you want to allow the bind process to modify those files, sure
<Ozik> Royk: tut said nogroup
<RoyK> Ozik: but when the next buffer overflow comes for bind9, a worm can change your zone to something pointing to a New And Better Spam Site
<Ozik> :D
<ikonia> Ozik: are you working now
<Ozik> ikonia: what do you mean?
<ikonia> Ozik: is bind working now ?
<Ozik> ikonia: no, can't start due to permission denied to config file
<ikonia> Ozik: please show me the output of ls -la on the config file
<Ozik> ikonia: -rw-r--r-- 1 bind nogroup 463
<ikonia> Ozik: ok, and what is the name of the user your bind process is running as
<Ozik> ikonia: I'm fresh in linux, you got me. Two options: root or my 1st acc, no one logged yet
<ikonia> ok, I don't think it's either,
<ikonia> when bind starts it passes options -u $user - that's the key bit
<ikonia> what is that user
<ikonia> normally that's held in /etc/sysconfig/bind - but I'm not %100 on the current ubuntu where that's held
<ikonia> sorry /etc/sysconfig/named
<Ozik> ikonia: I don't know if it;s important but /etc/init.d/bind9 status returns could not access PID file
<ikonia> Ozik: I'm sure it will be later, as when bind starts, it writes it's process to a file called a pid file, however as bind's not starting, I don't see that as an issue
<Ozik> ikonia: well no sysconfig dir, but /etc/bind, no file named named.conf, named.conf.local named.conf.options and named.conf.default-zones
<ikonia> Ozik: well, it shouldn't be reading them, as you've told it to chroot
<ikonia> Ozik: grep them for "named -u"
<Ozik> ikonia: like grep "named -u" /etc/bind ?
<ikonia> Ozik: no, you need to search the files in /etc/bind
<ikonia> Ozik: why are you tyring to run a bind server, you seem quite new to Linux
<Ozik> ikonia: I believe in that you can gain most knowledge by yourself :) trying to host test server, lamp, ftp dns :)
<ikonia> I disagree with that stance and believe you will fall into the trap of running before walking
<ikonia> Ozik: good luck
<Ozik> ikonia: so I will stand up and go on, I've all learned this way ^^
<ikonia> good man
<Ozik> ikonia: I know that I don't know ;) also I know that Gate's stuff is a crap as server so it is time to learn linux :)
<ikonia> Ozik: well, bashing microsoft just shows utter ignorence
<Ozik> ikonia: grep "named -u" here file names, no return
<ikonia> Ozik: you're on your own
<ikonia> (or if someone else in the channel chooses to help you)
<Ozik> ikonia: as a child I used ms-dos a bit 3.11 w95 then w98 Me Xp seen Vista, now I'm trying to be familiar with win7 but I see it isn't reliable OS :)
<ikonia> Ozik: then you see wrong
<RoyK> Ozik: win7 is probably the best desktop thing that has come out of microsot
<Ozik> ikonia: we are always learning :), any hint what for search? what problem does bind have?
<ikonia> no
<ikonia> I don't wish to progress this any further
<phaidros> RoyK: whichdoesnt make it good..necessarily ;)
<RoyK> but this is an ubuntu channel.....
<phaidros> Ozik: try to read the log files
<Ozik> phraidros: nothing interesting just none:0: open /etc/bind/named.conf: permission denied
<alex-weeej> my 9.04 server seems to be unable to find any archive files, everything's 404ing. did jaunty server go EOL'd without me knowing? :S
<ikonia> alex-weeej: because its EOL
<ikonia> alex-weeej: it's only supported for 18months
<alex-weeej> i thought desktop was 18 months
<ikonia> 9.04 = 04 2009
<alex-weeej> sevrer 3 years
<alex-weeej> or is that really really old policy that i didn't keep up to date with
<ikonia> alex-weeej: no only LTS is different I believe
<alex-weeej> ffffuuuuu-
<alex-weeej> ok, how do i save my system? :S
<ikonia> the other releases are just 18months......
<ikonia> upgrade ?
<alex-weeej> i can't even install the updater though
<ikonia> why not ?
<alex-weeej> Failed to fetch http://us.archive.ubuntu.com/ubuntu/pool/main/u/update-manager/update-manager-core_0.111.7_amd64.deb  404 Not Found [IP: 91.189.88.31 80]
<ikonia> look on old-releases.ubuntu.com
<ikonia> !upgrade > alex-weeej
<ubottu> alex-weeej, please see my private message
<alex-weeej> ikonia: can i just change my sources file to point to old-releases instead of us.archive?
<alex-weeej> and then upgrade?
<Ozik> ikonia: I did some dirs, ln, mknod, remove --purge will help or I need to do something more?
<ikonia> Ozik: I'm not interested in progressing it
<ikonia> alex-weeej: yes,
<ikonia> alex-weeej: that's the bottom line
<alex-weeej> ikonia: thanks, i'll give it a go
<ikonia> alex-weeej: check the upgrade instructions ubottu just pm'd
<alex-weeej> ikonia: i already looked there -- the 9.04 instructions seem to assume the 9.04 archive is still online
<ikonia> alex-weeej: well, it is, on old-releases.ubuntu.com
<Ozik> ikonia: I just want to revert it, remove all, install bind again and try again
<alex-weeej> https://help.ubuntu.com/community/EOLUpgrades/Jaunty
<ikonia> Ozik: I'm not interested in progressing it
<ikonia> alex-weeej: ahh, good find
<Ozik> ikonia: progress? no, revert yes :), ok I'm not bothering you any more :)
<ikonia> Ozik: ok, thanks
<StrangeCharm> i just installed 11.04 server x64 from a usb stick, onto an encrypted lvm, with /home on a raid. on first boot, grub loads fine, but after picking the default image, i just get a blinking cursor. i tried repeating the install, but no change as far as i can tell. what sort of things might be going wrong; where could i look for documentation on this sort of problem?
<phaidros> StrangeCharm: is lvm installed in the new system? (i usually install from live cds into lvm and have to install lvm2 via chroot afterwards, or otherwise the new initrd cannot read the logical volumes ..)
<StrangeCharm> phaidros, the new system was installed fresh onto disks with no data. the install disk set things up after i decided on the partitions & volumes &c
<StrangeCharm> maybe i'm not getting what you're asking?
<xperia> hello to all. i have in my server configuration this here http://pastebin.com/raw.php?i=t9j64fzz
<xperia> and the redirection of the html file to php works great. Only problem is that if a user does come from otherexample.com Website he is still redirected to the php file even he call the html file. This exactlz should not happen for Visitors from this Website. Anybody have a suggestion how to solve this problem ?
#ubuntu-server 2012-07-02
<HelloWorld321> if I am following http://www.danbishop.org/2012/06/02/ubuntu-12-04-ultimate-server-guide-first-draft/3/, where does the ldap configuration file "frontend.danbishop.org.ldif" go?     in /etc/ldap/frontend.danbishop.org.ldif ?
<daff> HelloWorld321: it doesn't really matter where that file goes, it just holds the data you will be importing via ldapadd/ldapmodify later
<HelloWorld321> tx, daff
<daff> it is never read again (unless you redo your openldap setup)
<HelloWorld321> If my ldap authentication fails on my first admin function, how can I reset the password?  apt-get remove didn't prompt me for a new ldap password
<HelloWorld321> If I'm a n00b, should I be messing with ldap?  :P
<HelloWorld321> purge did it
<HelloWorld321> It still says Invalid credentials, and I'm sure that I didn't enter the wrong password four times.
<HelloWorld321> When lpdapadd asks for my LDAP Password, obviously it means the LDAP root password I just set up when I apt-get ldap-utils, right?
<Pinkamena_D> hello, if anyone knowlagable with iptables
<Pinkamena_D> is*
<HelloWorld321> Perhaps it's best if I lower my ambitions to Samba.
<Pinkamena_D> talking to me?
<Pinkamena_D> i am looking for a way to run transmission-daemon on one interface and let all other server traffic through another
<HelloWorld321> I'm having a heck of a time making sense of this instruction at https://help.ubuntu.com/12.04/serverguide/samba-ldap.html :
<HelloWorld321> "Edit the generated cn=samba.ldif file by removing index information to arrive at:                 dn: cn=samba,cn=schema,cn=config ... cn: samba "
<rbasak> bug 1019798 , "Linux Mint 13 Maya"? Should I just change the bug task to Mint? How come they're hitting the Ubuntu archive, or do they do that?
<uvirtbot> Launchpad bug 1019798 in samba "Samba cannot upgrade" [Undecided,New] https://launchpad.net/bugs/1019798
<rbasak> Mint isn't an option - guess they don't use LP
<jamespage> Ursinha, would you be OK to chair tomorrows server team meeting? I'm at a conference for the day so won't make it...
<jamespage> rbasak, hmm
<jamespage> rbasak, https://bugs.launchpad.net/linuxmint
<rbasak> jamespage: I think it's a "project", not a "distribution". Should I just change the bug task to that and let them triage it then?
<jamespage> rbasak, I would
<rbasak> OK thanks
<reisi> does anyone know on the topic of bash programming; how to output to parent (or original) stderr/out from inside "( cmdlist; ) &" block?
<reisi> actually my block is ( cmdlist; ) >> name.1 2>> name.2 but i guess it's simpler if i jsut move the redirects to specific commands
<uvirtbot> New bug: #990160 in sysstat (main) "wrong Blk_read/s" [Low,Expired] https://launchpad.net/bugs/990160
<uvirtbot> New bug: #991965 in samba (main) "package samba 2:3.4.7~dfsg-1ubuntu3.9 failed to install/upgrade: Ð¿ÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð·Ð°Ð²Ð¸ÑÐ¸Ð¼Ð¾ÑÑÐµÐ¹ -- Ð¾ÑÑÐ°Ð²Ð»ÑÐµÐ¼ Ð½Ðµ Ð½Ð°ÑÑÑÐ¾ÐµÐ½Ð½ÑÐ¼" [Medium,Expired] https://launchpad.net/bugs/991965
<uvirtbot> New bug: #992335 in backuppc (main) "package backuppc 3.2.1-2ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Low,Expired] https://launchpad.net/bugs/992335
<uvirtbot> New bug: #992354 in net-snmp (main) "Package snmpd 5.4.3~dfsg-2.4ubuntu1 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [Low,Expired] https://launchpad.net/bugs/992354
<uvirtbot> New bug: #992984 in openldap (main) "package slapd 2.4.28-1.1ubuntu4 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [Low,Expired] https://launchpad.net/bugs/992984
<uvirtbot> New bug: #1019289 in mysql-5.5 (main) "package mysql-server-5.5 5.5.24-0ubuntu0.12.04.1 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [Undecided,Invalid] https://launchpad.net/bugs/1019289
<uvirtbot> New bug: #1019798 in samba "Samba cannot upgrade" [Undecided,Invalid] https://launchpad.net/bugs/1019798
<uvirtbot> New bug: #1019913 in nova (main) "Lazy load of attribute fails for instance_type.rxtx_factor" [Undecided,New] https://launchpad.net/bugs/1019913
<uvirtbot> New bug: #993063 in samba (main) "package samba 2:3.6.3-2ubuntu2.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Low,Expired] https://launchpad.net/bugs/993063
<uvirtbot> New bug: #1020088 in clamav (main) "package clamav-base 0.97.5+dfsg-1ubuntu0.12.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1020088
<Ursinha> jamespage, sure, I can do that
<jamespage> Ursinha, thanks - much appreciated!
<smoser> tempting http://1saleaday.com/?cj=true
<patdk-wk> heh :)
<patdk-wk> my agility in my laptop has been flawless
<patdk-wk> the 4 I have in servers, heh, die all the time, and need a powercycle to come back alive :(
<uvirtbot> New bug: #999766 in mysql-5.5 (main) "MySQL 5.5 not compiled with native AIO" [Unknown,Fix released] https://launchpad.net/bugs/999766
<jamespage> smoser, OK to cover the 12.04.1 slot in tommorows meetings?
<Ursinha> jamespage, :)
<RoyK> smoser: looks like ssd prices are falling :D
<Pinkamena_D> hello
<Pinkamena_D> can anyone help me set up ddclient for namecheap
<Pinkamena_D> hello
<Pinkamena_D> may i get some help configuring ddclient ?
<SpamapS> Pinkamena_D: you'll need to be far more specific
<uvirtbot> New bug: #1020152 in libnss-ldap (main) "Broken symlink /usr/lib/libnss_ldap.so in precise" [Undecided,New] https://launchpad.net/bugs/1020152
<Insyte> I have a Lucid -virtual VM that is crashing every few days.  It crashes hard and fast enough that no crash info escapes via syslog or local log files.  Any recommendations on trying to capture some decent data to start tracking down the cause?
<Insyte> Hypervisor is KVM.
<glance> Insyte: serial?
<Insyte> glance: Good idea; I can leave a screen session open on the virtual serial device.
<glance> next step would probably be crashdump-kernels
<Insyte> Is that via kdump?  Or is that a custom kernel?
<glance> kdump is tools for using crashdump-kernels
<Insyte> So by "crashdump-kernel" do you just mean a kernel with CONFIG_CRASH_DUMP=y?
<uvirtbot> New bug: #1020166 in socat (universe) "Patch socat on lucid to address CVE-2010-2799" [Undecided,New] https://launchpad.net/bugs/1020166
<uvirtbot> New bug: #1020179 in lxc (universe) "Add a timeout option to lxc-wait" [Undecided,New] https://launchpad.net/bugs/1020179
<uvirtbot> New bug: #1020183 in lxc (universe) "package lxc 0.7.5-3ubuntu59 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1020183
<chaos_zero> hello when i am using ddclient and i have use-if it appears to obtain  local ip address from the router and report that ip to the ddns provider, producing an error
<chaos_zero> how do i fix this
<njin> bug 1020067
<uvirtbot> Launchpad bug 1020067 in ubuntu "Ubuntu 12.04 resolving hangs when querying AAAA records against BIND (Ubuntu 10.04) DNS servers" [Undecided,New] https://launchpad.net/bugs/1020067
<njin> bug 1019614
<uvirtbot> Launchpad bug 1019614 in ubuntu "Installing Ubuntu with network disconnected causes major network issues" [Undecided,New] https://launchpad.net/bugs/1019614
<axisys> we have a PCI compliancy requirement.. two of the bullet tasks are to get alerted when the following happens
<axisys> Creation and deletion of system-level objects
<axisys> Initialization of the audit logs
<axisys> what tool provides something along that line?
<axisys> using ubuntu server 12.04 lts
<adam_g> zul: whats the plan for setuptools-git ?
<zul> adam_g: fix the debian/copyright and get it uploaded/mired but i have the day off today ;)
<adam_g> zul: where is it packaged? im going to install it on our pkg builder until then
<zul> adam_g: should be on the jenkins host at least the deb
<jhulten> Did anyone running Ubuntu get caught in the leapacolypse?
<patdk-wk> not that I know of
<maxb> It affected my desktop running precise
<patdk-wk> odd, it didn't affect my machines running precise
<maxb> It seems likely there's some element of race condition involved
<patdk-wk> well, one of the issues was a pthread issue
<patdk-wk> that was mainly hidding mysql
<patdk-wk> though my mysql's made it safely
<maxb> My mysqld simply ate CPU ridiculously until I reset the clock
<patdk-wk> mine didn't, though I'm not running the ubuntu mysql build
<Sander^home> How do I figure out if I have ubuntu server or debian?.. I think /etc/debian_version is the same on both.
<patdk-wk> wasn't that why lsb-release is there for?
<Sander^home> patdk-lap, where does that file resides?
<axisys> Sander^home: /usr/share/doc/lsb-release/README.Debian this might help?
<Sander^home> lsb_release -a
<Sander^home> Seems to work
<nwilson5> is it normal to be having headaches trying to install ubuntu 12.04 with hardware raid/lvm on a uefi system.
<nwilson5> if so, what should we be doing to get this to work
<JoeBlacken> Hi, I'm trying to set an 4 port home network router using ubuntu server 10.04. I was successful in setting DHCP server and getting to the internet. However, I can't ping any machine from the other machines. Can anyone point me on how to fix this?
<patdk-wk> most likely cause you didn't setup a firewall, and enable forwarding
<JoeBlacken> @patdk-lap, I did enable forwarding, all the ports are on the same bond, they all get IPs from the DHCP, and they all get access to the internet
<patdk-wk> how did you setup the bond?
<JoeBlacken> mode 3
<patdk-wk> what mode is that?
<JoeBlacken> let me check
<patdk-wk> broadcast
<JoeBlacken> yes
<patdk-wk> that is normall pretty evil
<patdk-wk> all plugged into the same switch?
<JoeBlacken> no switch, I have 5 ports on the machine
<patdk-wk> hmm?
<patdk-wk> a computer is plugged into each port?
<patdk-wk> you need to kill that
<JoeBlacken> yes, and one is connected to the modem
<patdk-wk> you want to setup bridging, and bonding
<patdk-wk> you need to bridge all the ports together, that don't go to the modem
<patdk-wk> and use that bridge interface as your *single* network interface, instead of the bond interface
<JoeBlacken> how do I do that? can you please point me to where I can get info to do that
<patdk-wk> https://help.ubuntu.com/community/BridgingNetworkInterfaces
<patdk-wk> basically, the bridge device is a switch, that lives in that computer
<JoeBlacken> ok, but will I be able to block ip using firewall when I bridge?
<patdk-wk> block ip from what? going to where?
<patdk-wk> and yes, much much easier then with your bonding method
<JoeBlacken> I want to be able to block ips on my internal networks in case something went wrong
<patdk-wk> blocking via ip/mac/.. is easy
<JoeBlacken> with the bond I know I can do that, I'm not sure about the bridging
<patdk-wk> you could still block, or I would, just remove, the network port from the bridge
<patdk-wk> to just disable it completely
<Daviey> adam_g: How is the nova SRU looking?
<patdk-wk> I'm not sure how you can do that at all with a bond, without affecting others
<patdk-wk> cause with a bind, they all look the same
<patdk-wk> with a bridge, you can still id per nic
<JoeBlacken> I was able to drop packets based on ip, port, or protocol
<patdk-wk> you can always do that
<patdk-wk> what really kills you with a broadcast bond is
<patdk-wk> ALL users share that bandwidth
<patdk-wk> a user downloads from another user at 50MB/sec
<patdk-wk> ALL users get that 50MB/sec used up
<JoeBlacken> so, I can still drop packets on the internal network with a bridge based on ip?
<patdk-wk> the bridge is much more efficient, adaptable, and secure
<patdk-wk> sure
<rbasak> utlemming: around? Are you mirroring quantal with s3aptmirror?
<patdk-wk> bridge gets you an extra layer of firewall too
<rbasak> utlemming: it keeps failing because of the hash sum mismatch
<JoeBlacken> ok, great thank you, this was my only problem, I thought bridge will act like an actual bridge and only work on the MAC layer
<patdk-wk> it does
<patdk-wk> just like a normal network switch does
<patdk-wk> I fail to see how that matters to you at all
<JoeBlacken> I'm trying to try some defense technique that will detect if a certain machine in the internal home network is compromised, and automate the blocking of that machine, either on the IP, PORT, or Protocol
<patdk-wk> you likely will want to use ebtables to block it then
<JoeBlacken> yes
<JoeBlacken> thank you, I will try your suggestion
<hallyn> kirkland: waht is the entropy usb key you bought again?  was it the simtec?
<adam_g> Daviey: im still going thru manual verification of that database thing.
<adam_g> Daviey: did so on a local singl enode test, but wanna do it on a live cloud with instances, etc
<Daviey> adam_g: super
<adam_g> Daviey: verification done for bug #993663
<uvirtbot> Launchpad bug 993663 in nova "[SRU] dns_domains table mysql charset is 'latin1'. Should be 'utf8'" [Undecided,In progress] https://launchpad.net/bugs/993663
<adam_g> Daviey: tags still say -needed, but i believe thats all of them
<utlemming> rbasak: yes...sorry, I missed your chat at lunch
<utlemming> rbasak: I just looked over the logs, and the production set is still running fine
<adam_g> zul: if you're around, is there a packaging branch for setuptools-git? i need to put it in a PPA
<diogobaeder> hallyn: Hi, I'm a new engineer for the Ubuntu One team. Can you help me with an LXC issue? Thanks in advance, sorry for taking your time at this...
<hallyn> diogobaeder: pls go ahead and just ask.  someone else may even answer before i do :)
<hallyn> and nice to met you :)
<hallyn> meet
<diogobaeder> Nice to meet you as well :-)
<diogobaeder> So, the issue I'm having is that I created a Ubuntu 10.04 container successfully, but when I try to log in with the user it created (same user I have in the host env) it logs into the "ubuntu" account, and not in the other one - albeit using my username as my home folder, and reusing my .bashrc
<hallyn> what do you mean by 'logs into the ubuntu account' ?
<diogobaeder> For example: my username at my machine, here, is "diogo", and it logs as user "ubuntu", but with bash pointing to /home/diogo
<hallyn> hm.  does user diogo have userid 1000 ?
<diogobaeder> At the guest or at the host?
<hallyn> well both
<diogobaeder> 1 mom plz, I'll check it
<hallyn> diogobaeder: and this is on a 12.04 host?
<diogobaeder> Yep, ID 1000 on both. Nope, it's an ArchLinux host (I didn't have time to install Ubuntu properly yet, since I started today at this job)
<hallyn> diogobaeder: oh, then isuspect it's just a bug in the upstream lxc-ubuntu template which has beenf ixed in ubuntu, but the patch not yet accepted upstream
<hallyn> diogobaeder: so to fix it you'd edit /usr/lib/lxc/templates/lxc-ubuntu
<hallyn> if possible to run an amazon or canonistack precise guest and do your work there, that'd be easiest.  you could grab the ubuntu package and copy templates/lxc-ubuntu from that
<diogobaeder> Ah, you mean install LXC in a VM guest, grab the template and put it in my Arch box?
<diogobaeder> I have a Ubuntu VirtualBox VM here, so I could do it there
<hallyn> diogobaeder: yeah that might work.
<hallyn> diogobaeder: alternatively you can probably just edit /etc/passwd and /etc/shadow on the created container to remove the 'ubuntu' entry
<hallyn> i can't recall offhand if there was more than that that needed to be fixed
<diogobaeder> Is this template generated at install time? If it's provided ready-to-use from the package, I could just download the .deb and grab it from there, what do you think?
<diogobaeder> Ah, got it... the problem is that as I'm logged as "ubuntu", I'm not a sudoer :-(
<diogobaeder> So I think maybe going the "template replacement" way would be easier
<hallyn> grabbing it from the .deb should be fine
<diogobaeder> Nice. Thanks for the help, man! :-)
<hallyn> diogobaeder: np, have a good week :)
<diogobaeder> u 2
<uvirtbot> New bug: #1020313 in horizon (main) "openstack-dashboard hijacks the web root" [Undecided,New] https://launchpad.net/bugs/1020313
#ubuntu-server 2012-07-03
<smw_> anyone ever see java freeze?
<smw_> whenever I do something like even have it give its version, it hangs for an ungodly amount of time
<smw_> $ time java -version
<smw_> real	0m8.397s
<smw_> (other than the time, it works)
<ScottK> Insert joke here about Java being so slow when it works it's hard to tell.
<KM0201> how do i get pulsaudio to start automatically i boot my server?  i've installed pulse audio, if i log into the server locally, type startx, then pavucontrol, make any adjustment i want ( just folume or whatever) hit escape, hit startx, audio is fine... but i don't have audio "automatically" (the server is hooked to my TV)
<RoyK> KM0201: dunno - does pulseaudio run under X? if so, it's not really an ubuntu-server thing
<KM0201> RoyK: the weird thing is, when i start X, and i get the terminal window, if i type "pavucontrol".. audio works fine when i start xbmc
<KM0201> dunno, can't figure this one out.
<KM0201> not really a big deal though
<RoyK> X things don't really belong to servers, though
<KM0201> RoyK: i'm aware of that
<KM0201> i'm trying to make my server like a media PC, w/ xbmc
<acidflash> hello all
<acidflash> I am seeing a phenomenon using ubuntu-server
<acidflash> I have ubuntu-server installed on a http squid proxy
<acidflash> outside of my proxy, my latency is 160 ms, but INSIDE of my proxy, even if I am alone, there is no one else on the proxy other then myself
<acidflash> my delay will increase to 305-325ms
<acidflash> is this linux related, or is it squid related?
<Jeeves_> I think it's infrastructure-related
<acidflash> aha... so neither ?
<acidflash> probably due to loss and other stuff on my network?
<Jeeves_> I'd say so, yes.
<acidflash> are there any rules or guidelines which i can apply to test this scenario: ie: natting = XXX ms loss, etc.
<Jeeves_> natting should not introduce latency nor packetloss
<acidflash> what might be possible causes ?
<Jeeves_> A switch in between with issues
<Jeeves_> A hub in between with issues
<Jeeves_> A cable in between with issues
<acidflash> mrmm,
<acidflash> even if ping is less then 1 ms as icmp to the proxy from the other end of the network?
<SC-RM> Hi, I'm trying to set up a maas controlled server farm, and I have followed https://help.ubuntu.com/community/UbuntuCloudInfrastructure but all my nodes have "instance-state: unknown" any help on to make it go into running state. I have successfully deploy openstack on top of it, and it's running, but this lack of correct message here bugs me, because, what is wrong?
<SC-RM> Or some log where I could look into to see, what is the cause of it
<_ruben> hm, guess lucid server doesn't do hotplugging of pci nics .. hot-added a nic to vmware guest, doesn't show up tho :/
<zul> good morning
<smb> zul morning, hows the xen merge for quantal going. (nag nag)
<zul> smb: *sigh*
<smb> I know I am a pain. :)
<zul> smb: doing a local test build right now, it got synched again so i rediffed the merge based on your stuff
<smb> zul, Bah, terribly moving target...
<zul> smb:  yeah ive seen worse though...moving targets that is ;)
<smb> zul, Yeah, there likely are. Still quite unsatisfying to find any merge done already obsolete one or two weeks later. Some people seem bored on late Sundays... ;-P
<zul> smb: like i am :)
<smb> zul, or the Debian maintainer :)
<smb> Terrible people... :-P
<zul> smb: volunteer when you can
<smb> zul, I'd rather do other things on a weekend... Not the same things I do during the week...
<zul> same here :)
<mklappstuhl> How can I install Pear (php-pear) on ubuntu server? Going with the official way results in "E: Package 'php-pear' has no installation candidate
<ReekenX> mklappstuhl: What distro version you are running?
<zul> smb: uploaded
<smb> zul, Awesome! Thanks. :)
<mklappstuhl> ReekenX: 12.04
<mklappstuhl> ReekenX: Also "aptitude search php" only returns 7 results which is far to less I think(?)
<ReekenX> mklappstuhl: Firstly be sure to run "apt-get update" if you having any packages problems. I think problem is that you haven't added source repository "security" where php-pear package lives: http://packages.ubuntu.com/precise/php-pear
<mklappstuhl> ReekenX: looks like that solved my issue, hehe :)
<mklappstuhl> ReekenX: (new servers... teh...)
<Pupeno_W> Hello. In my own computer I have Host *, ForwardAgent yes. I do ssh pupeno@b1 (b1 is a local virtual machine I'm using to test some stuff). If I do ssh pupeno@b1 inside b1, shouldn't I log in straight away due to the ssh forward? or am I missing something?
<KristianDK> Pupeno_W, if you are using SSH Keys, yes
<KristianDK> Does anyone know how to temporarely get ActiveMQ running on ubuntu, till they release a fix for #993249 ?
<KristianDK> https://bugs.launchpad.net/ubuntu/precise/+source/activemq/+bug/993249
<uvirtbot> Launchpad bug 993249 in activemq "[SRU] activemq fails to start on Ubuntu 12.04" [High,Confirmed]
<Pupeno_W> KristianDK: yeah, I'm using ssh keys...
<Pupeno_W> Soâ¦ what could I be doing wrong that ssh keys are not being forwarded?
<samba35> how do i check wheter my gui support unity 3d or not ?
<samba35> oops
<KristianDK> Pupeno_W, maybe the config file is somehow not loaded? Otherwise, try setting this for the specific host. If you have other settings for this host, I'm not sure how the override works - try putting it together in one section, e.g. Host b1\n    ForwardAgent yes
<andygraybeal_> hey guys, i'm trying to get a real serial port on my KVM server to be the serial port of a virtual machine (win xp pro) anyone have any luck with this?  i'm on ubuntu 10.04.
<andygraybeal_> the serial port is gonna run a serial printer
<andygraybeal_> brb, coffee refill
<Pupeno_W> I tried setting up the hostname, same difference.
<zul> Daviey: around?
<stonk> Hi. About 2 months ago I read an article on a system that was installed on top of Ubuntu server that allowed quick installation of things like apache, php and a whole host of other projects. I don't suppose anyone here knows what that is? thanks
<andygraybeal_> stonk, apt-get ?
<stonk> :-)
<andygraybeal_> stonk, explain a bit more.. to install apache, i use apt-get install apache2
<andygraybeal_> i'm no expert though
<henkjan> Mark is going after ipv6 support for canonical services http://instituut.net/~job/screenshots/44c1a08256e0dbf1.png
<stonk> It was a project I'd read about where you connect via a local webserver and then there was literally hundreds of apps you could install
<andygraybeal_> yea, i have no idea.. i don't understand what is wrong with apt-get install.
<andygraybeal_> or why anyone would replace it.. but i live in my own bubble and welcome diversity
<th0mz> what is the name of the "kickstart" under ubuntu please ?
<henkjan> th0mz: https://help.ubuntu.com/10.04/installation-guide/i386/automatic-install.html
<andygraybeal_> i'm having a time with getting real serial port to work on my host inside my guest os.  the goal is to print via a serial printer.  i have done --serial=dev,PATH=/dev/ttyS0  with virt-install and it coughs and dies.. and never creates a .xml file.  any hand holding would be appreciated.
<andygraybeal_> i can talk to the serial port and associated printer just fine on the host.
<andygraybeal_> doing somethign like echo "hello word" > /dev/ttyS0
<asby> Hi, I have an issue with ubuntu-server 12.04 (minimal install, fully updated) where I can only reboot a server using a power cycle. With a shutdown -r now (or -h and power on) the server just hangs just after init-bottom.
<asby> What are the differences between booting with a shutdown -r now and a power cycle?
<asby> Since the server hangs before starting the syslog daemon I can't find anything what will cause this problem.
<asby> Is there any documentation what explains the complete boot sequence of ubuntu-server? So I can find where it goes wrong?
<Ursinha> Server team meeting in 5 minutes @ #ubuntu-meeting
<zul> oh...joy :)
<Ursinha> :)
<esuave> so what can i do if my servers' inode is at 100%.. df -i shows me 100%
<esuave> and the OS wont let me create any other files.
<IdleOne> esuave: delete some log files
<asby> esuave, cleaning and rethink your filesystem layout
<IdleOne> and maybe use logrotate
<asby> you can either recreate your filesystem with a smaller bytes-per-inode, create multiple filesystems, or use another filesystem type
<blkperl> so puppet 3.0 is still in release canidate mode, but is it going to make it into quantal?
<blkperl> looks like quantal has 2.7.11 at the moment
<wmp> hello
<wmp> after grub-set-default i must run update-grub?
<maxb> no
<jcastro> SpamapS: feel like doing something good for mankind?
<jcastro> https://bugs.launchpad.net/ubuntu/+source/mod-proxy-html/+bug/964397
<uvirtbot> Launchpad bug 964397 in mod-proxy-html "proxy_html is missing libxml2.so.2 (AMD64 and i386)" [Unknown,Fix released]
<zul> hallyn: are you in today?
<r3dLunchb0x_> looking for a good tool to monitor nfs traffic. something that shows amount of data through certain interface.
<SpamapS> jcastro: my internet was down for the last 2 hours, but yes, I always enjoy helping our fellow man, as long as I don't have to get out of my chair to do it.
<jcastro> heh
 * RoyK needs another 20km on the bike
<r3dLunchb0x_> nfsstat command, how can i get it to capture size/amount of data during a certain time frame?
<zul> SpamapS:  just use a pointy stick
<tonyyarusso> r3dLunchb0x_: ntop?
<Saer> I was doing a backup of my server via rsync/ssh when it locked up, after reboot I'm left with the error: Init: Failed to spawn friendly-recovery post-stop process: unable to execute: permission denied  (This occurs even in recovery mode) I've tried several things to troubleshoot and searched a bit with no luck, anyone have a suggestion on where to go from here?
<escott> Saer, can you boot init=/bin/bash?
<Saer> from the installation cd I can boot
<escott> Saer, if you have physical access I would chroot in
<Saer> ok I'll give that a shot
<Saer> hrm it says "chroot can't execute '/bin/sh' permission denied
<Saer> but it seems to have mounted the array on /target and I can see all of the files there
<escott> Saer, what are the permissions on /bin/sh?
<Saer> let me check
<Saer> root/root
<escott> Saer, but is it marked executable?
<Saer> yes
<Saer> infact I can type sh and it runs or I can type chroot and it runs, but if I do chroot /target it errors
<escott> so why would chroot say permission denied when trying to execute it
<escott> what is the exact line you are running when you try and execute sh
<Saer> just /bin/sh
<escott> you mean /target/bin/sh?
<Saer> no just the /bin/sh I'm in the recovery shell (busybox)
<escott> when you try to chroot to /target it will exec /target/bin/sh not busybox sh. so you need to be looking at /target/bin/sh (that which becomes /bin/sh after chroot)
<Saer> permissions on /target/bin/sh are some numbers
<Saer> read/write/execute all set on though
<Saer> owner is 1002
<escott> thats clearly wrong.
<escott> Saer, maybe you did something that ran a root chown on the /
<escott> Saer, ls -l /target/bin/sh should say lrwxrwxrwx 1 root root 4 May 28 18:04 /bin/sh -> dash
<Saer> yep that's wrong, it says  lrwxrwxrwx 1 1002 10513 root 4 Jul 3 xx:xx:xx /bin/sh -> dash
<Saer> probably screwed up something with rsync, not sure, but what do you suggest for repairing the permissions
<escott> you could maybe chown it back to root:root, but thats not going to correct for every executable. i would suggest reinstalling
<Saer> well I did chown root:root /target/bin/sh and it's still showing the same permissions from before
<Saer> no error message, looks like the chown completed without an issue
<Saer> also looking at my other files, it's ONLY /bin and the vmlinuz file that have the permissions wrong
<Saer> I dont mind reinstalling as you suggest, just wondering why chroot isnt working
<Saer> chmod rather
<escott> i dont know what to make of that. lrwxrwxrwx 1 ok up to here. 1002 >>user 1002 owns /bin/sh???<< 10513 >>unlikely you would even have a group with that number<< root >> this should be the timestamp now, WTF is this<< Jul 3 >>ok<< xx:xx:xx >>are you suppressing the hh:mm:ss??<< /bin/sh->dash ok
<Saer> I will type it exactly, one sec
<Saer> no copy and paste :p
<escott> Saer, if its just you typoing a few things its not a big deal, im just wondering why there was something after the gid before the timestamp
<Saer> oh it was just lost in manual copy/paste im sure, the formatting looks normal, permissions are as you say, followed by the userid, gid, timestamp and then sh->dash
<Saer> ok also the user and group
<Saer> those are user/groups from the other machine I was doing the rsync backup to, rather trying to setup it up
<escott> ok.
<Saer> no idea why they changed the user/group on this machine, but obiously I'm an rsync noob and will read more on it before messing my filesystem up more lol
<escott> Saer, well (on my machine) root owns everything in /bin so chown root:root /bin/* should be ok-ish. id still be worried the only way rsync should touch the permissions is if it replaces the file in which case you have to ask where did this binary come from?
<escott> Saer, you generally want the -a flag when doing rsyncs to preserve permissions
<escott> -aAX might even be better
<escott> anyways you did "chown root:root /target/bin" and it completed silently, but the permissions were unchanged?
<Saer> yeah I dont think I used a I just used -ve
<Saer> I did it and yes, the permissions didnt change :(
<Saer> also tried chrown root:root /target/bin/*
<escott> what does echo $? say immediately after the chown?
<Saer> nothign at all
<escott> really confused
<Saer> me too 0.o
<escott> how is /target mounted? read-write? can you touch /target/test
<Saer> it was mounted by the ubuntuu install disk, so I'm not sure, how do I check?
<escott> just type "mount"
<Saer> rw, relatime, user_xattr,acl,barrier=1,data=ordered
<escott> what about touch /target/test.txt; and touch /target/bin/test.txt
<Saer> both of those didnt return anything
<escott> but do they create the files /target/test.txt and /target/bin/test.txt
<Saer> yes the files are there
<Saer> this is so weird -_-
<escott> Saer, so things to check "touch /target/bin/sh; ls /target/bin/sh" and verify the modified time changes. "chown root:root /target/bin/*; ls /target/bin/sh" and see if it becomes root owned
<Saer> ok so touch /target/bin/sh did not update the file time
<lifeless> its probably a symlink :)
<lifeless> what does 'stat /target/bin/sh' show ?
<Saer> it's a link to /target/bin/dash owned by an unknown uid and gid
<Saer> the last access does appear to have been updated from the touch command in stat
<lifeless> if you chroot /target /bin/sh, then stat /bin/sh, does it show a uid and gid ?
<Saer> when I try to chroot /target I get permission denied
<Saer> can't execute /bin/sh
<Saer> ok also /target/bin everything is owned by root:root now
<Saer> except for the symlinks
<Saer> they are all still owned by the unknown uid
<lifeless> it would be "chroot /target /bin/sh" or perhaps "chroot /target /target/bin/sh"
<Saer> yep it worked, but now all my commands like chroot/chmod/ls are access denied lol, rebooting to switch ownership of those and I think i'll have some progress
<lifeless> as for the link itself - "The permissions of a symbolic link are irrelevant; the ownership is ignored when following the link, but is checked when removal or renaming of the link is requested and the link is in a directory with the sticky bit (S_ISVTX)
<lifeless>        set.
<lifeless> "
<lifeless> good luck
<Saer> yes I did a chown on dash and sh started working
<Saer> was able to mount
<Saer> thank you both for you assistance
<Saer> *able to chroot even not mount
#ubuntu-server 2012-07-04
<m50> y
<Dragunov> i hope i am in the right place. i'm having trouble partitioning my disks for use with lvm when attempting to install the server.
<azei> Hello
<azei> each time
<azei> i reboot my server i got the keyboard in english, everything is in french w/o the keyboard i got an french keyboard connected to the server
<azei> i got that problem since i  pass to ubuntu precise
<azei> ????
<blkperl> azei: have you searched for an existing bug ticket in launchpad yet?
<azei> hello anyone there ?
<azei> hi blkperl
<azei> is it possible to that orver command line ?
<blkperl> azei: i think the ubuntu-bug command is what you want
<ussher_> Im having trouble locating a [solved] thread anywher for this issue i have when i try to FTP after upgrade to 12.04 "libgcc_s.so.1 must be installed for pthread_cancel to work"  anyone seen an this before?
<ussher_> no FTP accounts can login.
<thisismyname> anyone else having problems on de-cix?
<thisismyname> looks like :) netsplit :)
<DigitalFlux> Hi Guys
<DigitalFlux> What's up with byobu on ubuntu server precise ?
<DigitalFlux> I just can't scroll up like i used to do before ..
<DigitalFlux> Ctrl+a Esc then up arrow doesn't work
<DigitalFlux> Any solutions to this ?
<DigitalFlux> it works fine with the screen backend
<DigitalFlux> but the default tmux backend is just broken
<jamespage> DigitalFlux, alt+ Pgup/Pgdown works for me
<DigitalFlux> jamespage: yeah, i guess that works
<DigitalFlux> jamespage: I have to Function+Alt+ up/down for the OS X though
<DigitalFlux> jamespage: Thanks
<jamespage> DigitalFlux, I think its configurable tho
<jamespage> so you make it behave like screen
<jamespage> I get prompted first time I did a Ctrl-a Esc as to which behaviour I wanted
<DigitalFlux> jamespage: that's true but ctrl-a didn't work with both of the choices that i got
<Cirbri> Howdy all. I have a question -- I was wondering if memory errors show up in dmesg? I've got ECC memory, but I'm just interested in know if any problems exist -- and whether they would show up in dmesg, rather than more details information that might be possible to get via ECC probing kernel modules or such.
<ikonia> Cirbri: depends on the error
<_ruben> bugger .. fresh install of 12.04 server, lvm on top of mdadm, /boot on plain mdadm, "cant mount /boot" at boot time .. sigh
<_ruben> select fix manually, type mount /boot, ctrl-d, boot continues just fine
<xnox> _ruben: yes, there is an SRU in progress for that for precise... I'm sorry for inconvenience
<_ruben> xnox: oh, good to know
<_ruben> any workaround for the time being?
<xnox> _ruben: https://bugs.launchpad.net/ubuntu/precise/+source/mdadm/+bug/942106
<uvirtbot> Launchpad bug 942106 in mdadm "software raid doesn't assemble before mount on boot" [High,Confirmed]
<xnox> _ruben: https://bugs.launchpad.net/ubuntu/precise/+source/mdadm/+bug/942106/comments/5
<xnox> but that's half or the story, but should help most of the time.
<_ruben> gonna try it
<_ruben> do need to rebuild the initrd for that to take effect?
<_ruben> xnox: didn't seem to have helped, did rebuild the initramfs
<_ruben> doh
<xnox> ?
<_ruben> i rebuilt when /boot wasnt mounted
<xnox> well done =)
<redactd> hi there, anyone know what package whois is in? for some reason it is not there on my stock 12.04 install
<_ruben> redactd: whois
<_ruben> ;)
<redactd> _ruben, lol
<_ruben> xnox: still no go, double checking if my change got through to the initramfs
 * redactd shakes head
<Cirbri> ikonia: What sort of memory errors would show up in dmesg? Knowing this would anwser my question.
<ikonia> Cirbri: I'd suggest certain things like application/process warnings on exit due to memory issues
<xnox> _ruben: ubuntu-bug mdadm ....
<_ruben> xnox: running...
<alex88> hi guys, i had a problem with php session garbage collection, i've seen the cron script but it never gets run, running manually works fine
<_ruben> xnox: fyi: https://bugs.launchpad.net/ubuntu/+source/mdadm/+bug/1020914
<uvirtbot> Launchpad bug 1020914 in mdadm "The disk drive for /boot is not yet ready or not present" [Undecided,New]
<_ruben> xnox: adding "nobootwait" to the /boot entry in fstab seems to work around it btw .. err no, it just doesn't mount it at all
<uvirtbot> New bug: #1020416 in squid3 (main) "package squid3 3.1.19-1ubuntu3.12.04.1 failed to install/upgrade: Ð¿Ð¾Ð´Ð¿ÑÐ¾ÑÐµÑÑ ÑÑÑÐ°Ð½Ð¾Ð²Ð»ÐµÐ½ ÑÑÐµÐ½Ð°ÑÐ¸Ð¹ post-installation Ð²Ð¾Ð·Ð²ÑÐ°ÑÐ¸Ð» ÐºÐ¾Ð´ Ð¾ÑÐ¸Ð±ÐºÐ¸ 1" [Undecided,New] https://launchpad.net/bugs/1020416
<uvirtbot> New bug: #1020436 in multipath-tools (main) "Multiple filesystems cannot read superblock after fibre path failover" [Undecided,New] https://launchpad.net/bugs/1020436
<uvirtbot> New bug: #1020718 in tomcat6 (main) "package tomcat6 6.0.35-1ubuntu3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,Invalid] https://launchpad.net/bugs/1020718
<enigmuriatic> hi everyone. what's the preferred method of setting up a mail server?
<enigmuriatic> i followed the help section's tutorial but it was mostly a cookbook (didn't give any options or explanations), and it ended up not working
<jpds> enigmuriatic: Postfix?
<jamespage> Daviey, how would you feel about reviewing the two oldest source packages in the quantal NEW queue
<efpe> hi
<efpe> i have a problem of course...
<efpe> :/
<efpe> so i have a karmic system which was upgraded to hardy
<efpe> the upgrade process failed and the old sys ops left the system in an unstable state
<efpe> half of the packages from karmic and the other half of hardy
<Patrickdk> how did you *upgrade* from karmic to hardy?
<efpe> we don't know why but the system stopped and rebooted
<efpe> Patrickdk: great question, we dont know that, the old system administrator team did it
<Patrickdk> hardy -> jaunty -> intrepid -> karmic -> lucid
<Patrickdk> you have to upgrade to each of those step by step
<Patrickdk> if you don't, it destroys your system
<efpe> okay
<Patrickdk> you could upgrade from hardy -> lucid direct though
<efpe> maybe they had to use a package from karmic and changed the sources.list file
<efpe> i don't know
<Patrickdk> but as it was in an inbetween, well
<Patrickdk> that should never be done
<Patrickdk> just recompile the package for hardy
<efpe> Patrickdk: i know :)
<Patrickdk> well, it soulds pretty well screwed right now :(
<efpe> lsb_release says it's hardby
<Patrickdk> what does the screen say at boot?
<efpe> sources.list says karmic :)
<Patrickdk> and you did disable quiet/silent/... in grub
<efpe> i did of course :)
<efpe> i think the fuckup is with the udev/mountall
<efpe> some of the init hooks run successfully
<efpe> then the mountall says
<efpe> / wainting for /dev/md0 (softraid, eh)
<efpe> /tmp waiting for (null)
<efpe> and i get a console, not initramfs, my real system, with a readonly rootfs
<Patrickdk> hhmm, sounds like a probably simple case then
<Patrickdk> just the raid can't locate itself
<Patrickdk> google that
<efpe> just wait :)
<Patrickdk> fixing mdraid
<efpe> if i remount the rootfs in rw mode and run the mountall command it returns with 0
<efpe> everything seems fine, except the system not booting
<efpe> mdstat says everything is great
<efpe> udev is located the swraid disks and partitions
<efpe> i have some strace outputs and a screenshot
<efpe> maybe you can take a look
<efpe> http://www.efpe.hu/ubi/
<efpe> thanks ;)
<efpe> the readonly.txt contains a strace output with readonly rootfs
<Patrickdk> my guess is you managed to get some upstart code in there
<stgraber> zul: could you follow up on bug 1006898?
<uvirtbot> Launchpad bug 1006898 in dnsmasq "[SRU] dnsmasq fails at leasing issues when using vlan mode" [Medium,Fix released] https://launchpad.net/bugs/1006898
<zul> stgraber: yep
<efpe> Patrickdk: and what's the problem with that?
<efpe> upstart is great, isn't it? :P
<efpe> and yes, mountall wants to communicate with upstart
<halvors> Hi! Anyone know if it's possible to use my Ubuntu box as a DOCSIS 3 cable modem/client? Of course i'll need the right hardware, but is it possible on the software basis?
<efpe> Patrickdk: i made screenshots about the booting process (i dont have access to serial console/sol/etc)
<efpe> :(
<uvirtbot> New bug: #1020773 in bacula (main) "package bacula-director-pgsql 5.2.5-0ubuntu6.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1020773
<uvirtbot> New bug: #1020788 in samba (main) "package winbind 2:3.4.7~dfsg-1ubuntu3.10" [Undecided,Incomplete] https://launchpad.net/bugs/1020788
<uvirtbot> New bug: #1020834 in maas (main) "instance-state: unknown" [Undecided,New] https://launchpad.net/bugs/1020834
<Patrickdk> halvors, ubuntu has nothing to do with docsis3 cable modem
<catphish> is anyone aware of a bug in 10.04 kernels that causes a crash after 200 days of uptime?
<catphish> i've observed this at least 10 times in different servers, installed at different times, at various patch levels of ubuntu 10.04, all have crashed between 195 and 210 days of uptime
<catphish> rather than a panic, they've simply slowed to a halt, responding to ping, but nothing requiring significant cpu power
<chaos_zero> hello, has anyone tried to configure ddclient with namecheap?
<qman__> catphish, I have to counter that analysis
<qman__> I've got half a dozen lucid servers that have all run for well over a year of uptime without issue
<qman__> couldn't tell you specifically which kernel versions, but several of them
<catphish> qman__: i'm not saying it happens to all servers, in fact i have some that are unaffected
<catphish> but at least 50% of mine have been affected
<catphish> and on several occasions
<catphish> usually in groups (ie servers powered on at the same time crash within 10 minutes of each other)
<catphish> very strange
<catphish> it could well be something unusual i run in userland that triggers it
<qman__> that is strange, but it doesn't seem like a kernel issue, or at least not a generic kernel issue
<qman__> same hardware?
<qman__> might be a specific set of circumstances
<qman__> I am dealing with an unrelated issue myself, though
<qman__> got a new UPS, so I shut my servers down to install it
<qman__> file server won't come back up
<qman__> gets past where it does the fsck, but not to where it starts showing stuff on the screen or writing logs
<qman__> filesystems and disks are okay, verified with systemrescuecd
<catphish> i've never had a server fail to finish booting like that
<qman__> tried booting with nomodeset and noplymouth
<qman__> same deal
<catphish> though possibly something trying to talk to the network to finish and can't?
<qman__> well, the interface is up, it pings
<qman__> but that's it
<catphish> my servers are all Dell, R210 R310 R410
<catphish> they all run ruby, ntpd, puppet
<catphish> and 10.04
<qman__> mine are whatever I managed to get
<qman__> this one's on a gigabyte AM3 system, intel NIC, various SATA controllers
<qman__> the only mainstream server brand server I have is an old proliant, and I don't even use it because it's too loud
<qman__> but I'm confident this isn't a hardware issue, systemrescuecd works fine, my filesystems all check out, and everything works live
<thys> I keep losing my connection though SSH on my ubuntu server. It works fine while I use it then it freezes and I have to eject it and log in again. How do I find the keep-alive settings?
<sw> thys: '$ nano /etc/ssh/sshd_config' and add 'KeepAlive yes' and 'ClientAliveInterval 60'
<uvirtbot> New bug: #1021067 in bacula (main) "package bacula-director-mysql 5.2.5-0ubuntu6.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1021067
<arooni-mobile> somehow i think my name servers are messed up.  wget: unable to resolve host address `rubyenterpriseedition.googlecode.com' ... and "host cnn.com" => ;; connection timed out; no servers could be reached ... how would i fix this ?  ubuntu 10.04 lts
<efpe> arooni-mobile: /erc/resolv.conf
<efpe> use google's
<arooni-mobile> efpe, that file is auto generated it says
<efpe> yep, from /etc/resolvconf/
<efpe> you can modify the settings there
<jamespage> zul: around still?
<zul> jamespage:  you must have esp just stopped in for a sec
<jamespage> zul, lol
<zul> jamespage: whats up?
<jamespage> anyway - I'm just hacking on some stuff that uses openvswitch
<zul> ok
<jamespage> its looks a bit borked ATM - just raising a bug
<zul> borked as in how
<jamespage> zul: bug 1021078
<uvirtbot> Launchpad bug 1021078 in openvswitch "openvswitch-switch fails to start" [Undecided,New] https://launchpad.net/bugs/1021078
<jamespage> like the switch bit don't start...
<zul> okies ill have a look tonight
<jamespage> zul, I *think* its due to a name change in the kernel module
<jamespage> as I had the same problem with mininet (the package that uses openvswitch)
<jamespage> i hacked it locally to work
<jamespage> zul: thanks v much
<uvirtbot> New bug: #1021078 in openvswitch (universe) "openvswitch-switch fails to start" [Undecided,New] https://launchpad.net/bugs/1021078
<axisys> can I get rid of avahi-daemon? I am pretty sure I dont need it on our company servers.. please advise
<Patrickdk> sure
<Patrickdk> it never installs for me
<Patrickdk> probably cause I always do, minimal install
<Patrickdk> press f4 at install, and it gives you that option
#ubuntu-server 2012-07-05
<chaos_zero> hello i have a server emergency (lol njot actually that seriour for the world, but serious for me)
<chaos_zero> i was trying to clean up all these ip rules i made that did not work so i used the flush command and now the network does not work correctly or do anything even after a server reboot
<chaos_zero> can i restore to like it was before the flush
<qman__> chaos_zero, if you flushed the rules you also need to set an accept input and output policy
<qman__> sudo iptables -P INPUT ACCEPT; sudo iptables -P OUTPUT ACCEPT
<MoleMan> Can anyone think of any reasons SSH keys may not work for a specific user? the authorized_keys file is identical to that used and working for two other users (bar owner and group obviously)
<qman__> permissions
<MoleMan> 664, same for all 3 users which have SSH keys set...
<qman__> ~/.ssh must be 700, ~/.ssh/authorized keys must be 600
<qman__> well, it's supposed to be anyway
<MoleMan> #644 not 664. okay, I can change them, but too high permssisions shouldn't matter? and is working for two other users like that so :/
<qman__> sshd cares about that
<qman__> if your keys aren't secured it won't work
<MoleMan> but why would it work for two users, but not a third?
<qman__> especially ~/.ssh and your private key
 * MoleMan is fixing anyway
<MoleMan> I don't actually have any keys set on the server, only authorised keys, and am using PuTTY from windows...
<qman__> could be the user's shell
<qman__> is it a valid shell?
<MoleMan> I believe is bash, same as the others, and I can login and interact properly if I manually enter password...
<qman__> ok
<MoleMan> have just fixed the permissions, about to try again
<MoleMan> -_- it worked...
<MoleMan> must have been the directory permissions... I think they were different...
<MoleMan> thanks :)
<qman__> yeah, that one's not so obvious if you haven't seen it before
<qman__> the other issues have better indicators
<MoleMan> I know I'm probably about to get told that it's bad practice to actually have the www-data account with a password and changed shell and in a usable condition etc blah blah blah
<MoleMan> but how could I give the www-data full access to run 'service apache2 reload' without errors?
<MoleMan> because the service should start using permissions as www-data, but it still requires root/sudo to be able to start/stop/reload it without errors?
<qman__> add a sudoers rule to specifically allow www-data to do only that
<qman__> but yes, that's still an incredibly bad idea
<qman__> at the very least, set up the keys and remove the password
<qman__> and make sure you use absolute paths for the commands
<MoleMan> bearing in mind it isn't a production server, is just a random server hosting a few unused sites etc in the other room, what are the main issues with doing so? (I know its a bad idea, I just never looked properly into why) I mainly added the password for FTP access because I was getting annoyed by permissions...
<qman__> that's an even worse reason for doing so
<qman__> just create a new user, add them to the www-data group, done
<qman__> www-data shouldn't actually own anything it doesn't absolutely have to anyway
<qman__> your website files should be owned by root or the user who maintains them
<qman__> www-data should merely have read access through world permissions
<qman__> the main problem is that websites are not just static pages anymore
<qman__> and scripts, especially php scripts, are vulnerable to attack
<qman__> and your scripts run as www-data
<qman__> so www-data should not be able to do anything destrucgive
<qman__> destructive*
<MoleMan> but it has to be able to write to files for certain php files to work and do what theyre meant to...  and it has to own/be able to access its on config surely?
<qman__> no
<qman__> if you're allowing writing, it should be strictly limited
<qman__> to a single directory or file
<qman__> and it should be able to read its config through world-read, like most everything else
<qman__> the www-data user is not trustworthy and should be treated as such
<MoleMan> hmmm, I will take what has been said on-board :) and will act upon it at some point...
<MoleMan> I think both my PC and server are due a rebuild sometime soon anyway
<qman__> while you're at it, you shouldn't use FTP either
<qman__> SFTP is in all ways superior
<MoleMan> if so, why does FTP appear to be the more commonly used standard? or is that either my misconception, or it spreading across from windows servers?
<qman__> ignorance, mostly
<qman__> http://mywiki.wooledge.org/FtpMustDie
<qman__> if you want some more substantial reasoning
<MoleMan> yet large webhosts etc surely have no excuse for ignorance, yet give their users FTP not SFTP? or is that more because SFTP uses actual user accounts, where FTP can be configured alternatively?
<qman__> no, just ignorance and laziness
<qman__> it's rampant
<MoleMan> (if I'm coming across as argumentative its not the intention, this is just the style I discuss things in to understand better)
<MoleMan> just thought I'd throw that out there, as people have had problems with my attitude before when I'm just trying to discuss and understand/learn :)
<qman__> especially if you're using SSH already, there's no reason not to use SFTP
<qman__> you already have it, your users are already configured
<qman__> and restricting users to SFTP and not SSH is easier than ever since about a year and a half ago
<qman__> there's a built in sftp-only feature
<qman__> and chrootdirectory
<qman__> and there's winscp and filezilla for windows users
<MoleMan> I know FileZilla supprts SFTP as a client, my comment about windows was more to whether it is possible to host a SFTP server on windows?
<qman__> yes, with filezilla server
<qman__> there are other programs too
<qman__> I don't think microsoft has an SFTP server in IIS yet
<qman__> but enabling FTP in it requires significant hoop-jumping too
<qman__> about the only thing FTP has that SFTP doesn't is anonymous file uploads/downloads, but that's easily accomplished with HTTP and a simple website, and is usually a bad idea anyway
<qman__> and you could always create a public user account too
<MoleMan> yeah, I agree its a bad idea, and surely can be achieved by creating an account 'anonymous' witha blank/obvious password anyway
<MoleMan> beat me to it :P
<MoleMan> considering anonymous FTP actually theoretically uses your email adress doesn't it? or something like that... I can't remember
<ScottK> http://mywiki.wooledge.org/FtpMustDie
<MoleMan> ScottK: yeah qman__ had already linked and I am reading, had just popped back to comment that I like the blunt terminology of 'your wiki page about FTP protocol being shit'
<ScottK> There's really no excuse for ftp anymore.
<MoleMan> awkward moment when I can't even see what FTP server I have installed to remove... I thought it was SFTPD or something, but apparently that isn't there...
<MoleMan> can't even remember what I was doing anymir
<MoleMan> more#
<qman__> so, is there any way to find out where my server is hanging when there's no screen output and no logs written?
<qman__> I know it gets past fsck, because I've seen it doing the disk activity checking the disks
<qman__> and the interface is up and pings, but that's it
<qman__> I get a blank screen with a blinking cursor 2/3 the way down
<qman__> and I'm already booting without quiet splash and with nomodeset noplymouth
<john206> Hi guys, can anyone help me out with ks.cfg file?
<john206> anyone? :)
<john206> out of 100 people here not even one volunteer cool :)
<Alfafa> Hi anyone have problems with maildrop making temporary failures since yesterday? (I thought it could be updated packages. But only gnutls related packages + cron was updated - and I don't see the maildrop binary linked to gnutls libraries)
<Alfafa> It seems there is some how a problem. When I now run maildrop -d <user> I just get  a message like this: ERR: authdaemon: s_connect() failed: No such file or directory
<Alfafa> The only packages upgrade between working and nonworking is: libgnutls-openssl27:amd64 (2.12.14-5ubuntu3, 2.12.14-5ubuntu3.1), libgnutls26:amd64 (2.12.14-5ubuntu3, 2.12.14-5ubuntu3.1), libgnutls26:i386 (2.12.14-5ubuntu3, 2.12.14-5ubuntu3.1), libgnutlsxx27:amd64 (2.12.14-5ubuntu3, 2.12.14-5ubuntu3.1), cron:amd64 (3.0pl1-120ubuntu3, 3.0pl1-120ubuntu4), libgnutls-dev:amd64 (2.12.14-5ubuntu3, 2.12.14-5ubuntu3.1)
<Alfafa> I haven't had the authdaemon installed because I don't use it, but maybe maildrop tries to connect to it via gnutls and something in gnutls is changed/fails ?
<moothecow> Hi, I'm a bit confused. Since when does cache make it into swap? Either that, or top is hopelessly incorrect.
<moothecow> We run online backup software on it in java, there's 2 java processes, according to top they use 38.3 and 8.4% of the memory (4GB). Yes, there's 3.8G used (of which 1.6 buffers) and 2.7G swap in use (adding all mem percentages in top comes only around 50% of memory)
<Alfafa> moothecow: Didn't see your original question. Is the problem that the processes is spinning cpu?
<moothecow> no the problem is there's memory in use that I can't related to a process
<moothecow> have stopped the backup software now, according to free there's still about 3G memory used. Swap is nearly empty now (only 71MB)
<moothecow> sorting by memory in top (M) lists 3 processes with 0.1% mem, the rest is at 0.0...
<moothecow> so there appears to be 3G in use by air or something like that :)
<_ruben> moothecow: if you find a way to track back that kind of memusage to something useful, let me know ;)
<_ruben> have had similar challenges in the past as well :)
<moothecow> Must be a memory leak or something... find it quite amazing anyways, there's a community grid client on it
<moothecow> oh world community grid, that's it... but according to top that's hardly using memory, it seems to have died cause it should use a lot of cpu :D but it's idle
<_ruben> it decided to "use" mem instead of cpu apparently
<moothecow> perhaps, but stats don't reflect that :/
<_ruben> i (also) don't understand how the system could claim memory as being used, but not "know" what's using it, apparently
<moothecow> _ruben: can buffers end up in swap? afaik they shouldn't
<_ruben> that'd be really strange
<_ruben> the whole idea about cache and buffers to make things faster, not slower ;)
<moothecow> yea but it runs iet(d) (iscsi enterprise target) in fileio mode
<blinkiz> Hi. I need examples how to get prefix delegation to work from a dhcp v6 server. Am talking http://tools.ietf.org/html/rfc3633
<_ruben> eew ... ietd
<moothecow> never quite understood which is faster anyways fileio seems to do much more caching
<moothecow> yea looking at switching to lio
<moothecow> unfortunately, they have removed vaai from the roadmap... seems to be implemented but only on the paid version
<_ruben> might research lio someday, using scst currently
<moothecow> lio has error corrections etc. (iet doesn't - not sure on scst I really like the design (never used it tho') but it was never allowed into the kernel)
<moothecow> they include lio instead... think scst would have added some stuff for the general scsi stack as well so that's unfortunate
<_ruben> scst builds fine through dkms, for optimal performance you'd need to apply some small kernel patches tho, which i dont bother with
<moothecow> lio on the other hand had vaai on the roadmap for the free version at some point (but it's gone and can't find any mention of it other than on the commercial version)
<moothecow> so that kinda had me excited for nothing :D
<moothecow> lio and scst should perform similar iirc
<_ruben> there's been quite some discussions on the scst mailinglist about getting it mainlined, the scst devs had the feeling they weren't treated in a fair manner, and lio just getting shoe-horned in instead
<moothecow> I read the kernel posts on that
<moothecow> apparently he insisted on using /proc, all they wanted was him to use the new standards (sysfs, etc.) lio uses configfs (actually getting quite fed up by all the new fs's, how many do we need... there used to be just /proc :D)
<_ruben> it crossed a shitload of mailinglists ;)
<_ruben> scst has moved to sysfs quite some time ago (mostly due to that discussion)
<_ruben> procfs is still left for backwards compat and stuff
<_ruben> (compiletime option)
<moothecow> hmm but now that they choose lio they won't move soon I presume... :/ scst offers a lot of advantages for the entire scsi stack tho'
<moothecow> are you aware of any distro's using it by default?
<_ruben> there's tons of freenas and likes that ship it i think, never really looked into any of those
<moothecow> _ruben: freenas is freebsd :)
<moothecow> unfortunately oracle closed zfs before implementing encryption, it's the only feature I miss that's been released since then. Never got why they didn't port it, btrfs is nowhere near zfs capabilities
<moothecow> usually resort to freenas for zfs tho'
<_ruben> moothecow: yeah, didnt mean the freenas project specifically, but more like a global name for all those storage appliances out there
<moothecow> I saw a product named comstar or something like that once, I suspect they use it too. It creates virtual tape drives over iscsi. You inject 'tapes' into it (just image files from that I can tell) and you can actually just write those image files to tape again. Never quite got why people want backup2disk like that (with virtual tape emulation et all) but the idea was nice
<_ruben> isn't comstar solaris' iscsi stack?
<moothecow> eh my brain needs to wake up ... perhaps they share names
<RoyK> _ruben: iscsi target, not initiator (afaik)
<_ruben> COMSTAR â an enterprise SCSI target system supporting iSCSI/iSER/FC/FCOE
<_ruben> as listed on openindiana site
<RoyK> yes... target
<_ruben> i'd look into openindiana for a our storage clusters, if only i could be arsed to learn a new os :P
<RoyK> _ruben: but iircÂ COMSTAR isn't in use for s10, and maybe not for s11
<_ruben> RoyK: woulnd't know, never used any of it ;)
<RoyK> seems comstar is there in s11 http://docs.oracle.com/cd/E23824_01/html/E24456/storage-7.html
<moothecow> Hmm that much different from opensolaris?
<moothecow> illumos is a fork of opensolaris by nexentastor iirc
<_ruben> nexentastor has been on my radar as well
<RoyK> moothecow: not really, nexenta is part of the illumos project, but they never started it
<RoyK> moothecow: it all started with a fork from opensolaris to openindiana, then illumos was separated to take care of OS/Net (kernel + vital userspace stuff)
<RoyK> moothecow: now openindiana is lacking developers to continue support of the rather large amount of packages available, and SmartOS or OmniOS may be better choices for future installations
<RoyK> (according to Alasdair Lunden, the original OI founder)
<efpe> hi
<moothecow> RoyK: thx for the info :)
<moothecow> still hoping oracle will release ZFS... but I'm not going to hold my breath on it :D. It would immediately fulfill their desire for an enterprise FS on linux tho'
<efpe> i have a problem with booting a half-hardy/half-karmic system
<moothecow> efpe: err half?
<efpe> it there a change somebody can help me?
<efpe> moothecow: yes :/
<efpe> our old sysops made this :P
<moothecow> do-release-upgrade f* up?
<efpe> http://www.efpe.hu/ubi/
<efpe> moothecow: that will be the next step.. but i have to boot the system :P
<efpe> mountall hangs after "fhs mounted"
<moothecow> can't do much with the screenshot, see processes exiting but the reason why is probably ^
<efpe> i can get a shell with sulogin (or init=/bin/bash) and i'm able to remount the filesystem with rw
<efpe> when i run mountall (without initctl), it returns with 0
<moothecow> did it used to boot fine?
<moothecow> I'm a lazy bofh... I'd just boot with a livecd, chroot into the install and have it do do-release-upgrade :P
<moothecow> might want to backup the import stuff first
<efpe> great question.. this server had 5-600 days uptime
<efpe> moothecow: yep, this will be the next step but i thought somebody maybe can help...
<efpe> i'm not an expert of the event based booting..
<efpe> the interesting part is that the init is able to mount the swraid
<efpe> as you can see here: http://www.efpe.hu/ubi/boot/
<moothecow> efpe: yea found those... the 'mountall goal changed from start to stop' looks interesting too
<moothecow> searching that line gives a couple of launchpad links, you might want to delve into those
<efpe> oh, okay, thanks :)
<efpe> i found interesting the "mountall state change from post-stop to waiting"
<moothecow> efpe: http://wiki.prgmr.com/mediawiki/index.php/Upstart_troubleshooting
<moothecow> he added --verbose in grub, mount process dies there too because of missing locale
<efpe> hmm, the screenshots contains the --verbose and --debug options too :P
<efpe> but this link looks like interesting
<moothecow> yea but your mount process unfortunately doesn't say why it dies (it even says exited *normally* :D)
<efpe> yep that's the interesting part...
<efpe> btw my locale looks okay :(
<moothecow> i'd still just upgrade it :P
<moothecow> running half/half might be the issue
<efpe> yes :(
<efpe> but i'm afraid i have to find a solution :(
<moothecow> some old version of a process might just return something a new version of a script doesn't expect or something like that
<efpe> this a the nfsroot/tftpd/etc server in our network
<efpe> and it has a second node which runs for now..
<efpe> i'm afraid when the upgrade will be done, something will go wrong
<efpe> moothecow: i think you are right :(
<moothecow> maybe but it's easy to backup linux machines :)
<moothecow> and it's probably better troubleshooting an issue that needs to be handled than one that might just magically disappear with an upgrade
<efpe> moothecow: :D
<efpe> hmm
<efpe> http://www.efpe.hu/ubi/waiting.png
<efpe> another interesting thing...
<moothecow> isn't /tmp in tmpfs?
<Daviey> jamespage: Which packages are you thinking of?
<jamespage> Daviey, restlet and simple-http
<Daviey> jamespage: I'm gonna reject them.
<jamespage> Daviey, thanks :-)
<jamespage> Daviey, they are deps for the floodlight openflow controller work
<Daviey> jamespage: ok
<efpe> moothecow: there's no /tmp in /etc/fstab
<moothecow> hmm one wonders why it wants to mount it then, but not familiar enough with ubuntu's init scripts
<efpe> me neither :(
<efpe> another thing is i can get a console with sulogin
<efpe> mount says it's readwrite, but it's readonly
<efpe> moothecow: is it possible to use standard booting mechanism like sysv?
<moothecow> I dunno, I just run ubuntu on some servers. In theory you can make it run sysv obviously, question is if ubuntu has support for it or if it means you'll have to write the entire init scripts yourself (and more importantly, maintain them)
<efpe> moothecow: you're right
<moothecow> kinda like you can run half/half in theory too, but nobody is going to support it ;)
<efpe> :D:D
<Daviey> jamespage: is restlet really released under all of these, Apache-2.0 or CDDL or EPL-1.0 or LGPL-2 or LGPL-2.1 ?
<moothecow> is the machine complex? You could just exclude your nfs export dirs from backup and thus backup the import dirs like /etc, /lib, /usr, /opt, /var, etc., boot livecd, chroot into the system (make sure proc, sys, etc. are mount -o bind to chroot) and try upgrading, if it doesn't work boot live cd again, wipe the dirs and restore them from tar
<Daviey> jamespage: wow, http://www.restlet.org/about/legal
<jamespage> Daviey, apparently so - and the headers are all in place on every file to sate so
<jamespage> Daviey, yeah - I was surprised as well
<jamespage> Daviey, the most awkward thing about restlet is how I have to generate the orig.tar.gz
<Daviey> jamespage: You've left debian/maven.* boilterplate there.. that is convention for maven packages, right?
<jamespage> Daviey, yeah
<jamespage> it appears to be
<Daviey> jamespage: yeah, i was just grokking the get-orig script :)
<jamespage> the maven-debian-helper gets confused otherwise
<efpe> moothecow: i forgot to mention we use drbd :)
<jamespage> Daviey, its still built from official source artifacts - just ones pulled and verified from the central maven-repo
<efpe> and the other node is half/half :D
<moothecow> is there anything important on the machine that isn't on the other node? You might just try reinstalling it, get it connected with drdb etc and make it master then do the same with the other node :)
<Daviey> jamespage: Yeah, looks good.. I was suprised to see the ^M carriage returns.. :)
<jamespage> Daviey, thanks v much
<jamespage> Daviey, lol
<jamespage> I love working with Java ;-)
<efpe> moothecow: yeah, i should do that
<moothecow> I take it you mean the coffee variant of it :P
<efpe> :D
<ivoks> zul: around?
<Daviey> ivoks: zul won't be around for a bit.. can anyone else help?
<ivoks> Daviey: i was wondering if anyone had success with openstack on arm
<Daviey> ivoks: YES
<Daviey> ivoks: zul has a patch for libvirt on highbank.
<ivoks> Daviey: hm... i have problems before libvirt kicks in
<ivoks> Daviey: i'll talk to him once he's online
<Daviey> k
<Daviey> ivoks: it's probably debian bug 670680 ?
<uvirtbot> Debian bug 670680 in src:python-greenlet "armhf sigsegv's on task switch" [Important,Open] http://bugs.debian.org/670680
<ivoks> Daviey: no, issues are with preparing the disk image for the instance
<ivoks> Daviey: nbd never gets properly created
<ivoks> Daviey: i'm interested to see if he had some hacks in that area before i dig into the code
<ivoks> Daviey: for some reason, nova keeps trying mounting whole disk, instead of partition
<Daviey> hum, interesting
<zul> ivoks:  whats up?
<ivoks> zul: i was wondering if you had problems with starting instacnces on openstack on arm
<ivoks> zul: in my case, when nova starts preparing the instance image, it fails with error 32 when mounting nbd15 as rootfs
<zul> ivoks: i did...i was able to get as far as starting instances but i had veth problems that need to be fixed on both x86/arm first
<ivoks> zul: but the problem happens much sooner
<zul> on quantal?
<ivoks> precise
<zul> oh....i was working on quantal
<ivoks> hm... with newer openstack, right
<zul> right
<ivoks> hmph hmph...
<zul> you need a fix for libvirt and greenlet and euca2ools
<ivoks> i don't get to see libvirt at all :)
<ivoks> and greenlet i have fixed
<ivoks> so... this is the failure
<ivoks> nova-rootwrap mount /dev/nbd14 /var/lib/nova/instances/instance-00000009//rootfs
<ivoks> that fails
<ivoks> but... i can see problems popping much sooner than that stage
<zul> hmmmmm...
<zul> have you tried using libguestfs instead?
<ivoks> nope
<ivoks> i mean
<ivoks> even this fails:
<ivoks> resize2fs /var/lib/nova/instances/_base/867af04238fd6763792861f54013e3a41c95d6a1_2
<ivoks> but this is where it starts:
<ivoks> qemu-img resize /var/lib/nova/instances/_base/867af04238fd6763792861f54013e3a41c95d6a1_2 214748364
<ivoks> 8
<ivoks> thank you c/p
<ivoks> qemu-img resize /var/lib/nova/instances/_base/867af04238fd6763792861f54013e3a41c95d6a1_2 2147483648
<ivoks> this fails with exit code 8
<ivoks> cause that over there is not partition, but a disk
<ivoks> ok, if you haven't have this problem, i'll dig into the code to see what's going on
<ivoks> what's the libvirt fix you are talking about?
<ivoks> cause, it looks like libvirt creates the image
<ivoks> lunch time... i'll be back in 30 minutes
<RoyK> moothecow: ZFS is released under CDDL, regardless of what Oracle is doing, but that doesn't help Linux users, since CDDL and GPL aren't compatible
<ScottK> RoyK: Unless you can afford lawyers like Google, I don't think it's safe to think a Free license is going to be enough you don't have to worry about what Oracle does.
<RoyK> ScottK: I don't think it's healtyh to have that amounts of paranoia - there are thousands of installations around with Illumos-based OSes, some, like NexentaStor, with commercial support
<ScottK> Given what just happened with Java, I think it's reasonable concern for foreseeable risk.  Not everyone will agree, of couse.
<ScottK> ... course.
<RoyK> if Oracle wanted to sue the storage people using CDDLed ZFS, they would have done it a long time ago
<RoyK> what java thing? there have been several
<ScottK> Up until not so long ago you might have made the same statement about Java.
<ScottK> The lawsuit that they filed and totally just lost against Google.
<RoyK> where Google had used code from Java in Android?
<RoyK> and thereby broken the license?
<ScottK> http://www.groklaw.net/staticpages/index.php?page=OracleGoogle
<ScottK> That case, but the one where they hadn't broken any license.
<moothecow> RoyK: no it isn't, it's closed since version 29
<ScottK> Or to the extent code was found it was totally deminimus and clearly not intentional.
<RoyK> moothecow: Oracle's ZFS is closed, yes, but Illumos' ZFS has the same stuff, minus encryption
<ScottK> The bigger concern is that Oracle discovered the novel theory that APIs are copyrightable.
<moothecow> RoyK: yes, that's because it stuck at version 28, just like the bsd, zfsonlinux and other implementations
<ScottK> Fortunately the judge said they were wrong.
<RoyK> moothecow: and it will be stuck at version 28, because illumos has moved away from that versioning scheme, for very good reasons
<ScottK> But it's evidence that just because nothing you know about the law right now makes you think you're at risk, there's no guarantees Oracle won't come up with some new craziness.
<moothecow> RoyK: then they better ditch the name ZFS too ;)
<RoyK> ScottK: oh - that's pretty bad...
<RoyK> moothecow: not really, it was released under CDDL under that name
<ScottK> Yeah.
<RoyK> why are you guys so paranoid? it won't make much difference if they call it IlluFS, it's the same thing
<moothecow> RoyK: yes, but once implementations start to differ, bad things will happen and so they can no longer use ZFS as the name (in my humble opinion - and Oracle will probably force them at that point)
<ScottK> Asking for renaming is not unreasonable.
<RoyK> I can't find that article, but the new versioning scheme will be tag based, allowing different implementations, potensially with different features, to co-exist
<RoyK> anyway - asking me to rename Illumos ZFS in #ubuntu-server won't help much ;)
<moothecow> RoyK: great - and who decided that? They have *NO* rights on ZFS whatsoever. - I'm not asking you to do anything ;) just stating that if they change / add features it's not ZFS anymore, Oracle dictates that featureset, as well as the implemenation specifics etc. I'm also not saying anything is wrong with that.
<RoyK> moothecow: have you read CDDL?
<ScottK> But as RoyK suggests, this isn't the place it'll get sorted out.
<xnox> well ZFS is proprietary now. The last revision under SUN was under CDDL, the later rivisions which add e.g. encryption and other bits have not been released
<xnox> so e.g. FreeBSD implementation is stuck at the obsoleting ZFS revision....
<RoyK> xnox: that only depends on how you see it. the illumos zfs implementation has replaced versioning with feature tags or something, and those changes are likely to be ported to fbsd
<RoyK> but then, if you start out with Oracle ZFS being the only true implementation, then of course, illumos' ZFS implementation will be "obsolete", but then, that's only if trying to move a dataset from Oracle Solaris 11 or later
<RoyK> meaning move the physical disks around, or try to install illumos on a previous s11 system
<xnox> true.
<xnox> TBH the future looks glum: both ZFS author and Btrfs authors left Oracle.
<xnox> so... I wonder if they have FS devs left working on these or not.
<uvirtbot> New bug: #960350 in keystone (main) "Cleanup Keystone package descriptions" [Undecided,New] https://launchpad.net/bugs/960350
<hallyn> stgraber: notice you marked the api as done.  what did you still need from me to code for it?  do you plan to stick it into the package soon-ish, or wait for more upstream confirmation?
<hallyn> for that matter i suppose i can toss it into my github tree to 'formally' ask for review from dlezcano :)
<stgraber> hallyn: yeah, I marked it as done as it looked liked most of the hard work was done, now it's really just catching up with the C library whenever new features are added, but that's quite easy to do on my side
<hallyn> stgraber: (doing +1 maint at least through next week, so not much time) can you send an email reminding me what you need me to code?
<stgraber> hallyn: as I mentioned on Friday, there are quite a few functions that I'll need for some tools using the API, so there's still quite a bit of work to do on the C side of the API
<stgraber> hallyn: ok, I'll send you an e-mail
<hallyn> stgraber: thanks
<stgraber> hallyn: also, do you have any opinion on allowing shmmin/shmax (or whatever they're spelled these days)
<stgraber> hallyn: I've noticed quite a few people hitting that problem on the lxc mailing-lists (trying to raise the limit and failing because of apparmor)
<hallyn> stgraber: what do we need to do to help those people?
<hallyn> do they need a new policy?
<hallyn> we can try adding a 'lxc.ipc.shmin' config option
<stgraber> hallyn: I think just allowing write access in apparmor, if these are indeed safe
<hallyn> stgraber: <shrug>  that's more susceptible to DOS of course
<hallyn> the lxc.conf file is owned by host owner, whereas if we allow the container to write to the sysctl files, we're trusting the container owner
<hallyn> but oh well, priorities :)
<hallyn> stgraber: so we should start considering how to ship helpful bits of policy
<hallyn> stgraber: i wonder if we can use various abstractions/lxc/* bits that can be combined in per-container policies
<hallyn> /etc/apparmor.d/abstractions/lxc/{nested,ipcshm,...}
<stgraber> hallyn: what would be the risk of DOS here? As I understand it /proc/sys/kernel/shm* are tied to the IPC namespace so changing these values shouldn't affect anything outside the container
<hallyn> stgraber: well they can set shmmax to host-max and fill it up...
<hallyn> that's just tied to a tmpfs mounted on /dev/shm right?
<hallyn> so worst case they can fill up a tmpfs, but that *can* affect the host
<stgraber> hallyn: right, but they can already fill the tmpfs at the moment, so I don't see how that's making things any worse
<zul> stgraber/hallyn: is there examples of how to use the api stuff?
<stgraber> zul: There are a bunch of binaries to show how the C api works and an example python script in python3-lxc
<hallyn> stgraber: agreed, def not worth the time to code a new config at the moment.  what do you think about /etc/apaprmor.d/abstractions/lxc/ pre-filled with some useful policy bits?
<hallyn> zul:  download stgraber's source tree or packages from ppa
<hallyn> examples
<stgraber> hallyn: that's pretty much what we have already no?
<stgraber> stgraber@castiana:~$ ls /etc/apparmor.d/abstractions/lxc*
<stgraber> /etc/apparmor.d/abstractions/lxc-container-default
<stgraber> /etc/apparmor.d/abstractions/lxc-start-container
<stgraber> hallyn: though for shm I'd just allow it for everyone as it's not making things any worse. The real problem here is tmpfs.
<zul> stgraber:  is the source available somewhere?
<hallyn> stgraber: i think we should not pollute /etc/apparmor.d/abstractions as much,
<hallyn> stgraber: and document :)  but that's for later.  do you want to queue up the policy change when you get a chance, or should i?
<stgraber> zul: ppa:stgraber/experimental the branch is lp:~ubuntu-lxc/ubuntu/quantal/lxc-api-and-python (tends to be rebased fairly often, so --overwrite is usually required)
<stgraber> hallyn: I'll prepare the policy change and move things under abstractions/lxc/, I'll also add the policy change to the next SRU and get that uploaded (6 changes are way enough for one SRU)
<hallyn> stgraber: :)
<RoyK> xnox: there was only one btrfs guy in Oracle, Chris Mason, and he has said he'll keep up his work with btrfs http://www.muktware.com/3678/btrfs-creator-chris-mason-leaves-oracle
<xnox> or he will disappear with internal work in the new workplace due to copyright assignment.
<hallyn> dude.  i hadn't heard he was leaving
<hallyn> or, i guess, had left :)
<RoyK> xnox: he'll be working with storage in his new job as well, and according to the people in #btrfs, there doesn't seem to have been much change
<RoyK> xnox: there are other developers too, you know ;)
<melodie_> hi
<RoyK> ho
<melodie_> I am not sure wether here is relevant for this question : there is a package "chkconfig" in Precise, it is obsoleted by the use of Upstart Jobs. what to do ?
<patdk-wk> not so much as obsoleted, as it was never recommended
<patdk-wk> it is just there to let rhel/centos people have an easier time
<ScottK> patdk-wk: It actively doesn't work now though.
<patdk-wk> oh? heh :)
<melodie_> this version has nothing to do with the one provide by rhel or fedora and it has a bug
<ScottK> But there are a number of packages that do something useful in Debian, but not Ubuntu and generally we just ignore them.
<melodie_> patdk-wk, it asks for /sbin/insserv which is not there but in the /lib tree directory
<ScottK> Trying to maintain a large blacklist of such packages isn't a cost effective use of engineer's time.
<melodie_> ScottK, why not clean out the repos from unsuseful packages to make it easier to find the ones that are useful ?
<ScottK> melodie_: Don't bother trying to figure out how to fix it.  It won't work.
<patdk-wk> ya, sounds like it's limited to init.d, not upstart
<ScottK> Precisely.
<melodie_> ScottK, sure, I have tried : I created a symlink to see what and the shell insulted me verbosely telling me that it was the Upstart Job work
<ScottK> melodie_: Historically sync blacklist maintenance has been a lot of work.
<ScottK> Some recent changes might have made it more scalable.
<ScottK> Let me ask about it.
<melodie_> yes, for sure !
<melodie_> I would be very happy to bring a contribution even small by pointing to such details
<ScottK> I've asked for advice on the matter.
<melodie_> ScottK, thanks, I'll stay connected here for a moment, incase you get an answer before this evening
<ScottK> melodie_: I'll remove it for the next release (quantal).  After an Ubuntu release packages are never removed (except for legal reasons and I only rember that happening once).
<melodie_> ScottK, that is very good ! Is there a place where it is especially relevant to go, in order to point to such obsolete packages that could be removed for a next release of the distro ?
<ScottK> File a bug against the package and subscribe the ubuntu-archive team to the bug.
<melodie_> ScottK, ok, I look
<ScottK> melodie_: Have a look at the top entry in https://launchpad.net/ubuntu/+source/chkconfig/+publishinghistory
<FunnyLookinHat> Is anyone aware of plans to get php5.4 into 12.04 - or will it wait for 12.10 ?
<melodie_> ScottK, thanks for the pointer
<melodie_> the link...
<ScottK> You're welcome.
<ScottK> FunnyLookinHat: 12.10.
<stgraber> jjohansen: ping
<jjohansen> stgraber: hey
<stgraber> jjohansen: hey there, so I'm looking at blocking access to /proc/sys/kernel/* except for shm*. I tried "deny @{PROC}/sys/kernel/[^shm]* wklx," but that doesn't seem to work :) what am I missing?
<stgraber> where "not working" shows up as everything being writable
<jjohansen> stgraber: hrmm, that should block several things
<melodie_> ScottK, ok got it, so I think I don't need to file a bug report ?
<ScottK> melodie_: Not for this one.
<stgraber> jjohansen: our previous rule was "deny @{PROC}/sys/kernel/** wklx," which works great, except that it doesn't allow shm* and that's causing problems to some users
<jjohansen> stgraber: you are looking more for @{PROC}/sys/kernel/[^s][^h][^m]* wklx,
<stgraber> jjohansen: gah, indeed I am... :)
<melodie_> ScottK, all right ! you are a very efficient server manager ! thanks
<stgraber> jjohansen: and my test file started with "m", explaining why it was allowed :)
<melodie_> going now
<ScottK> Imagine how efficient I would be if I was getting paid to do this. ;-)
<melodie_> bye
<melodie_> ScottK, same here
<jjohansen> stgraber: lmk if that doesn't work and I'll dig into the compiled expression
<melodie_> I have done remasters for pclinuxos for 3 years, now they have gone mad I'll continue with Ubuntu
<melodie_> :D
<melodie_> ++
<melodie_> :)
<stgraber> jjohansen: looks like it's working. I ended up going with:
<stgraber>   deny @{PROC}/sys/kernel/[^s][^h][^m]* wklx,
<stgraber>   deny @{PROC}/sys/kernel/*/** wklx,
<stgraber> jjohansen: as for some reason "deny @{PROC}/sys/kernel/[^s][^h][^m]**" doesn't work and neither would "deny @{PROC}/sys/kernel/[^s][^h][^m]*/**"
<jjohansen> stgraber: hrmm, I'll look into that, can you paste me the whole policy so I can be sure I don't have any differences to what you are trying
<stgraber> jjohansen: http://paste.ubuntu.com/1076605/
<jjohansen> stgraber: okay, thanks
<jjohansen> stgraber: oh can you also pastebin me the test paths that where failing
<stgraber> jjohansen: I tested with /proc/sys/kernel/shmmax (should be writable), /proc/sys/kernel/modprobe (shouldn't be writable) and /proc//sys/kernel/yama/ptrace_scope (shouldn't be writable)
<jjohansen> stgraber: thanks
<kees> stgraber: are you running that container without cap_sys_admin?
<stgraber> kees: nope, the container has cap_sys_admin
<stgraber> hallyn: tested the apparmor changes, everything looks good so uploading these to quantal, will then rebase lxc-api-and-python on that and will prepare the SRU
<stgraber> hallyn: changes that will make it to that SRU: http://paste.ubuntu.com/1076669/
<hallyn> SpamapS: the proposed SRu fix for bug 989354 was incomplete.  To push the complete fix, I assume I need to use a new version # on top of the previous?
<uvirtbot> Launchpad bug 989354 in cgroup-lite "cgroup-lite and separated /usr " [Critical,Confirmed] https://launchpad.net/bugs/989354
<hallyn> stgraber: hm.  the dhclient one - that will continue to actually send its hostname then?
<hallyn> ok yeah that sounds good
<hallyn> (want to make sure that 'ssh containername.' will continue to work)
<stgraber> hallyn: yeah
<hallyn> stgraber: list looks good.  odd that the LP#s are XX'd out
<stgraber> hallyn: these are place holders, I need to file these bugs :)
<stgraber> for the dhclient stuff, lxc-ubuntu didn't have the mangling of dhclient.conf and AFAIK it works fine, it's only lxc-clone that was doing that sed call
<hallyn> oh, right, makes sense
<BinaryMaster> Question: I am following the instructions on http://doc.ubuntu.com/ubuntu/serverguide/C/openldap-server.html  to install openLdap however /etc/ldap/schema is empty
<BinaryMaster> any way to get a copy of the ldif files that should be there?
<hallyn> SpamapS: I've uploaded a new (complete) fix to precise-proposed for bug 989354, fwiw
<uvirtbot> Launchpad bug 989354 in cgroup-lite "cgroup-lite and separated /usr " [Undecided,Fix committed] https://launchpad.net/bugs/989354
<BinaryMaster> ldapadd: invalid format (line 12) entry: "olcDatabase=hdb,cn=config" anyone know what this error means?
<SpamapS> hallyn: I won't likely look at SRU's until next Wednesday
<hallyn> SpamapS: ok
<uvirtbot> New bug: #1021411 in lxc (universe) "LXC should allow writting to /proc/sys/kernel/shm* as they are covered by the IPC namespace" [Wishlist,In progress] https://launchpad.net/bugs/1021411
<uvirtbot> New bug: #1021416 in lxc (universe) "lxc-clone shouldn't be messing with dhclient.conf, causes conffile upgrade prompts on quantal" [Medium,In progress] https://launchpad.net/bugs/1021416
<uvirtbot> New bug: #1021418 in orchestra (main) "Replace python-software-properties Depends with 'software-properties-common'" [Undecided,Won't fix] https://launchpad.net/bugs/1021418
<uvirtbot> New bug: #1021421 in lxc (universe) "Allow fstype=fuse.*, for all containers" [Wishlist,In progress] https://launchpad.net/bugs/1021421
<koolhead17> hello all
<stgraber> hallyn: debdiff for lxc sru: http://paste.ubuntu.com/1076870/
<uvirtbot> New bug: #1021428 in lxc (universe) "dh_apparmor runs against all binary packages, adding useless entries to lxc-dev's postinst/postrm" [Low,In progress] https://launchpad.net/bugs/1021428
<uvirtbot> New bug: #1021429 in lxc (universe) "lxc-list should show frozen containers" [Medium,In progress] https://launchpad.net/bugs/1021429
<stgraber> hallyn: uploaded
<hallyn> stgraber: (hm, jjohansen isn't on, was trying to ping him as well)  i don't like the way we're having to do blacklists
<hallyn> the @PROC/sys/ctl/[^s}[^h][^m] type stuff
<hallyn> since jjohansen was asking for policy language improvements, here's something that coudl be made much better
<stgraber> hallyn: oh yeah, that'd help a lot. Whitelisting single files is really a pain at the moment
<Daviey> hallyn: If i wanted to create a tarball image for lxc usage, and inject it into lxc.. What would i do?
<hallyn> Daviey: well you can just cp it to /var/lib/lxc/<container>/rootfs which is what i usually do
<hallyn> Daviey: utlemming can probably tell you how to use cloud-init-files for it, using the lxc-ubuntu-cloud ubuntu template
<hallyn> is this for use from juju, or something else?
<hallyn> see lxc-create -t ubuntu -h
<hallyn> sorry
<hallyn> lxc-create -t ubuntu-cloud -h
<hallyn> hm
<utlemming> ubuntu-cloud lxc allows for user data...so concievably you could wget it via userdata
<hallyn> yeah, i thought there was an option to pass in user-data (not script), but there's not
<utlemming> it would be a pretty easy patch to allow for tarball injection
<hallyn> so, what utlemming said
<Daviey> So why do we have ubuntu and ubuntu-cloud?
<hallyn> Daviey: is wget from user-data script feasible for you?
<Daviey> shouldn't ubuntu-cloud become ubuntu?
<Daviey> hallyn: what for?
<hallyn> Daviey: what for what?  you said you wanted to pass a tarball image into lxc.
<hallyn> Daviey: so is creating a lxc-ubuntu-cloud container, passing in a user-data script, and wgetting your tarball from that script, sufficient for what you need?
<hallyn> Daviey: i'm mostly ok with ubuntu-cloud becoming ubuntu, although ubuntu still has a few extra features (I think), and I sort of prefer to depend on debootstrap existing, than on the cloud images always being published.
<hallyn> always being published in a way i can reliably consume
<Daviey> hmm, interesting
<hallyn> plus, i like the fact that i can debootstrap from apt-cacher-ng mirror, which has gotten populated just by apt-get dist-upgrade on the host, as opposed to a completely separate d/l of 200M
<hallyn> still, you may be right
<stgraber> FWIW I clearly prefer lxc-ubuntu to lxc-ubuntu-cloud, having a local mirror I can usually build a new template in a matter of seconds and without relying on Canonical's network working properly
<hallyn> jjohansen: we were just talking about you.
<jjohansen> hallyn: hrmmm, sorry I missed it, my vpn had some issues
<hallyn> jjohansen: if you take a quick look at for instance /etc/apparmor.d/lxc/lxc-default at bottom,
<jjohansen> hallyn: in quantal?
<hallyn> jjohansen: and in http://paste.ubuntu.com/1076870/ stgraber had to add another deny entry "
<hallyn> +  deny @{PROC}/sys/kernel/[^s][^h][^m]* wklx,
<hallyn> jjohansen: or precise i think
<hallyn> jjohansen: the point is that trying to whitelist a few files is cumbersome and almost guaranteed to have errors over time
<hallyn> jjohansen: if there was a way we could have a userspace parser generate stuff liek that for us,
<hallyn> so we could say "deny everything under /proc/sys/kernel except /shm"
<jjohansen> hallyn: yes, its a big problem currently. There are some extension to make expressing things like that much easier on the roadmap but I doubt I will get to them this cycle
<BinaryMaster> trying to compile from source and getting this error on ./configure configure: error: Unable to locate cc(1) or suitable replacement.  Check PATH or set CC.
<jjohansen> hallyn: I can poke and see about rearranging some priorities
<hallyn> jjohansen: ok, i only mentioned it bc you had recently asked if there were any policy language improvements we could think of :)
<hallyn> jjohansen: thanks, i think it's in important one
<jjohansen> hallyn: yep, thanks keep them coming
<sbeattie> Daviey: is your team planning a quantal nova upload anytime soon?
<adam_g> sbeattie: zul and i were just discussing. upstream has introduced (last week) a new build-depends that is going to need to go through MIR :|
<zul> sbeattie: yeah i plan one tomorrow
<zul> adam_g: i plan to revert the setuptools-git  for tomorrow and then plan to re-add it after the upload
<sbeattie> zul, adam_g: okay, cool. I'm looking to get CVE-2012-3360 and 3361 (aka bug 1015531) taken care of in quantal.
<uvirtbot> Launchpad bug 1015531 in nova/essex "Remote arbitrary file corruption / creation flaw via injected files" [Critical,In progress] https://launchpad.net/bugs/1015531
<uvirtbot> sbeattie: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3360)
<zul> sbeattie: it should aleady be in trunk right?
<Daviey> sbeattie: no, not short term
<BinaryMaster> has anyone here successfully installed openLdap on Ubuntu Server 12.04 ?
<koolhead17> !openldap
<koolhead17> !ldap
<sbeattie> zul: yes, should be in trunk.
<ubottu> LDAP is the Lightweight Directory Access Protocol. For more information, installation instructions and getting clients to authenticate via LDAP see https://help.ubuntu.com/community/OpenLDAPServer
<zul> sbeattie: should be in upload for tomorrow then
<sbeattie> zul: awesome, thanks.
<Daviey> zul: Folsom-2 on target for tomorrow?
<koolhead17> BinaryMaster, check the server guide i installed it at one go with previous release
<zul> Daviey: we should be ready
<adam_g> zul: how are we going to deal with setuptools-git ?
<zul> Daviey: its been released already
<Daviey> sbeattie: Bah, sorry.. i missparsed your question..
<BinaryMaster> yeah the new version is driving me nuts
<Daviey> zul:  did you re-upload setuptools-git?
<BinaryMaster> it uses rtc configuration
<zul> adam_g: well either fix the debian/copyright and get it uploaded today and a rush MIR or back it out
<zul> Daviey:  about to
<Daviey> zul: If you upload it shortly, i'll review it.. and see if we can get speedy MIR'ing.. If not, back out the changeset.
<zul> Daviey: ack
 * koolhead17 pokes adam_g & zul
<zul> Daviey: ok setuptools-git uploaded with fixed debian/copyright
<Daviey> ta
<RichardRaseley> So, I am interested in setting up an OpenStack environment using JuJu and MaaS (as outlined here https://help.ubuntu.com/community/UbuntuCloudInfrastructure), but I only have 5 nodes to work with. Is it possible for me to co-locate some of the services but still use juju to do the deployment? Like if I wanted 1x for mass / juju 1x mysql, rabbitmq, keystone, horizon, and 3x nova nodes...
<koolhead17> RichardRaseley, every service will run on separate instance/node
<RichardRaseley> koolhead17: That is too bad that juju is limited in that way - looks like I will have to do it manually.
<RichardRaseley> Thanks.
<blackhand0321> its not so hard if you are using vm's
<koolhead17> RichardRaseley, its not bad, that is how its designed. juju works with service :)
<koolhead17> SpamapS, correct me if am wrong here siir.
<RichardRaseley> koolhead17: Well, it is bad in this situation because it can't do what I'd like it to do.
<Daviey> zul: did it have a watch file last time?
<zul> Daviey: nope
<Daviey> zul: ga dammit.. can you add a watch and get-orig-source please?
<zul> Daviey: *sigh* sure
<koolhead17> RichardRaseley, try with one less nova compute, it will still work
<blackhand0321> he left..
<koolhead17> blackhand0321, :(
<SpamapS> darn he left too fast
<SpamapS> koolhead17: there is a way to do it w/ less than 10 nodes
<blackhand0321> I had a dev platform setup this morning running with 3 nodes
<koolhead17> SpamapS, is there a blog/doc for that way around? It be cool
<koolhead17> blackhand0321, you used Juju?
<blackhand0321> yes
<SpamapS> no
<SpamapS> koolhead17: its a huge hack
<koolhead17> SpamapS, oooh
<koolhead17> blackhand0321, i have single machine setup without juju though
<blackhand0321> https://wiki.ubuntu.com/SecurityTeam/TestingMAAS
<koolhead17> SpamapS, we have so many docs available so many places :)
<SpamapS> koolhead17: yes, this is not something we want to document.. we need to fix it
<blackhand0321> I agree with the fix logic but just was noting it was possible
<koolhead17> SpamapS, so we can run more than one service on a single VM
<SpamapS> koolhead17: well for VMs I suggest sizing them properly for one service. But for real machines, yes.
<Daviey> zul: can be added later, but is there a reason not to have a py3 package?
<zul> Daviey: i didnt think of it
<koolhead17> SpamapS, okey
<zul> Daviey:  ok uploaded
<hallyn> stgraber: did you see the email to lxc-devel with subject "set shmmax for container in lxc-execute"
<stgraber> hallyn: yeah, I guess I should reply that it's going to be fixed by an SRU :)
<hallyn> stgraber: cool thanks :)
<Daviey> roaksoax: Can you triage bug 1021488 please?
<uvirtbot> Launchpad bug 1021488 in orchestra-modules "Please remove orchestra from Ubuntu" [Undecided,New] https://launchpad.net/bugs/1021488
<roaksoax> Daviey: done!
<roaksoax> Daviey: should I subscribe to archive admins?
<Daviey> roaksoax: sure
<Daviey> roaksoax: I'm about to do the AA bit, but i wanted a fellow developer to sign it off first.
<roaksoax> Daviey: ;)
<roaksoax> RIP Orchestra
<Daviey> roaksoax: and.. it's gone
<Daviey> roaksoax: feel a bit nostalgic
<Daviey> :)
<roaksoax> Daviey: hahaha nah.... I barely remembered it existed after so much work on maas
<roaksoax> s/Orchestra/MAAS in myt head
<roaksoax> lol
<Daviey> :)
<Daviey> roaksoax: I don't want to break the news to fwereade.
<roaksoax> Daviey: hehe!! I cna do it
<roaksoax> :)
<smw_> Hi guys. For some reason my server mounted the root as readonly on restart
<smw_> how can I get log data?
<genii-around> mount -o remount,rw /
<smw_> mount: cannot remount block device /dev/mapper/venice-root read-write, is write-protected
<smw_> anyone know why that error would occur?
<Patrickdk> sounds self explanitory to me
<Patrickdk> someone write-protected it :)
<smw_> Patrickdk, what does that mean?
<smw_> Is that a hardware (such as raid controller) limitation?
<smw_> write protected by what?
<Patrickdk> I don't know, I don't own your server
<smw_> any way to dig deeper? What are examples that would cause such an error?
<Patrickdk> clicking write protect on a floppy disk, using a cdrom, ...
<Patrickdk> if your using hardware raid, sounds like it's freaking out, so you should check it
<genii-around> Probably want to do a fsck then reboot
<fwereade> Daviey: heh, consider the news broken; and my phlegmatic and dignified aspect to be the envy of all
<Daviey> fwereade: Very noble!
<smw_> Patrickdk, that is my guess truthfully
<asby> smw_, for protection ext3 can mount itself read only to prevent data loss. Try a forced fsck and reboot.
<asby> If not helping check disk, raid, san, whatever you use to mount your root filesystem from.
<smw_> asby, I rebooted without fscking already
<smw_> need to wait about 40 min for it to come back up
<smw_> I will fsck it next chance I get
<smw_> thank god this is the dev/stage server...
<smw_> It is causing a great amount of annoyance... but not a catastrophe
<asby> Tell me about annoyance. I have a server, with a fresh (and updated) install of 12.04 and the system will only reboot when I use a power cycle. Anything else (shutdown -r now/shutdown -h + power on) ends in hanging after init-bottom script.
<smw_> asby, did fsck (damn that reboot was quick)
<smw_> /dev/mapper/venice-root: recovering journal
<smw_> fsck.ext4: Bad magic number in super-block while trying to re-open /dev/mapper/venice-root
<smw_> e2fsck: io manager magic bad!
<smw_> asby, and when I say I did an fsck... I really mean fsck looked at it and threw up its hands
<asby> problem with superblock or hardware related?
<smw_> asby, no idea
<smw_> this makes it look like the superblock
<asby> try a dumpe2fs /dev/mapper/venice-root | grep superblock
<asby> superblock is stored on multiple places in ext2/ext3. Don't know about ext4 though
<smw_> wonderful...
<smw_> fsck unmounted /
<smw_> no sudoers file... looking for the root password to see if / is remountable
<asby> You can try this procedure: http://www.cyberciti.biz/faq/recover-bad-superblock-from-corrupted-partition/
<smw_> asby, nice
<asby> Although it also could be hardware related. In that case I hope you have hardware support and a good backup/restore procedure ;)
<smw_> asby, I am newly in charge of making such things (worked here a month, this server has been running for years)
<smw_> time to call the isp and get the server rebooted
<asby> smw_, goodluck with it, it is bedtime here, so ttyl
<smw_> bye, thanks for your help
<smw_> what do people here use for monitoring?
<smw_> I like I am thinking of installing nagios
<qhartman> It looks like the apt repo for us-west-1 for ec2 is having issues. Is this just me or is there something legitimately amiss?
<qhartman> hm, seems to be fixed already. Was getting a 403 on one of the files that "apt-get update" was trying to pull.
#ubuntu-server 2012-07-06
<uvirtbot> New bug: #1021530 in openvswitch (universe) "update to include stable fixes for OVS 1.4" [Undecided,New] https://launchpad.net/bugs/1021530
<qman__> so, my server's still broken, and it looks pretty unsalvageable, so I was going to reinstall
<qman__> my current plan is to back up the drive and get a dpkg-get-selections, and use it to restore /etc and the installed packages
<qman__> anyone with experience have other suggestions?
<qman__> obviously I wouldn't just blanket restore /etc, I'd go app by app
<uvirtbot> New bug: #1021548 in nova (main) "nova-network does not contain a dependency on iptables" [Undecided,New] https://launchpad.net/bugs/1021548
<uvirtbot> New bug: #1021559 in bind9 (main) "bind9 upgrade failed." [Undecided,New] https://launchpad.net/bugs/1021559
<Fuginator> Would anyone have a moment to help me with a new MAAS installation and Openstack config?  I've been using the guide here: https://help.ubuntu.com/community/UbuntuCloudInfrastructure but have run into an issue.
<jamespage> Daviey, all thrift-y bits a pieces for floodlight now in the NEW queue
<jamespage> Fuginator, what issue are you hitting?
 * jamespage goes to fix openvswitch
<confusius> hi, is there anyway I can see with do-release-upgrade why it wants to install new packages like openal, webkit, gtk2-engines, etc. I seriously don't need that cruft on my server
<Daviey> jamespage: ok, will review shortly.. thanks :)
<uvirtbot> New bug: #1007273 in autofs5 (main) "autofs does not start automatically after reboot" [High,Incomplete] https://launchpad.net/bugs/1007273
<uvirtbot> New bug: #1006293 in exim4 (main) "exiqgrep fails to parse output of exim4 -bp if the mail message is less than 1k" [Undecided,Incomplete] https://launchpad.net/bugs/1006293
<uvirtbot> New bug: #1021630 in samba (main) "package smbclient 2:3.6.3-2ubuntu2 failed to install/upgrade: le sous-processus dpkg-deb --fsys-tarfile a retournÃ© une erreur de sortie d'Ã©tat 2" [Undecided,New] https://launchpad.net/bugs/1021630
<uvirtbot> New bug: #1021708 in keystone (main) "no CLI interface to find all of the tenants which a given user belongs to" [Undecided,New] https://launchpad.net/bugs/1021708
 * n3rdo hi all
<uvirtbot> New bug: #1021730 in bind9 (main) "package bind9 1:9.8.1.dfsg.P1-4ubuntu0.1 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1021730
<uvirtbot> New bug: #1021528 in python-setuptools-git (universe) "[MIR] python-setuptools-git" [Critical,Fix released] https://launchpad.net/bugs/1021528
<utlemming> FYI -- the Ubuntu Cloud Images are now being served by S3 for archive mirrors.
<uvirtbot> New bug: #1021768 in bacula (main) "debconf integration is broken" [Undecided,New] https://launchpad.net/bugs/1021768
<uvirtbot> New bug: #1021781 in mysql-5.5 (main) "package mysql-server-5.5 5.5.24-0ubuntu0.12.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 (dup-of: 1012058)" [Undecided,New] https://launchpad.net/bugs/1021781
<uvirtbot> New bug: #1021698 in samba (main) "package smbclient 2:3.6.3-2ubuntu2 failed to install/upgrade: le sous-processus dpkg-deb --fsys-tarfile a retournÃ© une erreur de sortie d'Ã©tat 2" [Undecided,New] https://launchpad.net/bugs/1021698
<smoser> xnox, s3 mirrors giving snapshot.debian.org like behavior is a great idea.
<smoser> utlemming, ^ it'd be great if you could at least sniff that. xnox if you had specific implementation thoughts, that'd be nice.
<xnox> smoser: no implimentation details. But I have one more feature request: can you please do $ juju deploy S3mirrors on all three regions in the HPCloud
<xnox> I have contacted them, they are 'escallating it'
<smoser> xnox, i bleieve there is some work being done on that, but i'll poke a bit
<xnox> but you can also contact jorge
<xnox> smoser: well currently we have setup "unofficial" apt-mirror based mirrors in the first region
<xnox> smoser: and those will probably go away after the free 3month period is over.
<xnox> smoser: cause it's setup by one of the devs who got sponsored to use HPCloud for free for three monts
<smoser> xnox, yeah, i saw that.
<smoser> xnox, when it was free i was running a public squid proxy for the same thing
<xnox> smoser: ideally we should partner with HPCloud people to have ~ official mirrors there same as in EC2
<xnox> is your S3 stuff using juju-deploy? =)
<xnox> cause I am sure there are plenty of clouds that need local mirrors ;-)
<utlemming> xnox: nope, its not using JuJu
<utlemming> xnox: its using Auto Scaling
<xnox> utlemming: is it OpenStack friendly?
<utlemming> xnox: the code is done with boto. I've seen some requests for me to use a more generic cloud api so that it would be OpenStack, et al, friendly, but no, its not
<utlemming> xnox: programming around S3 is, er, finicky
<utlemming> you have to assume that its A) going to fail, B) it going to fail even when it says it succeeded and C) its going to succeed even when it says it failed
<xnox> =))))
<utlemming> I have done some initial looking in switching the code over to libcloud, but I haven't had the time per se.
<xnox> https://www.hpcloud.com/products seems to have CDN, object, block storage, et al
<smoser> xnox, thinking about snapshots, i dont think we coould easily do this without magic (i believe) new feature from amazon
<smoser> if we had a magical feature from amazon that allowed you to do something like:
<smoser>  TIMESTAMP.bucketname.s3.amazonaws.com/ubuntu/
<smoser> and give you the content as of that TIMESTAMP for the versioned bucket
<smoser> (or put TIMESTAMP somewhere else in the url, but the dns portion is the only part that is clearly not part of the path to an object)
<utlemming> xnox, smoser: the feature is there, just that APT wouldn't understand it. The request looks like http://.../ubunut/precise-main/Packages.gz?Version=4 or something like that
<smoser> utlemming, right. but you'd have to collect the Version= for each given path
<utlemming> (don't take that as the gospel truth, I have to look at it to be sure)
<smoser> and that would have to be in Release
<smoser> and Release would then have to be re-signed.
<utlemming> which is why apt wouldn't understand it. But having a timestamp feature would be nice
<smoser> so, not really possible. you need a way to magically move all of /ubuntu to /TIMESTAMP/ubuntu
<smoser> or potentially, to specify TIMESTAMP in a header.
<xnox> well - on snapshot.debian.net they generate static versioned release files, but access generic buckets with debs
<wrapids> My server is suddenly not letting me log in via ssh. Just getting a permission denied error each time I attempt the pass, which is correct. Using my hosts ajax console I can login just fine with the credentials I'm providing.
<xnox> but utlemming: can't we just teach apt to support magic URLs and cloud version mirrors?
<xnox> =)
<utlemming> sounds like xnox has volunteered :)
<smoser> 2 ways to do this, i think
<xnox> utlemming: sounds like utlemming volunteered to write the spec of what/how apt should do requests.... since /me has no clue about clouds
<smoser> a.) ask amazon for some header that you can set, and have the version returned give the content as of that timestamp
<xnox> and APIs to clouds
<smoser>  then we'd have to make apt able to specify arbitrary headers (and you'd just specify 'Timestamp: ' in your apt config to get as of one timestamp... that seems a bit less than ideal)
<smoser> b.) have a re-director service that tracks versions of metadata and allows /TIMESTAMP/ and does the translation.
<smoser> utlemming, can you get the revision history of a bucket including timestamps of changes?
<smoser> if you could, then we wouldn't need to require additional code form the populating code, but could just read what was there
<utlemming> smoser: yes, if versioning is on. You can request the versioning information
<utlemming> smoser: but that's not public
<smoser> right.
<smoser> but thats ok.
<smoser> that service could have acl, but woudl mean your populating code didn't have to export that data.
<utlemming> for you redirector service then, it would also have to feed the files to the client too
<utlemming> unless it 302's all requests for anything not meta-data
<smoser> 302 would be right.
<smoser> as we'd never delete the data
<smoser> rbasak,
<smoser> the above is actually one benefit of the prposed "change the format of the release file to contain a hash in the path"
<smoser> (versus the /by-hash scheme we're proposing at https://wiki.ubuntu.com/AptByHash)
<smoser> the redirector service would'nt be that hard to do i dont think.
<smoser> xnox, thanks for making us think about this.
<rbasak> smoser, xnox: why not just use by-hash and keep multiple InRelease files around?
<utlemming> smoser: so reading between the lines...you could have a by-hash and a by-date?
<rbasak> Start off with a historical InRelease file and then hit the mirror exactly as usual with the by-hash scheme
<smoser> rbasak, because keepign multiple in-release files around doesn't work.
<smoser> because the path is in them
<rbasak> Path to what?
<smoser> ok. so http://us.archive.ubuntu.com/ubuntu/dists/precise/Release
<smoser> says "get main/binary-amd64/Packages" based on the path to Release.
<smoser> right?
<rbasak> Yes, but with the by hash scheme "main/binary-amd64/Packages" is just a key, not a path. The path is taken from the hash.
<smoser> wait. yeah, you're right.
<smoser> then if you add '?version=4' to "main/binary-amd64/Packages" and traverse that for all the relevant hashes,t hey're still present
<smoser> and you eseentially pin the date.
<smoser> yeah.
<smoser> that works too
<rbasak> You never need to add ?version=4 to anything except InRelease
<smoser> right.
<smoser> so the redirector service would then only have to redirect that one file
<rbasak> It'd be hard to do in client code, but I could write a http frontend that translated the entire S3 mirror dynamically to any date fairly easily
<rbasak> Yes exactly
<storrgie> is there a good article for how to connect an ubuntu server to an AP via wireless?
<rbasak> Then we just need to keep old index files and old pool debs around
<storrgie> I've got wired working fine but I wouldn't mind dropping the cable
<rbasak> I want to do a PoC on this now
<smoser>  storrgie /usr/share/doc/wireless-tools/README.Debian
<rbasak> It's a relatively trivial addition to our existing scheme, and would have some immediately useful benefits to developers
<utlemming> (and sys admins/engineers)
<rbasak> The only real extra cost is a redirector service so one EC2 instance basically
<genii-around> storrgie: Basically make a wpa-supplicant.conf   file and then wpa_supplicant -i eth# -c /wherever/conf-file-is &      and then maybe dhclient eth#
<smoser> rbasak, right.
<smoser> and it doesn't even need storage
<rbasak> Yep
<genii-around> ( substitute wlan0 or whatever accordingly )
<rbasak> I wonder if apt supports following a 301 http redirect?
<smoser> rbasak, i'm pretty sure it does.
<utlemming> rbasak: I was wondering that myself
<rbasak> smoser: for every index file and pool deb?
<storrgie> genii-around, I'm not sure how to specify a wpa key then
<storrgie> the document doesn't describe it
<rbasak> Anyway we can implement a redirector without that, by actually serving every file from S3 through the instance. And support for that could always be added to apt
<ivoks> stgraber: around?
<smoser> rbasak, right. but that doesn't really scale
<storrgie> https://gist.github.com/3061307
<smoser> well, at least not as well as rediret
<rbasak> Yes, but it could scale later by adding 301 support to apt if it isn't already there
<rbasak> How much scale would a historical archive service need?
<rbasak> I mean that we can implement now and scale later without having to change the architecture later
<storrgie> https://gist.github.com/3061307#comments
<utlemming> rbasak: one way to do this might be have "apt-historical" package
<storrgie> not sure how to get the interface to work properly
<storrgie> it doesn't appear to be connecting
<genii-around> storrgie: The key is in the wpa_supplicant.conf ... man wpa_supplicant.conf   has the syntax for that file
<utlemming> rbasak: have it local to the box in question which hits "http://localhost:1337" or something like that
<utlemming> smoser: then we don't have to have a service per se
<rbasak> utlemming: that's a good idea
<rbasak> Then we wouldn't need an ec2 instance for it either
<genii-around> storrgie: Apologies on lag, work required me for bit
<utlemming> rbasak: then you don't have to use a 302, because it could just be passed through
<storrgie> genii-around, not sure if I have wpa supplicant installed
<rbasak> Actually that's not a good idea at all. It's a great idea ;)
<utlemming> rbasak: the other advantage is that it means that someone could make it a service if they wanted to
<rbasak> Yes
<storrgie> genii-around, is it required to have wpa supplicant
<rbasak> So do we have a plan then? :)
<genii-around> storrgie: Yes
<rbasak> Also, did anyone have any feedback for me on https://wiki.ubuntu.com/AptByHash?
<genii-around> storrgie: The packagename is just wpasupplicant  if you do not already have it installed
<uvirtbot> New bug: #1021382 in maas "The COMMISSIONING_SCRIPT setting uses a relative path." [Critical,Confirmed] https://launchpad.net/bugs/1021382
<storrgie> turns out it is installed
<storrgie> genii-around, so wait, the doc you pointed me to didn't show me anything about wpasupplicant.... it just said to edit the /etc/networking/interfaces file
<genii-around> storrgie: I did not point you to any documents.
<stgraber> ivoks: yep
<utlemming> rbasak: another thing you can do is to use the "Last-Modified" HTTP header (http://paste.ubuntu.com/1078335/) to determine the dates
<utlemming> rbasak: which makes it really, really fast
<storrgie> smoser, did, sorry
<storrgie> genii-around, where do you suggest I place this wpa_supplicant.conf file? What is good nature?
<ivoks> stgraber: you remember, bacin in 2011, you've added a workaround for open-iscsi in its init script
<genii-around> storrgie: I said more-or less: make a wpa-supplicant.conf file and then wpa_supplicant -i eth# -c /wherever/conf-file-is & and then maybe dhclient eth#   and then: substitute wlan0 or so accordingly
<ivoks> stgraber: idea was not to start open-iscsi if iscsi was started in initramfs
<utlemming> rbasak: you hit the by-hashes and look at the last modified so that if someone as YYYYMMDD-HHmmsSS you can choose the by-hash that is applicable.
<rbasak> utlemming: so I do an HTTP HEAD on each InRelease?version=x and note the Last-Modified dates, right? And I'll eventually get a 404 or something which means I have all the versions. Then cache those.
<ivoks> stgraber: bug https://bugs.launchpad.net/ubuntu/+source/open-iscsi/+bug/850960
<uvirtbot> Launchpad bug 850960 in open-iscsi "iscsid tries to reconnect existing session at startup, failing to do so and hanging the system (dup-of: 677333)" [Undecided,Confirmed]
<uvirtbot> Launchpad bug 677333 in open-iscsi "open-iscsi: reconnecting to targets fails with kernel >2.6.32 due to sysfs changes (open-iscsi pkg version out of date with kernel)" [Undecided,Confirmed]
<genii-around> storrgie: Someplace like /etc/my-wpa-supplicant.conf    maybe. Doesn't really matter so long as the command-line has the path to it
<smoser> storrgie, i'm sorry, i shared all knowledge i have of this.
<utlemming> rbasak: yup
<smoser> :)
<utlemming> rbasak, smoser: the other thing is that now that these mirrors are public and production, I need to wrok with IS to get versioning turned on
<stgraber> ivoks: right, I believe this bug was fixed upstream/Debian so in theory the hack is no longer required, but someone should test before dropping it
<stgraber> (haven't looked at the bug again but that's what I remember from the last time I read it)
<ivoks> stgraber: right, but we don't have the fix in our open-iscsi
<smoser> utlemming, well, even before IS was involved, you should have thought about it
<rbasak> storrgie, genii-around: whoa. No need to create wpa_supplicant.conf. You can put all needed keys directly in /etc/network/interfaces.
<ivoks> stgraber: i've tested the patch from upstream and it works
<smoser> as not deleting, means massive increase in storage
<stgraber> ivoks: yeah, it needs merging from Debian I believe...
<ivoks> stgraber: or that...
<genii-around> rbasak: Ah, nice. I've never used it in this way before.
<utlemming> smoser: I delete now
<smoser> and bill
<smoser> even if everything else in s3 versioning was magic and perfect
<utlemming> smoser: to save storage
<rbasak> storrgie, genii-around: see /usr/share/doc/wpasupplicant/README.Debian.gz for examples
<utlemming> smoser: the change here is that we need to _not_ delete and we need to enable vesioning.
<stgraber> ivoks: I think we definitely want to merge from Debian, not sure how many other changes we have on that one though so don't know how painful it'll be
 * genii-around bookmarks
<smoser> utlemming, right
<utlemming> smoser: which is a big, big change
<smoser> which increases costs significantly
<smoser> well, even if the versioning was magic
<stgraber> at least it's good to know that the fix works and we can get rid of my ugly hack :)
<ivoks> stgraber: i could take a look, in precise we are at 0ubuntu9
<storrgie> rbasak, genii-around how do i reference this wpa_supplicant.conf file from my /etc/networking/interfaces ?
<utlemming> smoser, rbasak: looks like the makings of blueprint for UDS-R
<ivoks> stgraber: yeah, just wanted to let you know if it's still making problems for you somwhere :)
<rbasak> utlemming: I'm very tempted to JFDI. Assuming by-hash is accepted, this feels relatively simple
<stgraber> ivoks: right, we'd probably want to merge from Debian in quantal and if there are enough people asking for it and we know it's 100% safe, then drop my hack from oneiric and precise and replace it by a cherry-pick of the fix
<genii-around> storrgie: For that you would probably need to read the documentation rbasak referred to. I have myself not used it in this way and so of limited help there.
<ivoks> stgraber: yeah, fix is an onliner
<utlemming> rbasak: except that I can't implement this on the S3 side that easily
<stgraber> ivoks: I'm not actually using iscsi, I just happened to be the lucky one to get that bug escalated to intially :)
<stgraber> ivoks: good, should be easy to cherry-pick then :)
<rbasak> storrgie: you don't need a wpa_supplicant.conf. See the example in the docs. Just a few lines in /etc/network/interfaces is all you need.
<utlemming> rbasak: the _best_ case is that I can throw up a parallel mirror that has versioning, but we're talking a cost of $600/month
<rbasak> utlemming: oh yeah, there's the money :)
<stgraber> ivoks: I'll try and have a look at it this afternoon once I'm done fighting with my automated ipv6 testing
<utlemming> rbasak: ubuntu-server does not own the S3 mirrors as of ~20 hours ago
<ivoks> stgraber: https://github.com/mikechristie/open-iscsi/commit/f0b670c016c85c882bb0583eaef8ea2f7147d4af :)
<ivoks> pretty silly :)
<rbasak> utlemming: I have a test quantal mirror right now :)
<rbasak> (btw, any idea how much that's costing us? I can't see the size of the bucket)
<utlemming> rbasak: ~$30-40USD/month
<rbasak> utlemming: OK. And I have an instance running too.
<rbasak> utlemming: it'll need to be syncing the mirror every 30 minutes, so not worth turning off
<utlemming> rbasak: ~$250/month + 0.10/GB inbound
<rbasak> I should kill the instance actually. It's only sitting idle right now, pending feedback.
 * rbasak does so
<utlemming> the reason I used AutoScaling is because it is cheaper...we don't have to pay bandwidth in to update the mirrors because the first 1GB is free.
<rbasak> That's different for a long lived instance?
<rbasak> <rbasak> I wonder if utlemming can see stats on the total of S3 PUTs in the S3 mirror?
<rbasak> <rbasak> That should give us an approximate monthly storage growth figure, right?
<Insyte> I'm getting kernel crashes in Lucid when running NFS + iscsi inside KVM.  Unfortunately, it crashes hard and fast enough that nothing is logged, even remotely.
<Insyte> Lucid.
<Insyte> They seem to happen every five days or so.
<Insyte> Anyone seen anything similar?
<roaksoax> Daviey: /win 13
<roaksoax> err
<stgraber> hallyn: just spent half an hour trying to figure out why my ipv6 testing scripts are failing quite badly: http://paste.ubuntu.com/1078528/
<hallyn> stgraber: hm, yeah, hooks and api came through separate  branches
<stgraber> hallyn: yeah but I rebased the API branch on quantal, so we now have the hooks in there but they somehow get stripped every time I save the config
<hallyn> stgraber: yes, because i had to implement save_config - there was none.  so the lxc.hooks need to be implemented in save_config
<stgraber> hallyn: ah, right, I guess I'll just skip using the hooks for now then
<hallyn> stgraber: which bzr branch are you using atm?
<hallyn> i'll whip up a merge proposal
<stgraber> hallyn: lp:~ubuntu-lxc/ubuntu/quantal/lxc/lxc-api-and-python
<hallyn> stgraber: feh, of all the files in that $(*&% patch, conf.h wasn't one.  gotta rebuild my patch :)
<hallyn> stgraber: why did you remove the README in your last commit?
<hallyn> it makes it fail to build
<uvirtbot> New bug: #997269 in dovecot (main) "dovecot imap broken by apparmor policy" [High,Invalid] https://launchpad.net/bugs/997269
<stgraber> hallyn: oops, I'll fix the FTBFS. The reason is that the directory is no longer empty as we have lxc-init in there
<hallyn> stgraber: ok, lemme first check in my change for hooks.  it compiles, hopefully it runs right too :)
<stgraber> hallyn: oops, saw your comment right after I pushed the fix for README, so you may need to uncommit/pull/commit, sorry
<hallyn> stgraber: done - but your fix isn't enough.  the *makefile* wants there to be a README
<stgraber> hallyn: ... ok, will fix the Makefile too then :)
<mu3en> is it possible to ensure grubpc is installed instead of grubefi during server install?
<hallyn> stgraber: thanks :)  at any rate save_config() is working
<hallyn> for hooks that is
<stgraber> hallyn: cool, and I just updated the branch to make it buildable again. I'll push to the PPA soonish
<hallyn> refetching.  let's see if i can think up a good plan for get_config()
<hallyn> probably makes the most sense then to re-implement save_config in terms of get_config
<hallyn> stgraber: for c->get_config_item(c, "lxc.mount"), would you want just the value part, or the whole 'lxc.mount = value' string?
<stgraber> just the value
<hallyn> ok.  i think unfortunately in the c cal li'l lhave to make it
<hallyn> int get_config_item(struct container, char *key, char *return)
<stgraber> I can live with that
<hallyn> returning the length, so you can do 'len = get_config_item(c, key, NULL); v = malloc(len+1); len = get_config_item(c, key, v)'
<hallyn> still seriously ugly because of multiple-line things like lxc.mount.entry
<hallyn> stgraber: do you need to be able to do 'get_config_item(c, "lxc.cgroup")' to get all cgroup items, or can we just support only specific cgroup items?
<hallyn> like lxc.cgroup.devices.allow
<stgraber> would be best to enforce an exact match of the key
<stgraber> so lxc.cgroup.devices.allow would work but lxc.cgroup would return an error (no match)
<stgraber> not sure what to return for these that can exist multiple times (network, devices.allow, ...)
<hallyn> i can just return a string with newlines,
<hallyn> or if you prefer I can return one line at a time with indication of wether there are more lines
<stgraber> hallyn: newlines is best I think. Easier to handle for me at least
<stgraber> hallyn: btw, how does that work in set_config_item? how would I got about defining multiple network interfaces using it?
<hallyn> stgraber: IIRC just do same way (order) as in a config file
<hallyn> does that not work?
<hallyn> so, you can't change a setting for an already-defined nic, i uess
<hallyn> i guess
<stgraber> I can see that being a bit annoying for a few of my setups ;)
<hallyn> would it suffice to have a clear_config(c, "network") and clear_config(c, "cap.drop") ?
<stgraber> clear_config_item(key) wiping all occurences of a key would be good yeah
<hallyn> anything more structured doesn't really fit with the set_config
<stgraber> for scripting, I don't really care so much about the current values, I just want to see them gone and replaced ;)
<hallyn> if you can think of a better way to do something like container->nic[1].name = "eth3" with the api, i'm all ears
<hallyn> clear all network entries, or only #0 or #1 ?
<hallyn> all nics i should say
<stgraber> ideally I'd like to see the config format change to not allow duplicate keys unless they are just multiple values for a key
<stgraber> and see network be moved to lxc.network.ethX.type/flags/link/hwaddr
<stgraber> I'd expect clear_config_item(key) to be a generic function removing any occurence of "key" from the config, so in the case of .network, all nics
<hallyn> ok.  will see what i can come up with
<hallyn> stgraber: network multiple entries are of course a bit of a pain since subkeys might exist for only some of the nics
<hallyn> stgraber: maybe the right answer will hit me over the weekend.  have a good weekend
<stgraber> hallyn: well, with multiple calls to set_config_item (one per key and per interface) + get_config_item returning multiple lines and clean_config_item to wipe the entries, I should be able to make a wrapper in python that lets you change the network config in a scripter friendly way
<stgraber> hallyn: have a good weekend!
<hallyn> stgraber: ok, sounds good.
#ubuntu-server 2012-07-07
<ruben23> hi guys i ahve a hosted linux server now , my provider told me that i been hack attack becasue my badnwidth usage increase to much- can you help me guys this is my current iptables---> http://pastebin.com/m9dHg5Ft
<ruben23> any idea how to counter this attack , i see it here ----> Chain OUTPUT (policy ACCEPT 139M packets, 4120M bytes)  pkts bytes target     prot opt in     out     source               destination
<ckrailo> my google-fu is failing me here. anybody know of a command-line PDF validator that i can run on my server to check if a PDF file isn't fubar (aka will open in Preview or Adobe Acrobat or whatever)?
<koolhead17> nijaba, around?
<FckBEye> http://www.youtube.com/watch?v=9ADQpzPDBGI
<FckBEye> http://www.youtube.com/watch?v=9ADQpzPDBGI
<MrMibbit> system setting will not allow be to change wallpaper
<MrMibbit> settings
<MrMibbit> http://www.youtube.com/watch?v=zUHQPA0jCVg
<MrMibbit> http://www.youtube.com/watch?v=uHj7uPgX4Rw&feature=related
<MrMibbit> [CHUCK NORRIS] 			Chuck Norris makes onions cry.
<MrMibbit> [CHUCK NORRIS] 			Chuck Norris is so powerful that any woman that he lets have sex with him has to have a licence to operate heavy machinery.
<OrangeTux> Is the following enough to backup a just configured ubuntu server? $rsync -vzr --rsh="ssh -p3000" --exclude "proc/*" root@xxx.xxx.xxx.xxx:/ /my/local/file/system/07072012-elektim
<OrangeTux> In case of a server crash or something can I restore the whole serverconfiguration by copying the backupfiles back to the server?
<uvirtbot> New bug: #1022049 in munin (main) "munin Can't use an undefined value as an ARRAY reference at /usr/local/share/perl/5.14.2/Munin/Master/GraphOld.pm line 351." [Undecided,New] https://launchpad.net/bugs/1022049
<Sprocks> does anyone here know how to set up a PPTP VPN server that uses RSA on ubuntu server?
<Sprocks> does anyone here know how to set up a PPTP VPN server that uses RSA on ubuntu server?
<patdk-lap> sprocks, you can't do pptp using rsa
<patdk-lap> unless your talking about, doing ipsec with l2tp
<Sprocks> is that an ubuntu restriction?
<patdk-lap> then the ipsec side could do rsa, but normally doesn't
<patdk-lap> no, it's a ppp issue
<Sprocks> hmm thats not what my iphone says, but ok ill switch it to password, do you have steps to set the up?
<patdk-lap> the iphone uses ipsec :)
<patdk-lap> atleast I haven't heard of ios supporting pptp
<Sprocks> it can also use PPTP and L2TP
<TheLordOfTime> last i checked it doesnt
<Sprocks> at least mine can
<TheLordOfTime> either that or you're misinterpreting its abilities
<Sprocks> im looking at the VPN config screen right now
<Sprocks> http://new.hideipvpn.com/wp-content/uploads/2009/09/hideipvpn_iphone4.png
<patdk-lap> that is rsasecureid
<patdk-lap> totally different from rsa
<TheLordOfTime> ^
<Sprocks> did i forget to add secure id to my question?
<TheLordOfTime> yup
<Sprocks> oh sh** ya i did
<Sprocks> sorry ya meant with RSA secure ID
<patdk-lap> you can :)
<patdk-lap> you will have to get the libs/token from rsa company
<Sprocks> do you think thats worth it?
<patdk-lap> it's nice, there are other methods that aren't so costly
<patdk-lap> it's just a normal OTP system
<Sprocks> like using the standard password auth?
<patdk-lap> no
<patdk-lap> like using any other OTP system
<Sprocks> is there a page that has the steps needed to install and configure a VPN server with these other OTP systems?
<uvirtbot> New bug: #1022101 in cloud-init (main) "cloud-init FTBFS in Ubuntu Quantal" [Medium,New] https://launchpad.net/bugs/1022101
 * nrd hi all
<gfkjunior> Hey ya'll I was just hoping for some advice for setting up a personal server.
<gfkjunior> It's for nothing in particular just to learn, is a vps the best way to go?
<dax> If you're just looking to learn, I'd find an old computer and install it on there, or use a virtual machine (e.g. in Virtualbox). No monthly fee that way.
<dax> although then you don't get something that's useful as a production mailserver/webserver/whatnot, so VPS might be the best way to go if you need that
<gfkjunior> I don't have a lot of space and I found affordable vps services so I'm leaning that way. Are all vps providers essentially the same except for price points/features?
<gfkjunior> All I would really like is to set up a file server and play around with ssh and stuff.
<sw> gfkjunior: the virtualisation platforms differ, etc. it'll all be explained on their websites. I've always used Linode
<gfkjunior> I've heard really good stuff about linode. Thanks ya'll
<eNTi> hi. i was wondering, if someone could help me debug as to why certain daemons fail to start @init. is it possible that one daemon just fails and then the rest won't be even tried?
<eNTi> i have no idea where to look in my logs
<bca> Hello, I run Ubuntu Server 12.04. Is there a way to limit the amount of disk space a user can use in their home directory? (a quota)
<PatrickDK> sure, enable quotes, and set one
<bca> PatrickDK: How do I enable them?
 * PatrickDK would assume the ubunt server guide knows
<bca> thanks
<bca> One more question. Is there an easy way to monitor bandwith usage?
<usul> I installed server, but I can find a terminal in the gui
<usul> it's fine it I toggle outside it, but I want a term in the gui, what do I need to apt-get that I shouldn't have already gotten with ubuntu-desktop?
<Skaag> hm. I thought having my email hosted by google apps for domains was free?
<andol> bca: You can get the data both from ifconfig as well as from iptables. Myself I graph that data (as well as other system metrics) using munin.
<bca> Okay, thanks :)
<BoF> buenas gente
#ubuntu-server 2012-07-08
<usul> need terminal app in server gui
<patdk-lap> usul, server has no gui
<ping__> hy
<ping__> help my
<ping__> i instal squid on ubuntu server, but i can't cache youtube , why ?
<ping__> hy
<ping__> tes
<ping__> tes
<ping__> hy
<martadinata> hmm
<ping__> ded
<martadinata> hmm :) yes
<ping__> yuhu
<ping__> yg lain pada tidur kali ya om
<martadinata> don't know
<uvirtbot> New bug: #1022008 in clamav (main) "clamav" [Undecided,New] https://launchpad.net/bugs/1022008
<ping__>  1 tes
<ping__>  hy
<ping__>  tes
<ping__> tes
<ping__> hy
<eagles0513875> hey guys how can i need to set grub to default boot onto the xen kernel and that seems to be in a submenu on grub2 how can i see and set that kernel to boot by default
<ikonia> you set it in the grub config files, re-run update-grub to generate a new config then reboot
<eagles0513875> ikonia: problem is is that the kernel gets installed in a grub submenu
<ikonia> that is not a problem
<ikonia> you still set it in the config
<ikonia> treat the menu process as a directory listing
<eagles0513875> ok waht has me confused is that on a clean 12.04 install it seems to use a numerical listing to tell grub which kernel to boot
<ikonia> well, it can be, starting from 0
<ikonia> that was brought across from grub legacy
<eagles0513875> ikonia: so i can use paths as well O_o
<ikonia> no, not paths,
<ikonia> when I said think of it as a directory listing, I meant treat the listing as a directory, eg: top level down
<eagles0513875> i did this line according to help.ubuntu.com article sudo sed -i 's/GRUB_DEFAULT=.*\+/GRUB_DEFAULT="Xen 4.1-amd64"/' /etc/default/grub and updated grub and rebooted im guessing that command wont work would it?
<ikonia> that's not going to work
<ikonia> you can try it though, I could be wrong
<eagles0513875> i did try it and it didnt
<eagles0513875> and this is on https://help.ubuntu.com/community/XenProposed#Installing_Xen
<eagles0513875> ikonia: are the xen modules already compiled into the standard 12.04 kernel?
<eagles0513875> which it seems like they are according to an lsmod | grep xen
<ikonia> what are you talking about modules ?
<eagles0513875> kernel modules
<ikonia> what are you actually asking ?
<ikonia> apologies if I'm not reading it clearly
<eagles0513875> i know that as of the 3.0.x kernel stack release that xen has been included. question is do i need to install any special xen kernel or boot off a special kernel to use xen from what i have seen it seems like one needs to as the standard ubuntu kernels dont have xen compiled into it
<ikonia> xen became part of the mainline kernel in 2.6.30-something, 33 ? 34 ? ish
<ikonia> it should be in any kernel post that
<ikonia> (you'll need to check 33-34, I can't remember which)
<eagles0513875> ok
<ikonia> anything post that will xen build into it's codebase, if that is an enabled option or not, is a different story
<ikonia> eagles0513875: that wiki page you linked me to (just finished reading it) confirms that xen is part of the ubuntu kernel by default
<eagles0513875> ok then why have i seen in grub a submenu with xen specific kernels
<ikonia> what does that "sub menu" point to
<eagles0513875> xen specific kernels
<ikonia> which ones
<ikonia> please name it
<eagles0513875> ikonia: seems like that was in 11.10
<ikonia> so basically you've not done any checking or home work on this
<ikonia> why do you have 11.10 stuff on a 12.04 clean install ?
<eagles0513875> i dont when i noticed this this was back on 11.10 i have 12.04 only now
<ikonia> ah, so you've not checked this
<ikonia> you've just assumed it was sub menus on 12.04
<ikonia> when you've checked you've found it's not sub menus (I'm assuming)
<ikonia> or is it still sub menu's on 12.04 too ?
<ikonia> (shouldn't be as you shouldn't have a different kernel)
<eagles0513875> ok well ill double check my home server again to make sure
<ikonia> it's worth checking
<eagles0513875> or even just reboot my netbook
<eagles0513875> agreed :)
<ikonia> please please, start trying to get your FACTS together
<ikonia> how many times - stop making things up that you think are real, check and report on facts
<ikonia> not picking on you, but we go through this same thing over and over,
<eagles0513875> understood
<ikonia> (you may well still have sub menus, but you need to check, and confirm)
<ikonia> eg: you are looking at 11.10 kernels complaining about 12.04.
<ikonia> need to stop that sort of thing
<Anders-> Anyone able to help with Dovecot?
<Anders-> I'm getting an internal login failure. From the log file :: Internal login failure (auth failed, 1 attempts): user=<username>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
<uvirtbot> New bug: #994212 in autofs5 (main) "ldap fails to start when /etc/network/interfaces not used" [Medium,Confirmed] https://launchpad.net/bugs/994212
<Hanako> Nyaa~! I've just set up a Ubuntu 12.04 VPS, installed Apache2, MySQL and PHP... WordPress runs fine, so does Apache2... but WordPress doesn't seem to be able to touch any of the files in the www directory I've set up. My user has been added to www-data group, I've changed the owner of all files so they are in the www-data group and permissions are 770...
<Hanako> And from what I can tell the sticky bit is set correctly as well... any ideas on how to fix the problem?
<Hanako> (and Apache2 runs as www-data:www-data)
<jacobw> Hanako: check /etc/apparmor.d/ for policy definitions restricting those processes
<Hanako> ended up chowning the files... www-data is the new owner ^^;
<jacobw> functionally equivilent if you set 770 :)
<Hanako> I did.. even tried 777 and WordPress/Apache2 couldn't care less... XD
<jacobw> apparmor is likely to ship with profiles that restrict both apache and php given that they're very large attack vectors, the problem might not be with apache or php but with apparmor limiting the abilities of the process through exec and the kernel
<jacobw> or there's something weird going on :)
<Hanako> and apparmor is automatically installed?
<jacobw> i think it's been enforcing since 8.04
<jacobw> https://help.ubuntu.com/12.04/serverguide/apparmor.html
<jacobw> an easy method to test if a behaviour is due to apparmor is to place the profile in to complain mode then restart the process
<Hanako> guess debian doesn't use apparmor then ^^;
<Hanako> since that was what I was using before
<Hanako> thank you Jacobw :3
<jacobw> http://wiki.apparmor.net/index.php/Distro_debian#Not_Available_in_Stock_Debian
<chmac> I'm looking for a simple mail relay, like nullmailer / ssmtp, but one which will accept a message by SMTP on port 25, and then forward it on. Any recommendations?
<chmac> Something like postfix configured with a smart relay, but much, much simpler hopefully... :-)
 * andol always find Postfix simple enough, especially for doing simple things.
<glance> postfix is pritty simple.
<qman__> have to agree, postfix is simple enough and easy to set up
<qman__> those minimalist solutions, in this case, are more trouble than they're worth
<uvirtbot> New bug: #1022360 in asterisk (universe) "(CVE-2012-3812) CVE-2012-3812 asterisk: Remote crash vulnerability in voice mail application (CVE-2012-3863) CVE-2012-3863 asterisk: Possible resource leak on uncompleted re-invite transactions" [Undecided,New] https://launchpad.net/bugs/1022360
<uvirtbot> New bug: #1022385 in samba (main) "package samba 2:3.6.3-2ubuntu2.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 128" [Undecided,New] https://launchpad.net/bugs/1022385
<uvirtbot> New bug: #1022386 in etckeeper (main) "Unable to obtain lock file:///etc/ held by root" [Undecided,New] https://launchpad.net/bugs/1022386
#ubuntu-server 2013-07-01
<hadifarnoud> sarnold: its standard wordpress htaccess
<hadifarnoud> https://gist.github.com/hadifarnoud/281b91d062b71d2e66d1
<sarnold> why oh why doesn't wordpress just install that in the main apache config? that seems like a lot to reparse every request.
<sarnold> oh well, it doesn't feel related to me...
<hadifarnoud> sarnold: wordpress is shit. I have a lot of problem with it. can't really use it for local -> remote scenario. white screen of death
<hadifarnoud> tell me about it
<hadifarnoud> it's annoying. arggg.
<sarnold> hadifarnoud: hehe, perhaps that's part of the reason why the juju guys like to use their wordpress charm as their demo :)
<hadifarnoud> sarnold: I'm a drupal guy. I used to use wp long time ago. it really didn't change at all. same thing except it's 2013 here
<sarnold> hahaha
<hadifarnoud> sarnold: I use it because of great themes
<RustyShackleford> i installed ubuntu server 13.04
<RustyShackleford> my machine is connected via ethernet but it's got no internet
<RustyShackleford> I can ssh to it from my laptop though
<sarnold> RustyShackleford: check the gateway is correct in /etc/network/interfaces
<sarnold> gateway and netmask
<RustyShackleford> auto p32p1
<RustyShackleford> iface p32p1 inet dhcp
<sarnold> ah, is your dhcp server handing out correct netmask and gateway?
<RustyShackleford> thats under a comment which says "the primary network interface"
<sarnold> check 'ip route' output
 * sarnold -> off, good luck :)
<RustyShackleford> default via 10.0.0.1 dev p32p1
<RustyShackleford> 10.0.0.0/24 dev p32p1  proto kernel  scope link  src 10.0.0.17
<RustyShackleford> sarnold: ^
<sarnold> RustyShackleford: is 10.0.0.1 reachable from that host?
<RustyShackleford> sarnold: I can ping it
<RustyShackleford> also I can log into the server via ssh on my laptop
<ruben231> hi , how do i remove static route  on Ubuntu server..
<TimRe> can anybody tell me the proper way on setting up sftp server and allow me to jail users only to there home directory?
<ruben231> hi guys how to add royte permanently on ubuntu server..?
<tcb^ll3r> hello all
<tcb^ll3r> what hdd formats does server 12.04 support?
<ninjaaron> eh, I'm a totall ftp newb, and I just installed vsftpd on my 12.04 server. set "local_enable=YES" and "write_enable=YES". I can connect to the server and transfer files from it, but trying to transfer to it fails. I'm not sure what the problem is. It could be clientside, I guess (Filezilla on Arch).
<TimRe> ninjaaron I am in the same boat as you are
<ninjaaron> Sweet.
<ninjaaron> or something.
<ninjaaron> Anyone have an answer?
<TimRe> nobody as told me how to set it up correctly
<TimRe> all the guides I seen on the web are full of bs and it dont work
<ninjaaron> maybe there needs to be an ftp server on the local site as well to send files... or is that stupid?
<ninjaaron> eh, I'm a totall ftp newb, and I just installed vsftpd on my 12.04 server. set "local_enable=YES" and "write_enable=YES". I can connect to the server and transfer files from it, but trying to transfer to it fails. I'm not sure what the problem is. It could be clientside, I guess (Filezilla on Arch).
<ninjaaron> ah crap... wrong window.
<ninjaaron> sorry for spamming.
<ninjaaron> Hey TimRe, I figured it out over here. I thought I had uncommented "write_enable=YES" in /etc/vsftpd.conf, but I guess I was wrong. I must have missed it. I uncommented it, restarted the service, and it works.
<ninjaaron> Don't know if that will help you.
<foo357_> Heya. I'd like to setup a mechanism for automatic package updates. There are a few approaches to this and I'm thinking of setting up some cron jobs.
<rbasak> foo357_: look into the unattended-upgrades package.
<foo357_> rbasak: yes that's an option, but I have some particular demands on logging and reporting which I think it might not support.
<foo357_> First of all I would like to get a report in advance of what will be done in the update process... (my idea right now is that the machine prepares for the update during the day and then performs it at midnight)
<greppy> foo357_: apticron package may help
<sw> Hi, I have an issue with a script that's confusing me. I posted the part here http://pastebin.com/Q5himWTd. The /usr/pcidos cp doesn't work if before the else, gets a cannot create file error, but works ok if it's after the else? :|
<shodan45> are there docs for kvm on ubuntu that are up to date? all the ones I'm finding are for 10.04-era stuff :(
<hadifarnoud> I get random forbidden error on one of my virtualmin sites. it's built with Wordpress. error goes away after a while. so weird
<hadifarnoud> LOG  [client 80.5.67.62] client denied by server configuration: /home/any1/public_html/wp-admin/media-upload.php, referer: http://any1.io/wp-admin/admin.php?page=wpzoom_options
<foo357_> rbasak: I'll try using unattended-upgrades and see how it performs... at what time will "daily" tasks be performed? I'd like to restrict activity to around midnight.
<rbasak> foo357_: when the daily cron job runs. See /etc/crontab.
<RoyK> anyone that knows how many Current_Pending_Sector or Offline_Uncorrectable is somewhat acceptable before I kick out the drive? No warranty on this one
<ptawko> hey all
<foo357_> Hello, I've got a ubuntu server running 10.04 and I think it's time to upgrade to 12.04, is there anything I should think about before running dist-upgrade?
<ikonia> foo357_: read the upgrade guide ?
<Pici> aye, as 'dist-upgrade' isn't the right method to upgrade to a new release.
<gpufreak> does anyone know if MHGH28-XTC is supported by ubuntu 12.04.2 LTS ?
<ikonia> gpufreak: what is it ?
<gpufreak> infiniband card
<gpufreak> from mellanox
<ikonia> gpufreak: check it's support in the linux kernel, then check if that kernel is older/newer than the one in 12.04
<ikonia> gpufreak: also checking with the company if there is any linux support/requirements is a good thing
<gpufreak> ok will do
<gpufreak> googling did not give me some good answers
<gpufreak> some ppl got it working but depending on FW version etc
<ikonia> ok, so that gives you a partial answer already
<gpufreak> yes and no ;)
<ptawko> can anyone recommend a simple GUI administration panel for ubuntu 12.04? (free only...)
<ikonia> gpufreak: http://www.mellanox.com/pdf/MFT/MFT_for_Windows_user_manual.pdf
<ikonia> gpufreak: not the most hard thing to find on their website
<ikonia> (read the actual document, not the file name)
<gpufreak> seems to work then...
<gpufreak> just got those on my desk, but lspci not showing them
<gpufreak> so thats why im asking ;)
<lucascastro> how can I check if my connection pass by some proxy?
<raub> bonding questions: https://help.ubuntu.com/community/UbuntuBonding states to define the iface eth0 and eth1, but http://ubuntuforums.org/showthread.php?t=1631796 implies not to. Who should I trust?
<raub> (I need coffe to type better)
<koolhead17> hi all
<koolhead17> smoser, who should i contact for LXC help? need to try it on openstack
<sander^work> Hi, whats wrong when I get this message:? kernel panic - not syncing: VFS: Unabkle to mount root fs on onknown block(0,0)
<ikonia> gpufreak: lspci is not hardware detection
<ikonia> sander^work: it can't find the root file system
<gpufreak> @ikona: i know
<gpufreak> figuring it out now
<gpufreak> > /sbin/lspci -d 15b3:
<gpufreak>         02:00.0 Ethernet controller: Mellanox Technologies Unknown device 6368 (rev a0)
<gpufreak> the other card i had did not show up
<gpufreak> this one does
<gpufreak> maybe a broken one, will figure it out :)
<Daviey> matsubara: Hey, have you worked out what is going on with that timezone merge to MAAS?
<matsubara> Daviey, yes, I'm looking into
<Daviey> koolhead17: LXC help, zul would be good
<Daviey> matsubara: cool, thanks
<koolhead17> thanks Daviey
<koolhead17> Daviey, around
<Daviey> koolhead17: square
<jamespage> zul: yikes - wassup with python-iso8601?
 * koolhead17 salutes jamespage 
<jamespage> hey koolhead17 - hows things?
<koolhead17> jamespage, exciting :) Trying to test LXC precise/grizzly
<jamespage> koolhead17, nice
<koolhead17> will post the issue in few days if not able to get it working
<koolhead17> Daviey, did u get my stupid question :D
<Daviey> koolhead17: Yep, and answered :)
<koolhead17> jamespage, how have you been offlate? too much juju magic?
<jamespage> koolhead17, never to much magive
<jamespage> magic rather
<koolhead17> am getting near quantum now. trying to study the magic OVS
<koolhead17> :D
<jamespage> lots of stuff going into launchpad.net/charm-helpers
<jamespage> we are going through a bit of a redux across the openstack charms
<jamespage> migrating everything to python and putting in some nice common components etc..
<jamespage> well adam_g is anyway
<jamespage> I just dance around and watch :-)
<koolhead17> jamespage, u meant python --> Go
<koolhead17> been while heard from adam_g :D
<jamespage> koolhead17, nope I mean bash->python
<koolhead17> jamespage, ooh. on top of charms. got it
<jamespage> zul: ah - I see it already got fixed - must be stuck in proposed or something
 * koolhead17 wonders if zul is invisible for me. Why i don`t see him in channel :(
<Daviey> koolhead17: zul isn't here right now.
<koolhead17> Daviey, ooh. i saw jamespage poking him so i was confused :D
<sander^work> Whats a good rescue cd to check for disk corruption based on ubuntu?
<Daviey> sander^work: ubuntu desktop? :)
<koolhead17> am i hitting a bug? /var/log/keystone
<koolhead17>  is what dpkg -L keystone  gives
<koolhead17> but /etc/keystone/keystone.conf says # The directory to keep log files in (will be prepended to --logfile)
<koolhead17> log_dir = /var/log/keystone
<koolhead17> oops my bad. it mentions the filename inside directroy
<sander^work> When I mount up a disk from a rescuecd.. and getting imput/output error.. What does that mean?
<koolhead17> the owner/group for keystone logfile is user/grp keystone why? should it not be root of the config file is owned by him
 * koolhead17 is confused
<mikeey> is there a Ubuntu-equivalent of SMB multipathing for Windows?
<mikeey> or something that would give me more than 109 MB/s write spee
<mikeey> speed
<jamespage> rbasak, nice one
<rbasak> thanks!
<rbasak> Kinda scared to do an upload now in case I screw it up.
 * rbasak puts his extra paranoid hat on
<Daviey> rbasak: It's still reasonable, and IMO a good idea - to ask for a peer review via debdiffs :)
 * Daviey does it aswell.
<rbasak> Daviey: indeed. I certainly won't be doing anything unusual without asking first.
<TimRe> does anybody know the proper way of setting up jail users to there home directory under vsftp?
<TimRe> under 12.04.2 LTS
<rbasak> TimRe: take a look at http://askubuntu.com/q/128180/7808
<rbasak> TimRe: it's a relevant user why it's not so simple with vsftpd in 12.04.
<TimRe> so what do you say I need to do then?
<rbasak> The available options are documented on that page.
<TimRe> ok
<rbasak> A relevant user? Not sure what that was supposed to say. Sorry it made no sense. Hopefully you got my gist :)
<TimRe> nope that didnt work either I am still getting permission denied
<TimRe> when trying to upload an file
<smallmouse> can someone help please please.. am really stuck..i need user access to a directory using ssh
<smallmouse> how do i create a key
<smallmouse> and give them a key to access the server
<smallmouse> thanks
<TJ-> smallmouse: Start here: https://help.ubuntu.com/10.04/serverguide/openssh-server.html
<TJ-> smallmouse: And then consult https://help.ubuntu.com/community/SSH/OpenSSH/Advanced
<smallmouse> TJ-: already have the ssh on aws, but i want to add a user and give them access to the www diretory have already set up the server and it worls :-D
<sarnold> smallmouse: full details are in the ssh-keygen manpage; just run "ssh-keygen" and answer prompts if you ike...
<TJ-> smallmouse: "sshfs" might be useful, depending on the exact requirements of access
<smallmouse> TJ-: i need him to upload and download files
<TJ-> smallmouse: All the instructions you need are in those links I gave you
<smallmouse> TJ-: are there any specific instuctions anyone is aware of on the net, this will take time to figure out else. thanks
<TJ-> I give up!
<smallmouse> TJ-: unfortunately some of us have little experience...but i did get the server up with drupal :-D
<TJ-> I suggest you *read* the instructions on the links I gave you. They were written for that purpose!
<mgw> how can I ensure when exiting a chroot env that all running procs are killed?
<smallmouse> how do i download a file from an aws server using command line ? so i am in the server and need to download a key locally
<smallmouse> thansk
<smallmouse> itsn an unbuntu server
<m0nk3yjoe> Hello I'm trying to set up unattended-upgrades and I've edited etc/apt/apt.conf.d/50unattended-upgrades and I'm not sure if I need to then edit /etc/apt/apt.conf.d/10periodic or 10periodic?
<m0nk3yjoe> Sorry 50unattended or 10periodic?
<m0nk3yjoe> So, my question is about the difference between the two above?
<sarnold> m0nk3yjoe: I believe the 50unattended-upgrades file will override values set in the 10period file
<m0nk3yjoe> This blog post http://handytutorial.com/automactic-security-update-ubuntu-12-04-server/ and this one http://www.shaolintiger.com/2012/07/12/running-unattendedautomatic-security-updates-on-ubuntu-12-04-lts-precise-pangolin/ say differnt things
<m0nk3yjoe> sarnold, so either will work?
<sarnold> m0nk3yjoe: if you set conflicting values, I think the higher-numbered configuration file will take precedence
<m0nk3yjoe> Thanks so much!
<m0nk3yjoe> dry run seems to be going swimmingly
<ubuserverusers> Hi, does anyone know about munin 404 errors? it is setup and running but when I click on localdomain it gives a 404 error
<m0nk3yjoe> B)
<ubuserverusers> I checked and the index.html does exist. Really need these munin reports to test for uptime etc... :)
<Pici> ubuserverusers: How long has munin been running for?
<ubuserverusers> Pici: I just installed it on Ubuntu Server 12.04; so about 45mins or so
<Pici> ubuserverusers: Are you just going to http://localdomain/ or are you trying to get to the localdomain section on the proper munin url?
<Pici> Also, have you configured munin? I don't recall what the default configs look like.
<ubuserverusers> Pici: http://127.0.0.1:8080/munin/localdomain/index.html also http://127.0.0.1:8080/munin/ works but can't click on any of the links without 404. All the configs should be default
<PashaPasta> ubuserverusers: have an .htaccess file present?
<ubuserverusers> PashaPasta: no I have not set any and do not see any present
<ubuserverusers> I also made sure that 127.0.0.1 was allowed access in the munin.config which it is already
<ubuserverusers> also it is lighttpd if it matters.
<ubuserverusers> Pici: I may have found the error. My munin-update.log has this: http://pastebin.ubuntu.com/5829146/
<ubuserverusers> I have also tested telnet as according to munin troubleshooting
<ubuserverusers> and it worked ok.
#ubuntu-server 2013-07-02
<adam_g> roaksoax, just pushed a first pass the template-driven https reconfig to lp:~gandelman-a/charms/precise/cinder/pyrewrite
<adam_g> roaksoax, one gotcha i ran into is that we need to a2ensite new apache configs after tempaltes have been rendered, but before the restart_on_change wrapper restarts things.
<adam_g> zul, any word on kombu?  requirements.txt got updaed across all projects (i think) and it broke us good
<STurtle> Can anyone advise me on which version of server has apache 2.4 support
<GH0> None of them
<GH0> It isn't in debian, you can build it yourself from source. I asked this same question a while back, and this was the answer I got.
<GH0> STurtle, ^
<TimR> can anybody tell me why port 21 is not listening on my 12.04.2 lts server when I got vsftpd installed
<centaur5> I want to setup my 1st HA cluster. Anybody have an opinion on best storage options and why? GlusterFS, corosync, or pacemaker?
<jamespage> zul, adam_g: hows havana looking in staging? I'd quite like to get something out to updates this week if possible
<mndo> hi, i am trying to adding access to a host  folder on an guest I am getting this error when trying to start the guest: Virtio-9p Failed to initialize fs-driver with id:fsdev-fs0 and export path: <my host folder>
<sebrock> I have a general question in how to setup my server. I got one physical ethernet connection on the server. I would like to use this connection both in plain and have it connect to a VPN service. Next I would like my webservices to traffic the plain connection while other services use the VPN connection. How is this managed?
<ikonia> sebrock: you'll need to setup routing for that
<sebrock> Yes I noticed, on my way :)
<Senor> Is there tcp server network stress test tools ?
<jamespage> Senor, iperf is useful for benchmarking but not really for stress testing
<Senor> jamespage:so how do I do stress test for my tcp server ? simulate?
<jamespage> Senor, with iperf you run iperf -s on one host and then iperf -c <IP of first host> on another
<jamespage> it transfers data between the hosts and measures the network performnce
<Senor> Does this reflect  the  stress holding capability?
<jamespage> Senor, no - its just a benchmark
<Senor> Can you give a definition for stress holding ability ?
<zul> jamespage:  im ready needs some testing
<maruq> Hi guys
<maruq> I've been handed an ec2 server running 8.04 LTS, which is obviously EOL now
<maruq> I'm looking to upgrade via `sudo do-release-upgrade`, but keep hitting problems
<maruq> it's failing to fetch the lucid listings
<maruq> https://gist.github.com/markbate/caa93cd62521e1146d3a
<maruq> any ideas?
<RobCWDudley> maruq: IIRC there are legacy apt repos that you can use to "step" up through the versions till you hit support
<RobCWDudley> maruq: but may be quicker just to rebuild
<maruq> RobCWDudley: I think it was actually the apt sources. they were set as us.ec2.archive.ubuntu.com, I changed to archive.ubuntu.com & can update apt
<maruq> RobCWDudley: yeah, if I could, I'd just deploy a 12.04 server, but need to keep this one going :(
<RobCWDudley> maruq: ah ok guess the amazon mirrors are kept pretty well pruned back then.
<maruq> RobCWDudley: I think also there might be separate us-east & us-west ones now, but not sure
<maruq> RobCWDudley: I updated apt & installed apparmor, things seem to be upgrading now
<RobCWDudley> maruq: cool - good luck getting it up to 12.04 :)
<maruq> RobCWDudley: haha, thanks.
<g0tcha> hey guys, i have a quick question, how can i add access to a certain directory to a specific user?
<RobCWDudley> g0tcha: chown
<rbasak> smoser: around? I have a cloud-init hostname setting question. "getent hosts `facter fqdn`" seems to fail by default with cloud-init and Openstack.
<g0tcha> RobCWDudley, can you be more specific please? im not that savvy with that
<RobCWDudley> g0tcha: not without more info. Which directory, which user and what kind of restirciton
<g0tcha> RobCWDudley, the directory is called /data/ , its in /var/www/owncloud/data/ .. its owned by www-data www-data with  drwxr-xr-x
<g0tcha> i want to keep the same permission but add access to user 'gotcha'
<RobCWDudley> ok does www-data need write perms?
<g0tcha> RobCWDudley, owncloud says the ownership of the folder should have full access to run php as owner so it sets the apache user for it
<RobCWDudley> g0tcha: ok well a folder can only have one owner so you can't keep those perms and add access to another
<RobCWDudley> g0tcha: you need to add write perms to the group and add your new user to that group
<RobCWDudley> eg chmod 775 /var/www/owncloud/data
<RobCWDudley> g0tcha: and adduser gotcha www-data
<g0tcha> chmod 775 doesnt make it less secure by any chance?
<RobCWDudley> g0tcha: only to the group level. Gives Owner and Group RWX perms. World still has RX
<mardraum> it's already able to be written by the main attack vector, your web server :P
<RobCWDudley> ^
<g0tcha> so what youre saying is giving ownership to the apache user is vulnerable?
<mardraum> of course
<g0tcha> i thought its the best way of doing it :p
<mardraum> best of a bad lot?
<RobCWDudley> only if you a) don't have updated apache or b) have vulnerable scripts accesible from the web
<RobCWDudley> b) is much more likely tbh
<mardraum> yeah b) is 99% of it
<RobCWDudley> and if you're worried then that's why things like Chroot exist
<RobCWDudley> but still not 100% secure
<g0tcha> i believe nothing is 100% secure, but i also believe that someone should do their best to make it atleast 99% secure
<g0tcha> and those scripts youre talking about could be some WordPress plugin or anything like that, am i right?
<RobCWDudley> g0tcha: absolutely
<g0tcha> ouch
<RobCWDudley> of courze wordpress will work fine with no write to the web directory
<g0tcha> yeah ofcourse.. just an example
<RobCWDudley> but you lose a lot of handy stuff - auto update, plugin & theme install and caching get's trcky
<zul> jdstrand:  ping ufw question for you
<jdstrand> zul: fire away
<zul> jdstrand:  so apache-2.2-common has gone away in saucy mind if i stick things in /etc/ufw/applications.d/apache2/
<jdstrand> /etc/ufw/applications.d/apache2/? you mean /etc/ufw/applications.d/apache2?
<zul> yes
<jdstrand> zul: sure, that's fine
<zul> jdstrand: cool just checking
<jdstrand> zul: thanks
<zul> jamespage/roaksoax: https://code.launchpad.net/~zulcss/swift/swift-1.9.0/+merge/172597
<jamespage> zul, +1
<zul> jamespage:  thanks
<jamespage> zul, np - lets get that uploaded to havana staging ASAP as well.
<zul> jamespage:  ack
<FuzzyThor> Hello, I'm trying to setup auto screen with ssh login for my ubuntu server using http://taint.org/wk/RemoteLoginAutoScreen an when ever i input the code at the end of the bash file i always get a syntax error
<FuzzyThor> I dont know what im doing wrong
<FuzzyThor> Can someone shed some light on this?
<zul> jamespage:  http://people.canonical.com/~chucks/ca/
<jamespage> zul, just spotted "Nump" but that was an earlier change
<zul> jamespage:  heh
<adam_g> jamespage, havana is in a tough spot atm since a bump to kombu > 2.4.7 last week
<jamespage> adam_g, upstream bump right?
<adam_g> jamespage, yea
<jamespage> adam_g, was that post h1?
<jamespage> i.e. is what's in staging OK whilst we fix that up
<adam_g> jamespage, ya. wasn't sure if you meant you wanted to get h1 out to updates or to resync staging with more recent first
<jamespage> adam_g, first option (h1->updates)
<stevePage129> 12:04:13 PM - stevePage129: need help with setting up a cluster server / high availability / NFS / etc, post is on askubuntu, and would appreciate help. thanks guys!
<stevePage129> 12:04:15 PM - stevePage129: http://askubuntu.com/questions/315491/setting-up-cluster-configuration-using-an-existing-web-server-as-a-primary-node
<adam_g> jamespage, ah, ok. running a smoke from -staging now to see whats what.
<jamespage> adam_g, thanks v much
<centaur5> I want to setup my 1st HA cluster. Anybody have an opinion on best storage options and why? GlusterFS, corosync, or pacemaker?
<adam_g> zul, jamespage https://code.launchpad.net/~gandelman-a/ubuntu/saucy/cinder/anyjson_min/+merge/172455 + http://people.canonical.com/~agandelman/ca/havana/python-anyjson_0.3.3-1~cloud0/ if you get a sec
<zul> adam_:  +1/+1
<jamespage> adam_g, just as an aside - you don't need to bump the package version number if the branch is still marked as UNRELEASED
<adam_g> jamespage, ah, ya. 'dch -i'
<jamespage> adam_g, dch -t is the trick
<adam_g> ty
<jamespage> for team stuff
<jamespage> yolanda, ipxe fix uploaded - thanks!
<yolanda> great!
<roasted> hello friends
<roasted> I have an SSD that is throwing tons of I/O errors. I'm pulling an image from it now to put on another SSD, but the disks utility is showing me that, so far, 45 MB of data is unreadable and replaced by zeros. Is there any way to match up what areas are unreadable and what data resides there? I'm betting no, but, figured I'd ask in case anybody has any tricks.
<ogra_> hallyn, poke
<ogra_> Setting up lxc (0.9.0-0ubuntu16) ...
<ogra_> chfn: PAM: System error
<ogra_> adduser: `/usr/bin/chfn -f LXC dnsmasq lxc-dnsmasq' returned error code 1. Exiting.
<ogra_> dpkg: error processing lxc (--configure):
<ogra_> hallyn, did you ever encounter something like the above ? (thats inside a chroot)
<hallyn> ogra_: jikes.  no.
<hallyn> ogra_: what does /var/log/dpkg.term.log or wahtever show?  any actual error from the chfn ?
<ogra_> hallyn, well, hard to tell, thats during a package build
<hallyn> what the...  why is package build doing that?
<ogra_> it is a kind of weird setup ... it is a scritp inside a source package that debootstraps  a fakechroot, installs a few packages and then runs update-initramfs
<ogra_> ubuntu-touch-generic-initrd
<roasted> any opinion of using swap on an SSD for a server?
<ogra_> my last change added a package to the packages installed inside the chroot that depends on lxc
<stevePage129> cluster/NFS/HA question (any help would be greatly appreciated....): http://askubuntu.com/questions/315491/setting-up-cluster-configuration-using-an-existing-web-server-as-a-primary-node
<hallyn> ogra_: it looks like it's missing some quotes around "LXC dnsmasq"
<hallyn> lemem check the saucy source
<hallyn> ogra_: so that's coming out of lxc.postinst.  package build should nto be doing that
<ogra_> hallyn, i wonder if the lxc.postinst probably just needs single quotes
<ogra_> on the other hand there is a "PAM: System error" above
<hallyn> ogra_: but why is postinst being executed during package build?
<hallyn> yeah
<hallyn> something's messed up
<ogra_> it is executed inside the fakechroot i use for building
<ogra_> not during package build
<hallyn> oh, well the PAM error may just be from a hook at chfn
<ogra_> lxc is simply installed as a dep
<hallyn> 16:48 < ogra_> hallyn, well, hard to tell, thats during a package build
<hallyn> oh i see
<ogra_> right
<hallyn> gotcha
<hallyn> ok lemme try building and see what i get <shrug>
<hallyn> oh, do you have a custom pam stack?
<ogra_> note that this is armhf only
<ogra_> nope
<ogra_> all i do is: debootstrap under fakechroot ... then chroot into that and apt-get install three packages
<ogra_> run update-initramfs and then dpkg collects the resulting initrd from inside of the chroot
<hallyn> ok, i'll try building on arm too (but amd64 first - who nows i may have effed it up)
<ogra_> lxc is simply pulled in as dep of one of the three
<hallyn> note the same should be true of libvirt which does the exact same thing
<ogra_> well, the only thing that comes to mind is the space in the gecos data ... the error doesnt really look like the quotes are respected at all
<hallyn> agreed
<hallyn> but i don't see why ' would be respected if " was not
<hallyn> it soudns to me like some script is doing the wrong thing
<ogra_> ' are always higher level than "
<hallyn> they prevent expansion of variables inside them, but we're talking about something else not respecting them...
<ogra_> yeah
<ogra_>           my($gecos_name,$gecos_room,$gecos_work,$gecos_home,$gecos_other)
<ogra_>             = split(/,/,$gecos);
<ogra_> thats what adduser uses internally t call chfn
<ogra_> *to
<cyberjose> Hi to all
<cyberjose> i have a question ...
<cyberjose> Anyone know how to put confirmation when replacing files in ubuntu server?
<Pici> cyberjose: During what sort of operation?
<cyberjose> Hi Pici, yes, for example when i replace a file "cp file1 file2" .. cp: overwrite `file2'?
<cyberjose> in ubuntu server only be replaced without any confirmation
<cyberjose> in ubuntu server I do not see "cp: overwrite 'file' ?"
<cyberjose> and in red hat is usuary see that confirmation
<sarnold> cyberjose: use cp -i instead
<cyberjose> ohh... i want to test
<sarnold> cyberjose: cp -i /etc/passwd /tmp  ; cp -i /etc/passwd /tmp
<cyberjose> THANK YOUUUUUUUUUUUUUU
<cyberjose> :-)
<sarnold> :)
<hallyn> ogra_: I can't reproduce it on amd64 at least.  does stgraber have the same setup you do so he can try?
 * hallyn goes to find his arm laptop
<ogra_> hallyn, i cant reproduce it in a local build either
<ogra_> (on arm)
<ogra_> i just gave back the package ... https://launchpad.net/ubuntu/+source/ubuntu-touch-generic-initrd/0.7/+build/4764556 ...
<ogra_> probably it is a byuildd hiccup
<ogra_> *buildd
<hallyn> ok
<ogra_> bah
<ogra_> same error
<stgraber> ogra_: looks like all the chfn calls fail but it's only fatal for lxc
<ogra_> hmm
<stgraber> ogra_: dnsmasq-base's adduser call fails too (a few lines before lxc's)
<ogra_> hmm
<ogra_> auth            sufficient      pam_rootok.so
<ogra_> might be that
<ogra_> (from /etc/pam.d/chfn)
<ogra_> i'm running under fakechroot inside a builder chroot
<ogra_> i dont really get why i cant reproduce it alt all
<roasted> Hello friends. Problem with Ubuntu Server 12.04.2. When I log into it via CLI @ main screen, it just loops back to login. Is this a home dir issue?
<sarnold> roasted: probably a lot of things can lead to this. can you log in via ssh and look through logs?
<roasted> sarnold: I can't SSH at the moment to it. I p ulled the SSD out of it to take with me and run a full scan on my laptop as I'm on the go today. The scan failed so I did an image backup and deployed it to an identical unused SSD I had available.
<roasted> sarnold: then I found a spare desktop, put it in, fired it up, and here we are.
<sarnold> roasted: ah, so you could mount the thing from another machine and check logs that way?
<roasted> sarnold: good call. Let me try that
<roasted>  sarnold there's nothing in the syslog beyond 4 hours ago.
<roasted> earlier than 4 hours ago, I should say
<sarnold> roasted: -nothing-? o_O
<roasted> not in /var/log/syslog
<roasted> my SSD was dying, mind you
<roasted> the image pull left out 108 MB of unreadable data and replaced it with 0's
<sarnold> /var/log/auth.log ?
<sarnold> roasted: ouww :(
<roasted> but I deployed it anyway on the off-chance that maybe it would work
<roasted> it was one of those 'why not' things
<sarnold> hehe
<roasted> authlog stops around the same time syslog did
<roasted> me thinks I might be burned to do a fresh install :(
<roasted> I cannot put into words how little interest I have in doing that.
<roasted> I thought maybe my home dir got messed up
<roasted> and I'd have to recopy skel or something
<roasted> but maybe that's just on the regular GUI variants of distros
<rbasak> hallyn: is there an easy way I can, from the host, run a command in an already-running system lxc container? Or do I have to go the route of arranging something over ssh or similar?
<rbasak> hallyn: nm. I found lxc-attach.
<roasted> sarnold: can you think of any reason as to why the login would fail? I'm at a loss.
<sarnold> roasted: locked account in /etc/shadow, missing account in /etc/shadow or /etc/passwd, non-executable shell in /etc/passwd, one of the shell's dynamic libraries fails to load at link time, shell .rc files exit rather than continuing on, apparmor MAC rules may be confining shell or getty or pam_apparmor could be invoked in the PAM stack...
<sarnold> roasted: perhaps home directory missing or incorrect permissions, but that seems less likely
<roasted> home dir is intact, but I cannot tell permissions from my laptop
<sarnold> oh, if the filesystem is busted, a process trying to traverse directories and open files might cause the kernel to kill the process in the event of kernel crash..
<roasted> I'm in root recovery. Things look good on the home dir front.
<tdn> I need help debugging NFSv4. I have created some exports on the server. I can see the mounts on the client using showmount -e. When I try to mount shares, however, it just hangs on the client. I mount with: mount.nfs4 corvina:/exports/video /net/video    I have disabled firewall. I do not see anything in the logs. What to do next?
<adam_g> jamespage, b1 in havana-staging is a bit roughg
<adam_g> *rough
<roasted> sarnold: I see at 9:48 AM this morning an entry says Kernel logging (proc) stopped.
<sarnold> roasted: machine shutdown? or .. otherwise?
<hallyn> rbasak: ack
<roasted> sarnold: at 9:48 AM this morning the system was running. That could be when the SSD began crapping out again.
<roasted> sarnold: I didn't pull the drive until about 11 AM
<adam_g> jamespage, deployment fails on install-errors on keystone and nova. keystone packaging issue addressed since b1, this addresses the nova: https://code.launchpad.net/~gandelman-a/ubuntu/saucy/nova/pyparsing_min/+merge/172639
<adam_g> zul, ^
<adam_g> not sure if it makes sense to retroactively fix whats in -staging now, or press on trying to get -staging updated with something more recent
<zul> adam_: i think it makes more sense getting ready for havana2 rather than havana1
<adam_g> zul, ya. so whats the plan with kombu
<zul> adam_:  well i uploade da new py-amqp this morning, get that reviewed by an archive admin, then get the MIR, promote it, and upload a new kombu
<zul> adam_:  sound good?
<adam_g> zul, ah, cool
<adam_g> zul, when does h2 come?
<zul> adam_:  next week i think
<adam_g> zul, is that enough time?
<zul> adam_:  yeah
<adam_g> or do we patch requirements.txt?
<zul> adam_:  it will be enough ill make sure of it
<zul> actually havana2 is on the 18th
<adam_g> zul, im going to propose a patch to requirements.txt so we can continue testing havana. its totally busted without, until kombu is updated
<zul> adam_:  ack sounds good
<adam_g> jamespage, thoughts on setting up tarmac to land approved changes to packaging branches? we'd need to get the bot commit access to the lp:~ubuntu-server-dev branches
<zul> bbl
<zul> adam_:  do it
<Chocobo> would anyone mind taking a look at my bootchart?  It seems like each node in my cluster takes forever to boot but I am having a hard time nailing down the service that is slowing it down:  http://i.imgur.com/fi9Pd4r.png  (warning, large image!)
<G55321> hello guys, anyone familiar with NewRelic monitoring? I am trying to monitor a tomcat application but I have no idea where to put the files
<adam_g> jdstrand, heya, around?
<jdstrand> adam_g: hey, for a few minutes. what's up?
<adam_g> jdstrand, nothin urgent just wondering if there was anything that needed to be done to progress https://bugs.launchpad.net/ubuntu/+source/python-markdown/+bug/1187191
<jdstrand> pinging me wsa good. I'll get someone (me or someone else) on it
<adam_g> jdstrand, oh, cool. :)
<wxl> quick question. does the installer install the basic ubuntu server task and then run tasksel for additional packages or will installation necessarily result in having lamp?
<sarnold> wxl: installation gets you very little by default; you can install what you need with apt-get install or tasksel as you wish
<sarnold> wxl: if you're automating many installs, preseed files let you specify additional packages to include
<wxl> danke sarnold
<wxl> i don't want much to begin with :)
<sarnold> :)
<wxl> is networking handled automatically or will i need to set it up?
<sarnold> wxl: iirc, you get asked for dhcp vs manual configuration, and it's left at that.
<wxl> sarnold: great, thanks a ton!
<sarnold> wxl: have fun :)
<r0tha> this could do more harm than good but I'm trying to figure out what happened.  1) installed xen 2) didn't really utilize it 3) added static IP entry in /etc/network/interfaces
<r0tha> 4) restarted networking 5) nothing changed (assume arp was kept around) 6) rebooted box got static IP
<r0tha> the strange part was that when I tried to use domain names rather than IP addresses I got hanging i.e ping google.com had no response but ping 8.8.8.8 worked as expected....anyone seen this before?
<sarnold> r0tha: check the resolvers in /etc/resolv.conf and make sure you can reach them -- perhaps your gateway, netmask, or default route is misconfigured
<r0tha> *after removing the virtual bridge / xen-tools everything "magically started working"
<r0tha> sarnold: before I restarted this had 8.8.8.8
<r0tha> i might have to just charge this to the game and read more docs meh
<sarnold> can't go wrong with reading more docs, hehe :)
<sarnold> but it would seem funny to me if you could ping your resolver but not actually resolve hosts with the resolver..
<r0tha> aha, dns-nameservers would be hella important for eth0
<r0tha> ha, that's totally it if i remove it and restart networking i see similar behavior
<r0tha> although this time ping says "unknown host"  instead of just hanging
#ubuntu-server 2013-07-03
<roasted> hello friends
<roasted> Question - using mysql as an example, when I install it, I get a password prompt. If I uninstall and reinstall, I get nothing. How do I 100% reinstall the package so I get a password prompt like the initial install?
<sarnold> roasted: try apt-get purge mysql-whatever before installing it
<sarnold> roasted: dpkg --remove removes most of the files, but leaves configuration files around. dpkg --purge removes the configuration files, too. apt-get purge uses the more forceful of the two methods..
<stevePage129> for some reason my brand new VPS in which i havent installed or setup anything hands everytime apt-get install anything on UNPACKING. disk IO write times included in post (but they seem like they check out...) http://askubuntu.com/questions/315672/ubuntu-vps-hangs-constantly-when-unpacking-anything-apt-get-or-dpkg-hangs
<stevePage129> any help would be greatly apprecaited
<stevePage129> hangs*
<roasted> sarnold: I did do a purge... but reinstalling and dpkg-reconfigure does nothing :/
<sarnold> stevePage129: your diskspeed test file is way too small, it might not have even hit disk yet...
<sarnold> stevePage129: also, the upacking and man-db operations work on thousands of small files, not one huge file -- perhaps the filesystem is mounted strictatime, and every little access dirties inodes...
<sarnold> roasted: oh. Maybe I mis-understood which password prompt. I assumed it was something specific to mysql's configuration .. is it the sudo password prompt?
<roasted> sarnold: it's where it asks for the root mysql password 2x.
<sarnold> roasted: aw nuts, then I did understand :) but now I don't know.
<roasted> sarnold: I nuked mysql thinking I'd want to use sqlite for owncloud, but then I found my mysql config I used before, so... I wanted to use that instead.
<sarnold> hehe
<roasted> but now when I try to fire up mysql-server it doesn't ask me for a password
<roasted> tried apt-get remove, apt-get purge, apt-get autoremove, then reinstalled
<roasted> no dice
<stevePage129> sarnold: any suggestion as to a command, or a method of which i could use to, say, test the NFS which my VPS host is using, in order to test for issues and or bottle necks? im seriously having issues just getting the initial software (lamp, webmin, etc) setup for using my new VPS. the idea was to move from shared hosting to VPS to get better performance, not worse. this isnt normal for VPSs is it?
<sarnold> roasted: does /etc/mysql/my.cnf survive the apt-get purge mysql-whatever ?
<sarnold> roasted: note that /etc/mysql/my.cnf is owned by mysql-common, are you purging that package, too?
<sarnold> stevePage129: it depends heavily upon a -lot- of factors. amazon's micro tier has severely penalized IO; bursts go quickly, but sustained IO is heavily penalized. installing an OS on a micro instance can take forever.
<roasted> sarnold: trying that now
<roasted> sarnold: my.cnf isn't around after the purge
<roasted> I assume at this point I should expect an install to work?
<sarnold> roasted: I'd hope so :)
<roasted> ah bingo!
<roasted> you rock
<sarnold> sorry it took me ages to notice the -common package.
<roasted> ha, all good
<roasted> it's done :P
<sarnold> :D
<sarnold> stevePage129: maybe soe cheap tests like timing: for i in `seq -w 1 10000` ; do echo $i > foo_${i} ; done   ... that'll generate a huge pile of tiny files...
<roasted> sarnold: out of curiosity, how did you catch that -common was relevant?
<stevePage129> sarnold: i suppose this is a little specific.. but have you ever heard of cinfu.com? i originally moved from GoDaddy's shared hosting becaused they were dropping my connections all the time when transferring files over 25 mb. now i have purchased a VPS, i am having trouble simply setting up the host operating systems software (IO issues?). i really dont have to get a dedicated server just to get something that responds grac
<stevePage129> sarnold: trying that now
<stevePage129> well, will look into those commands some
<sarnold> roasted: I ran 'apt-file search my.cnf" to find the full path to the file, and noticed then that the mysql-common package owned it
<roasted> sarnold: next question would be how you knew my.cnf was relevant?
<sarnold> roasted: I figured that mysql probably stored the root password there..
<sarnold> stevePage129: irc has line length limits; you were cut off at "responds grac"
<sarnold> .. which isn't a very graceful way for irc to respond. hehe. :)
<stevePage129> sarnold: sorry about that, using some cheapskate client
<sarnold> stevePage129: hehehe
<stevePage129> sarnold:  really dont have to get a dedicated server just to get something that responds gracefully do i? (you dont have to answer that ^.^)
<sarnold> stevePage129: I'd really hope vps is sufficient, it is the direction industry is headed..
<stevePage129> sarnold: indeed. like for example, i ran sudo apt-get update/upgrade to satisfy several updates which SSH and ubuntu were complaining about. this took almost 2 hours, and i still do not know if it ever finished (machine went to sleep while i was napping connection was lost...)
<sarnold> stevePage129: oh jeeeeeeze
<sarnold> stevePage129: I'd say to install screen or tmux, but I'm afraid how long that would take
<stevePage129> sarnold: will read more up on those now
<stevePage129> host wanted to try moving me to another node, but i wanted to make sure there was nothing i could do first
<stevePage129> if i cant get this working, im going to have to go crawling back to godaddy... lol
<sarnold> stevePage129: take them up on that offer. it ought to be quick..
<sarnold> stevePage129: okay, I signed back into my amazon control panel, created a new micro instance, installed 12.04.2 LTS onto it, and I'm timing an upgrade now...
<sarnold> stevePage129: real	1m49.057s
<stevePage129> sarnold: thank you, thank you
<stevePage129> sarnold: ...
<sarnold> stevePage129: that was for 71 megabytes of downloads, 48 upgraded, 3 newly installed
<stevePage129> yeah, something isnt right
<sarnold> stevePage129: that's an amazon US micro instance. (it went faster than I expected)
<sarnold> stevePage129: so make sure what you're paying for can come close.
<sarnold> time for dinner :)
<stevePage129> sarnold: paying for a VPS with dual core 2ghz, 1 gb ram
<stevePage129> 100 mbit connection
<stevePage129> and no bandiwtdh monitoring :@
<stevePage129> ty very much tho
<centaur5> I want to setup my 1st HA cluster. Anybody have an opinion on best storage options? GlusterFS, corosync, or pacemaker?
<roasted> hi
<sarnold> ay
<roasted> hi
<roasted> I have a really, raelly dumb question
<roasted> www-data is the "webserver user" of apache, no?
<roasted> I'm getting an error from owncloud saying the webserver user needs write access to the apps dir within owncloud, and www-data has rwx perms but I still get the error.
<roasted> failing to see what it's crapping itself over.
<sarnold> roasted: how about the containing directories?
<roasted> the dir above apps?
<sarnold> yeah
<roasted> rwx
<roasted> ah wait
<roasted> I just spotted something in their config that's still pointing to /var/www
<roasted> I changed that
<sarnold> aha :)
<roasted> nice, now I have a blank white screen
<roasted> quick, stab me
<shauno> dr. plum, in the dining room, with the error.log
<roasted> NO WORRIES. WE GOT THIS.
<roasted> I guess I shouldn't have jumped the gun and also changed the sqlite3 entry to mysql
<roasted> I'm using mysql, so, no idea why that is
<roasted> but changing back to sqlite3 worked
<roasted> ty shauno. picked that up in the error.log
<roasted> I really need to not do this crap when I'm in a tired coma...
<shauno> if it's any consolation, you've got me wondering if I ever moved mine off sqlite too
<roasted> with owncloud?
<shauno> yeah
<roasted> yeah if I swithced mine to mysql it crapped itself
<roasted> but back on sqlite3 it's fine
<roasted> yet I'm actually using mysql AS my db....
<roasted> maybe I'm not understanding something, but whatever. It works, so...
<RustyShackleford> so I installed noip2 from noip's website
<RustyShackleford> how do I set it to run at boot?
<RustyShackleford> (ubuntu server 13.04)
<sarnold> RustyShackleford: you've got a few options..
<sarnold> RustyShackleford: if they provided a sysv initscript, you can drop the file into /etc/init.d/ and make the /etc/rc*.d/ symlinks
<sarnold> RustyShackleford: or you can call a program from /etc/rc.local
<sarnold> RustyShackleford: or you can use the @reboot cron specifier if you want to run it as a user accout..
<RustyShackleford> the other thing that's nagging me: can I force comcast to renew my IP
<RustyShackleford> i'd like to test and make sure this works
<sarnold> RustyShackleford: I've had the same comcast IP for years.. I'm pretty sure I've 'release' on the router with no effect
<RustyShackleford> interesting. I haven't really paid attention, so I can't say
<RustyShackleford> sarnold, does it matter what I name the initscript?
<sarnold> RustyShackleford: no
<RustyShackleford> the readme made it seem like it was important
<sarnold> the name matters a lot in the /etc/rc?.d/ directories
<sarnold> Sxxwhatever and Kxxwhatever, where xx are digits..
<RustyShackleford> sarnold, could you explain or tell me what to google?
<sarnold> RustyShackleford: well...
<RustyShackleford> it seems like the numbers correspond to runtime levels?
<RustyShackleford> idk, i"m just guessing
<sarnold> RustyShackleford: you could also write an upstart conf file. that might be a bit more work if the project supplied a sysvinit script, but it'll be much less work if they didn't..
<sarnold> RustyShackleford: .. and upstart is significantly easier to configure than the sysv initscripts
<RustyShackleford> an initscript is written in bash?
<sarnold> RustyShackleford: more usually, sh
<RustyShackleford> they did provide something which I can place in /etc/init.d/rcX.d
<RustyShackleford> what is X?
<RustyShackleford> or how do I find out
<sarnold> RustyShackleford: here's some information writing an upstart configuration: http://upstart.ubuntu.com/cookbook/#concepts-and-terminology
<RustyShackleford> from the readme: "Where the 'X' in rcX.d is the value obtained by running the
<RustyShackleford> following command
<RustyShackleford>         grep initdefault /etc/inittab | awk -F: '{print $2}'
<RustyShackleford> "
<RustyShackleford> sorry, forgot about the newlines
<sarnold> RustyShackleford: in those cases, X -is- runlevel; back in the old days, it was 1 for single user, 3 for multiuser, 5 for multiuser with graphics, 0 for rebooting...
<sarnold> wow, I'm forgetting the levels. acheivement unlocked! :)
<RustyShackleford> i've never had to deal with runlevels
<RustyShackleford> i started with ubuntu 7.10
<sarnold> RustyShackleford: so you'd put symlinks into whichever directories you wanted the service to start and stop on -- in case you wanted it running only when graphics were up, and shut down when going down to 2 ...
<sarnold> RustyShackleford: update-rc.d can help manage all those scripts. but I detest it's manpage. :)
<RustyShackleford> it's a headless server
<sarnold> RustyShackleford: ooh, check out the sysv-rc-conf package. it looks nicer than update-rc.d
<RustyShackleford> i had to install this package manually ("make install")
<RustyShackleford> so I'm not usre this will work
<sarnold> RustyShackleford: try: update-rc.d -n defaults <name of the file in /etc/init.d/>
<sarnold> RustyShackleford: if the output looks good, leave off the -n and re-run..
<RustyShackleford> so just drop it in /etc/init.d/ and not /etc/init.d/rcX.d/
<sarnold> RustyShackleford: right; the /etc/rcX.d/ directories are for the S and K symlinks
<RustyShackleford> output looks good
<RustyShackleford> restarting the server and crossing my fingers
<sarnold> RustyShackleford: did you re-run without the -n ? :)
<RustyShackleford> oh I saw a command on stackoverflow
<RustyShackleford> it didn't include the -n flag
<sarnold> aha, good
<RustyShackleford> did I need to run with -n first?
<sarnold> no
<sarnold> many commands include an -n or --dry-run option to show you what they will do
<sarnold> I'm paranoid and like to see what will happen before running it :)
<RustyShackleford> didn't know that. it does seem useful
<RustyShackleford> unfortunately it doesn't seem to work
<sarnold> RustyShackleford: any error messages in the log files?
<sarnold> RustyShackleford: what permissions are on the script file in /etc/init.d/ ?
<RustyShackleford> yeah I think it might have been permissions
<RustyShackleford> if I start the script manually it works
<RustyShackleford> after setting permissions to 755
<RustyShackleford> sarnold, yep it works
<RustyShackleford> thank you so much
<sarnold> RustyShackleford: woo :)
<RustyShackleford> playing around with servers is fun
<RustyShackleford> but a major timesink
<sarnold> RustyShackleford: too true
<sarnold> it'll get more fun
<sarnold> and ... well, always a timesink :)
<RustyShackleford> does ubuntu server upgrade from version to version well?
<ScottK> Yes.
<RustyShackleford> the desktop version seems less reliable. I usually just wipe and start clean
<ScottK> I run Kubuntu for desktop, so I don't know.
<ScottK> That's reliable enough on upgrade.
<arooni-mobile> my dns resolutoin was messed up on ubuntu; so i edited /etc/resolv.con and put in name severs. but at top of file says: "# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)"  so was i not supposed to fix it that way?
<ScottK> I've got a server that's been upgraded since gutsy.
<sarnold> RustyShackleford: I've upgraded machines half-dozen times.. on the desktop side, worst was that unity forgot focus-follows-mouse and auto-raise settings -- but a few releases ago, it did that once every few weeks anyway
<sarnold> RustyShackleford: I'd done machines through seven or eight years of debian, before ubuntu, without troubles..
<RustyShackleford> i chose ubuntu because I'm more familiar with packages etc.
<sarnold> arooni-mobile: depends. :) If you knew what you were doing, that might be the perfect solution...
<RustyShackleford> Seems like debian is more popular for servers. #linux didn't care much for my choice of server OS
<ScottK> IIRC, the only time I've had a server upgrade problem was once when I knew I was trying something studip.
<sarnold> arooni-mobile: but it'll be overwritten next time dhcp brings an interface up or down, so it might not last long
<sarnold> ScottK: hehe :)
<ScottK> One of the main reasons to run Ubuntu over Debian is the security hardening features built into Ubuntu.
<sarnold> arooni-mobile: so perhaps your edits shold be made to /etc/network/interfaces, or /etc/resolvconf/resolv.conf.d/head
<ScottK> The gap narrowed significantly with the release of Wheezy, but Ubuntu is still ahead.
<RustyShackleford> I just like that there is a Java ppa
<RustyShackleford> etc.
<arooni-mobile> my name resolution on my server got royally messed up
<arooni-mobile> so i want to make theses resolutions permenent
<RustyShackleford> certain proprietary things are hard to install on debian. I dislike "make install"
<ScottK> arooni-mobile: /etc/network/interfaces is where I'd put it.
<arooni-mobile> ScottK, so i jsut drop in exactly whati put in /etc/resolv.conf?
<arooni-mobile> there
<arooni-mobile> ?
<ScottK> What did you put in resolv.conf?
<sarnold> arooni-mobile: no, the format is different, it'd be best to read the interfaces(5) manpage for full details
<ScottK> sarnold: Thanks.
<arooni-mobile> just nameserver stuff
 * ScottK has never messed with resolv.conf directly.
 * ScottK can't figure out why it's even installed on a server with static IP?
<arooni-mobile> how else would domain names get resolved
<arooni-mobile> i mean when you need to dl updates etc
<ScottK> I always just put the information in /etc/network/interfaces.
<jamespage> morning folks!
<feisar_> morning
<caribou> people: is Memory leaks in rabbitmq-server a thing of common knowledge ?
<caribou> I was able to fill up memory of a Raring 2Gb vm overnight with a simple message passing program
<caribou> it seems to be even more severe on Precise
<jamespage> Daviey, smb: iscsitarget dkms fixed up for 3.10
<smb> jamespage, cool
<koolhead17> hi all
<jamespage> Daviey, did you get anywhere with go in backports yesterday?
<Daviey> jamespage: Sort of.
<jamespage> Daviey, fyi I'm looking at the 1.1.1 version thats currently in debian NEW
<Daviey> jamespage: We do need to dig out specific reasons why the juju-core team need a newer golang toolchain
<jamespage> Daviey, they don't need it - the 1.0.x series should be sufficient
<jamespage> but thats not in precise which is the challenge
<jamespage> 1.1.1 is preferred and has ARM support unlike 1.0.x which is probably a valid reason to support it
<Daviey> jamespage: 2:1-5 is in precise.. Do we know why that is no good?
<Daviey> also.. they were pretty keen to bump the epoch :/
<jamespage> Daviey, hmm
<jamespage> Daviey, I can't help but think that requested a MRE for a point release on a series no longer supported upstream is stupid
<Daviey> jamespage: Hmm, can you give more details?
<Daviey> jamespage: We need to write all this up..
<jamespage> zul, adam_g, roaksoax_: so - zul has been working on getting the newer version of kombu into the archive
<zul> jamespage:  so amqp got uploaded yesterday im in the middle of doing the MIR
<jamespage> follow on question is really around rabbitmq - should we provide a CA backport for havana on 3.1.x as in saucy?
<jamespage> specifically to support non-shared storage active/active deployments
<jamespage> Daviey, still comtemplating
<jamespage> contemplating rather
<zul> jamespage:  do we need to backport erlang as well?
<jamespage> no idea
<zul> +1 if we dont have to backport erlang for it, -1 if we do
<jamespage> tbh the erlang backport is probably zero cost
<jamespage> I've done the merges for the last few cycles and its pretty much no-op
<zul> sure merges can be different from backports though (subunit comes to mind)
<zul> jamespage/roaksoax/Daviey: https://bugs.launchpad.net/ubuntu/+source/python-amqp/+bug/1197390
<zul> amqp MIR
<jamespage> zul, I think erlang in 12.04 is probably still OK
<zul> jamespage:  +1 from me then
<zul> jamespage:  did you +1 swift for the CA yesterday/
<jamespage> zul, probably - lemme +1 it again  - URL?
<zul> http://people.canonical.com/~chucks/ca/
<jamespage> zul: +1
<zul> jamespage:  thanks
<Duologic> I have a Ubuntu server "precise" with Samba 3.6.3 running, is it safe to add quantal repositories to apt sources to upgrade to Samba 3.6.6? or at least, will it work?
<sadiq_> No such process quotaon: Quota format not supported in kernel.  ? any idea ubuntu 12.04.1
<sadiq_> Quota format not supported in kernel.  ? any idea ubuntu 12.04.1
<genii> sadiq_: You could try loading the modules quota_v2 and quota_v1
<sadiq_> how to load them
<sadiq_> thanks for your reply
<genii> sadiq_: sudo modprobe quota_v2 && sudo modprobe quota_v1   ...for instance
<sadiq_> hi
<ndee> hi there, I created a jail for a user and want to mount --bind a directory into his home. How can achieve that the mount will be available after a reboot?
<feisar_> ndee: I haven't created a chroot jail before but assuming it's the same as any other mount then you need to put it in /etc/fstab
<ndee> feisar_, ok
<feisar_> the syntax is a little different from mounting on the command line so check out the fstab man
<ndee> feisar_, I checked the man mount and there was the entry too, but thanks :)
<feisar_> so you have an entry in /etc/fstab but it isn't working?
<ndee> feisar_, I can't test it since I don't want to reboot the server ;)
<ndee> but I added the entry and I will check the next time the server reboots, hope that will be some years from now ;)
<feisar_> you can $ sudo mount -a to test
<feisar_> $sudo mount -a
<ndee> sweetness, it works. Thanks feisar_ !
<feisar_> no probs : )
<feisar_> there's always a way to do it on Linux without rebooting ; )
<ndee> feisar_, true :) it's just about finding the way :)
<psivaa> hello, i have been having an issue with most of our server smoke tests today: Unable to ping the VMs from the host
<psivaa> dhclient: execve (/sbin/dhclient-script, ...): Permission denied is shown in syslog
<psivaa> http://pastebin.ubuntu.com/5840606/ contains more logs.
<psivaa> hallyn: jamespage: would you be able to shed some light pls?
<hallyn> psivaa: can you ping the vms from the host by ip addrses?
<psivaa> hallyn: there is no ipv4 address allocated to the concerned VMs
<psivaa> hallyn: everything works ok until installation and the issue comes up only when the VM's gets rebooted after the install
<hallyn> psivaa: oh, i see.  so dnsmasq is broken on the host.  what does ps -ef | grep dnsmasq show?
<psivaa> hallyn: http://pastebin.ubuntu.com/5840697/ on the host
<hallyn> psivaa: ls -l /sbin/dhclient-script
<psivaa> hallyn: -rwxr-xr-x 1 root root 13005 Nov  7  2012 /sbin/dhclient-script
<psivaa> hallyn: the file has the same permissions in the VMs as well
<hallyn> psivaa: head -3 /sbin/dhclient-script
<psivaa> hally:
<psivaa> #!/bin/bash
<psivaa> # Explicitly set the PATH to that of ENV_SUPATH in /etc/login.defs and unset
<psivaa> # various other variables. We need to do this so /sbin/dhclient cannot abuse
<psivaa> # the environment to escape AppArmor confinement via this script
<psivaa> # (LP: #1045986). This can be removed once AppArmor supports environment
<psivaa> # filtering (LP: #1045985)
<psivaa> hallyn: ^ sorry for the typo :)
<hallyn> psivaa: do you have auditd running on the host?
<hallyn> psivaa: I'm wondering whether there are any apparmor denial messages hidden anywhere
<hallyn> psivaa: please try running "strace -f -ooutout /sbin/dhclient-script" (as root) and pastebin the resulting outout file?
<psivaa> hallyn: auditd does not seem to be running  and the above strace command returns nothing
<hallyn> outout is empty?
<psivaa> hallyn: yes
<hallyn> psivaa: which host?
<psivaa> hallyn: aldebaran
<zul> Daviey:  can you seed python-amqp please https://bugs.launchpad.net/ubuntu/+source/python-amqp/+bug/1197390
<uvirtbot> Launchpad bug 1197390 in python-amqp "[MIR] python-amqp" [High,Fix committed]
<hallyn> psivaa: grep 'DENIED' /var/log/kern.log ?
<psivaa> hallyn: that too ouputs empty
<psivaa> hallyn: i see Jul  3 16:29:56 aldebaran snmpd[3717]: error on subcontainer 'ia_addr' insert (-1) in syslog but i hear that's not too harmful
<psivaa> hallyn: also this issue does not happen always, it's intermittent
<psivaa> hallyn: there is output for grep 'DENIED' /var/log/kern.log in the client VM though,
<psivaa> kernel: [    6.185870] type=1400 audit(1372862341.310:8): apparmor="DENIED" operation="file_perm" parent=509 profile="/sbin/dhclient" name="/bin/bash" pid=517 comm="dhclient" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
<hallyn> psivaa: can you ask sarnold to take a look?  it sounds to me like dhclient isn't allowed to run /bin/bash - it has special allowance for running /sbin/dhclient-script (see /etc/apparmor.d/sbin.dhclient), so i'd expect...
<hallyn> (or jjohansen )
<hallyn> you might just add /bin/bash rx to /etc/apparmor.d/local/sbin.dhclient and see if that fixes it...
<sarnold> psivaa, hallyn, how interesting, my sbin.dhclient has a /etc/dhcp/dhclient-script Uxr, permission -- that script can do anything is wishes..
<hallyn> sarnold: so does his
<hallyn> (at least on the host)
<hallyn> I see, I looked up the Ux semantics, caught the 'cleaned up', but missed the unconfined.  got it
<hallyn> sarnold: but it's /sbin/dhclient-script being run, not /etc/dhcp/dhclient-script,
<hallyn> hm, ahs same thing
<hallyn> *has
<jjohansen> psivaa: do we have a bug to track this?
<psivaa> jjohansen: no i have not open one yet, i could do it in a little while
<theazman> Hey all, quick question. On server 12.04, how do I give a domain account local logon rights?
<psivaa> jjohansen: sarnold: hallyn: reported bug #1197484 for the above issue.
<uvirtbot> Launchpad bug 1197484 in isc-dhcp "Connection requests to saucy server VMs from a precise host fail after fresh VM installs" [Undecided,New] https://launchpad.net/bugs/1197484
<sarnold> psivaa: thanks
<jjohansen> psivaa: okay, thanks
<theazman_> If I try to add the user, it says the user already exists
<psivaa> thank you for your time :)
<theazman_> Anyone?
<wxl> theazman_: ?
<theazman_> How do I give an account local login rights to a 12.04 server
<shollings> erm
<shollings> have you googled that?
<shollings> it's elementary shit, a quick google result would tell you
<theazman> Sorry, some reason my smuxi keeps losing connection to this room. How do I give a domain account login permissions to a 12.04 server without changing the password?
<sarnold> shollings: please don't.
<shollings> sarnold: try and stop me.
<shollings> :)
<Tm_T> shollings: please be helpful when help
<shollings> oh I am. i'm teaching him how to do things himself.  that's the most helpful thing you can do.
<Tm_T> shollings: that's not ubuntu way
<shollings> ubuntu doesn't use google?
<theazman_> Anyone able to help me?
<Tm_T> shollings: we don't tell people to google it, if you don't like to help then just don't
<shollings> Please, feel free to help him.
<theazman> So I think I fixed my ping so I won't keep getting kicked off, how do I give a user login access to a 12.04 server?
<tsimpson> theazman_: unless you lock the account a user can already login, ps your connection is _not_ fixed
<theazman_> tsimpson, yea, I noticed my connection isn't fixed, still working on that. The account is a domain account, but not a local account. I cannot su account name, when I try that it just gives me a prompt again
<Daviey> zul: How about you seed it, and I promote it? :)
<zul> well we dont want it on the cd do we?
<Daviey> zul: Yes, but why do you want it in main?
<zul> Daviey:  its a dependency for kombu
<Daviey> zul: Dependency for kombu...
<Daviey> Right, so - can you upload a kombu that depends on it?
<zul> Daviey:  already did
<Daviey> Oh
<tsimpson> theazman_: then I guess you have to configure PAM to allow logins over the domain then, I have no idea how to do that
<theazman> tsimpson, I'm back for now
<Daviey> zul: ah, so yu did - an hr ago. :)
<zul> Daviey:  https://launchpad.net/ubuntu/+source/kombu/2.5.12-0ubuntu1/+build/4767352
<Daviey> you*
<Daviey> zul: Not yet showing on the mismtach list.
<zul> Daviey:  okies
<tsimpson> theazman: there's a bunch of PAM modules for different authentication mechanisms, search for "libpam" and see what's available to start
<Daviey> zul: done, thanks
<zul> Daviey:  thanks
<MAbeeTT> hi!, We have recently aquired a clone computer for being used as server (AMD FX8120 8 cores, 16G RAM, 2x1Tb HDD)
<MAbeeTT> We want virtualize there, deployment and production tomcat+mysql+tcp-adhoc-protocol, and some future similar scenarios.
<MAbeeTT> I would like to full virtualization and containers inside one (or more) of the VMs.
<MAbeeTT> Is there some gui-like solution for ubuntu server 12.02 LTS?
<MAbeeTT> I have seen openstack, juju, but seems bein some for a "farm
<MAbeeTT> "
<MAbeeTT> thanks.
<sarnold> MAbeeTT: perhaps using virt-manager with kvm is about what you're after
<MAbeeTT> could I make virtual nets also? I mean virtuals NICs "plugged"tu a virtual Switch.
<sarnold> MAbeeTT: juju is pretty slick, you could use it with lxc containers on the host; the nice part is you could scale that out to running services on VMs with a private openstack cloud or maas setup or something, but it wouldn't easily move to just having a second computer with lxc containers in the future...
<sarnold> MAbeeTT: linux provides bridge functionality easily, switches require other tools, last I looked at them I wasn't very impressed with what I saw. I hope they've improved..
<MAbeeTT> ok, via bridges, I know them.
<MAbeeTT> ok. The "impression" I have about juju is that is for huge developments. We are a small  Research group in a university. Now  we use some old computers (Pentium 4, 256/512M).
<MAbeeTT> so, the idea is move, and generate new VMs, but as you can imagine this are not stressed services.
<theazman_> Hey, sorry, no idea what is going on with my connection. In any case, I gave a domain account logon rights to a ubuntu server. When I try to ssh in, the session closes right after it authenticates. What could be causing this?
<sarnold> theazman_: out of curiosity, what is a 'domain account'?
<theazman_> sarnold, an account created on the domain, Windows AD account
<theazman_> Sorry, should have said AD account
<sarnold> theazman_: you can probably find more detailed reasons for the session closing in the log files, /var/log/auth.log would be my first guess..
<theazman_> sarnold, it wasn't showing up in th elogs, I'll look again
<sarnold> theazman_: aha :) which pam modules are you using to do the integration?
<theazman_> sarnold, possibly krb5.so
<theazman_> sarnold, its denying me access to the log
<sarnold> theazman_: can you use sudo or su?
<theazman_> I'm in as root
<theazman_> sarnold, and it shows up blank, and when I do sudo from the admin account, says permission denied
<sarnold> theazman_: .. and you're getting permission denied trying to read the file?
<mnathani> theazman_: have you been rooted?
<theazman_> mnathani, I am under root
<theazman_> sarnold, under root, the log shows up empty
<sarnold> theazman_: mnathani is thinking your system may have a root kit installed
<mnathani> theazman_: I meant is there a virus / malware / rootkit installed on the box
<theazman_> ah, I see
<theazman_> Let me check
<sarnold> theazman_: -crazy-. how about other log files in /var/log ?
<mnathani> compare md5 files for common binaries like ls
<mnathani> *files = sums
<theazman_> sarnold, so auth.log.1 shows up
<theazman_> sarnold, but auth.log shows blank
<sarnold> theazman_: check filesystem free space.
<theazman_> sarnold, the box might need to be rebooted, but that can't be done at this time
<theazman_> sarnold, where do I check that
<sarnold> theazman_: df
<theazman_> mnathani, where do I see the md5 files?
<theazman_> sarnold, the most used is 30% which is /dev/sdal
<theazman_> sarnold, so the logs that show up, the dates stop on Jun 29
<theazman_> sarnold, I think I did an apt-get update and upgrade on that day which might have broken it
<theazman_> sarnold, you still there?
<sarnold> theazman_: hrm. check the .1 log file then, perhaps it's still being used ...
<sarnold> (I'd have expected sshd would close/reopen the log file at log rotate time..)
<theazman_> sarnold, so the auth.log.1 stops on june 29
<sarnold> oh right. sigh.
<theazman_> sarnold, I'm not sure if log rotate is setup
<theazman_> checking on that now
<theazman_> sarnold, it is setup to rotate weekly
<theazman_> sarnold, and syslog is empty, last log in .1 is jun 29 around the same time
<sarnold> theazman_: I wonder if /var was full on jun 29?
<theazman_> sarnold, how do I check that
<theazman_> sarnold, /var doesn't have its own filesystem on here
<sarnold> theazman_: looking through those logs from jun 29 is your best bet, but .. not a very good one.
<sarnold> theazman_: lets try service rsyslog restart -- just a blind, restart the logging service..
<theazman_> sarnold, I had tried that already a bit ago
<theazman_> sarnold, that didn't fix it, I am thinking of doing a restart
<adam_g> zul, any chance at a peak of https://code.launchpad.net/~gandelman-a/ubuntu/saucy/nova/drop_requests_cap/+merge/172709 + https://code.launchpad.net/~gandelman-a/ubuntu/saucy/nova/pyparsing_min/+merge/172639 ?
<zul> adam_g:  done
<adam_g> zul, thanks. i had one for kombu requirement but dropped since thats all together already. nice job
<zul> adam_g:  thanks
<zul> i should have one for ceilometer tomorrow
<adam_g> zul, im going to poke dolph and see if he can cut a new keystoneclient release so cinder and ceilometer arent version capped on their requirement
<theazman_> sarnold, any other ideas?
<zul> adam_g:  cool
<adam_g> zul, also, whats the plan for the neutron rename?
<zul> adam_g:  when its done upstream i already have a branch ready for quantum quantum client not yet
<zul> adam_g: https://code.launchpad.net/~zulcss/neutron/neutron-rename
<adam_g> cool
<theazman_> sarnold, I think I found the problem as to why it wasn't logging
<theazman_> sarnold, apparently I accidently changed the owner of the log to a different user account, I changed it back but it still isn't writing to it
<theazman_> sarnold, got the logs working, so now about getting the account to login?
<sy_> I have a 3TB drive where I have created a raid1 set with disk missing to be added in later however mdadm is reporting 2.1TB, any ideas?
<sy_> There is a single partition on the drive containing the full disk
<theazman_> Anyone able to help me figure out why a user can't ssh into the server?
<sarnold> theazman_: hey, glad to hear you've got the logging sorted out. :) are there any instructive errors in hte logs, now that they work?
<theazman_> sarnold, not really
<theazman_> sarnold, just session opened and then session closed at the same second
<sarnold> theazman_: how about the user's shell? shell startup files?
<theazman_> sarnold, adding those now
<sarnold> theazman_: off to lunch, good luck :)
<theazman_> sarnold, thanks for your help
<theazman_> Anyone able to tell me why an ssh session closes as soon as I authenticate? There is nothing descriptive in the logs.
<anepanaliptos> theazman_: how about scp?
<anepanaliptos> maybe there is something in your bash/login script?
<theazman_> Well, it also doesn't let me su username when I try to su username from root
<theazman_> anepanaliptos, ^
<anepanaliptos> (yeah it seems like it's just me and you here)
<anepanaliptos> got another linux machine someplace?
<anepanaliptos> see if you can scp a file into your home dir, so do..
<theazman_> I have a bunch, its 12.04 server
<anepanaliptos> scp file.ext username@host.ip.whatever:~
<theazman_> Do I do that from terminal?
<anepanaliptos> yeap
<theazman_> What does that do?
<theazman_> I'm also guessing I need to find a valid file?
<anepanaliptos> it copies a file of your choice from the computer you're sitting at to the home directory of the other host
<anepanaliptos> yeah.
<anepanaliptos> just cd into your desktop and send something from there. do you use terminal often? did you know you can use tab for autocomplete?
<theazman_> What account do I want to try that from, root?
<theazman_> Yea, I know about autocomplete
<theazman_> But I'm not by another linux machine atm
<anepanaliptos> doesnt matter. just see if you can send a file itno that persons home dir
<theazman_> k, sec
<anepanaliptos> if that's the case, there is something wrong with bash
<theazman_> Um, that didn't error
<theazman_> let me check the dir
<theazman_> there is nothing in the home directory of the user
<theazman_> What makes you think it is the bash?
<theazman_> anepanaliptos, not sure what's going on here.
<theazman_> anepanaliptos: You still here?
<tdn> Will software raid1 give me a performance increase in reads?
<theazman_> Anyone able to help me figure out why when I try to ssh as users except the admin the session closes instantly after authenticating. There's nothing descriptive in the logs... Thanks
<anepanaliptos> theazman_: sorry afk
<anepanaliptos> hang on.
<anepanaliptos> ok
<anepanaliptos> so you sent it to userwithproblem@hostwithproblem:~
<anepanaliptos> and then you checked the home dir and it wasnt ehre?
<anepanaliptos> i think its bash because it's a "safty feature" from ssh that there is a shell or _Somthing_ running when you log in
<anepanaliptos> if it doesnt start, or your bash exits abnoramally, that kills teh ssh session
<raub> I know you can do that by limiting which commands you can run when you ssh
<raub> ex: in authorized_keys
<raub> I also think you could setup the shell you are allowed to run
<raub> say, to /bin/fals
<raub> false
<theazman_> YEa, anepanaliptos, it wasn't in the home dir
<theazman_> raub, it doesn't do local logins either
<theazman_> anepanaliptos, ^
<theazman_> Everyone disappear?
<theazman_> Anyone able to help me figure out why when I try to ssh as users except the admin the session closes instantly after authenticating. There's nothing descriptive in the logs... Thanks
<theazman_> Anyone able to help me figure out why when I try to ssh as users except the admin the session closes instantly after authenticating. There's nothing descriptive in the logs... Thanks
#ubuntu-server 2013-07-04
<funky> hey hey :)
<funky> if I run dns from domain name registrar cp I dont need to install bind right?
<sarnold> funky: probably correct
<funky> what for people use bind I, its when they want to run their own dns server?
<sarnold> funky: DNS servers run in two modes, authoritative (publishing details about a domain or subdomain) and recursive (looking up data from other servers)
<sarnold> funky: you could also run the DNS server in recursive mode, to provide some local caching of DNS answers for your network
<sarnold> funky: (your ISP probably does this, and provides you with their recursive DNS addresses via dhcp fields)
<funky> ty, where I can find a good guide - how to setup ubuntu server with nginx and email server and some open source control panel?
<sarnold> funky: not sure about nginx, but mail server will be documented here: https://help.ubuntu.com/12.04/serverguide/
<sarnold> funky: I'd like to suggest against control panels, those tend to be gigantic piles of bad programming.
<funky> sarnold what about http://webmasterguide.us/?p=12 ?
<funky> they seems to promise alot
<sarnold> funky: I'm skeptical -- they started with php, usually a bad sign. also, unless they took the configuration file parsers right out of the packages they intend to suppport, writing parsers for them all correctly is immensely difficult
<zul> adam_g:  https://review.openstack.org/#/c/35513/
<adam_g> zul, i have no rights to that branch, but you have my symbolic +1
<zul> adam_g:  sweet! thanks
<funky> sarnold how about paid control panels?
<sarnold> funky: yeah, still very skeptical. they shell out for tasks that they should just do in php directly. entirely too many things are duplicated all over the place (shell escaping variables)....
<sarnold> funky: I think it'd just be easier to learn the handful of things you want to configure anyway..
<funky> I know how to do it just wonder if it all can be automated
<funky> i could even code it with time
<funky> thanks anyways
<sarnold> funky: you might prefer to look at juju
<sarnold> funky: you can prepare charms for the services you need, and write the configuration tools in whatevre language you wish, puppet or chef work too. but the large collection of existing juju charms is far more compelling to me than a handful of plugins for web 'control panel' things which have proven to be a fruitful source of exploits in the past
<thumper> ok, so how do I get an app to request elevation to root after it has been started?
<thumper> if I go sudo first, it screws up a bunch of environmentstuff
<thumper> so I want to request the user to type in their sudo password...
<cyberdyn> my /devv/sdb1 "available" is 0, use%=100% /boot.... is this a problem?
<sarnold> yes :)
<sarnold> I suggest removing some old kernels before your next upgrade fails
<sarnold> dpkg -l 'linux*' will help you find ones to remove
<cyberdyn> sarnold: i thought it was ;-)  just couldn't figure out how to fix it... google is good most of the time but.. sigh. frustrated. thus I am here.
<cyberdyn> ;-)
<sarnold> cyberdyn :)
<adam_g> roaksoax, lp:~gandelman-a/charms/precise/cinder/pyrewrite this is "done" now, i think
<adam_g> roaksoax, gonna do a bit more testing /w juju-core and propose it for merge
<adam_g> jamespage, ^
<adam_g> jamespage, lp:~openstack-charmers/charm-tools/pyrewrite-helpers i've been keeping all the charm helper changes here, which is actively merged with upstream lp:charm-helpers
<adam_g> jamespage, ill break that into more manageable changesets and start proposing them to charmhelpers. a straight merge would be a pretty huge i think
<adam_g> jamespage, in the meantime you can set your sync config to pull from there until everythings been upstreamed. i need to adjust the sync script to pull the non-.py common template files that i moved to helpers
<foo357> Hello, I'm having some problems with cron/anacron. I want to run daily tasks at midnight and cron daily does trigger at that time, but for some reason anacron waits 7 hours until cron daily starts. Here's a log output: http://pastebin.com/ymnCFKFw
<jamespage> adam_g, nice one
<Daviey> jamespage: Any reason why we shouldn't be doing Havana UCA progression?
<jamespage> Daviey, well I'm sure there are minor niggles - but we should push to updates
<jamespage> it is still in development after all
<Daviey> yeah
<jamespage> so no reason IMHO
<Daviey> There is also a bunch of new stuff in staging
<Daviey> as in, not previously in the UCA
<jamespage> Daviey, I really need to add a --just-do-it flag to cloud_get_work so it automatically passes -y to copy-package
<jamespage> Daviey, yeah  - so we are including qemu and ovs this time round
<jamespage> plus other new dependencies
<jamespage> Daviey, I'm comfortable that everything in staging is required
<Daviey> jamespage: 16 new packages (!)
<jamespage> qemu needed some extra deps for the backport
<Daviey> jamespage: damn, http://pb.daviey.com/iezD/
<gartral> hey all, I have a newer Blade Servre that I'm looking to migrate my current server too, any thoughts on best practices?
<gartral> iv'e asked in #ubuntuserver, but thought I'd ask in here as an alternitive
<gartral> this migration consists of a direct HDD transplant from my current server to the new one
<jamespage> jdstrand, ping re bug 1187262 and libv8 attack surface
<uvirtbot> Launchpad bug 1187262 in snowball "[MIR] mongodb, libv8, snowball, gyp" [High,New] https://launchpad.net/bugs/1187262
<jamespage> did my response have the required information?
<mgz_> jamespage, zul: filed bug 1197745
<uvirtbot> Launchpad bug 1197745 in python-novaclient "Rackspace authentication no longer supported" [Undecided,New] https://launchpad.net/bugs/1197745
<mgz_> seems to be the plugin that's needed: <https://github.com/rackspace/pyrax/blob/master/pyrax/identity/rax_identity.py>
<zul> mgz: fuuuuuuuuuuuuuuuuuuuuuuu
<mgz_> zul: :)
<zul> jamespage:  trivial MP https://code.launchpad.net/~zulcss/python-ceilometerclient/1.0.1/+merge/173015
<moksud_xp> hellp
<moksud_xp> there is someone that can help me with ubuntu server configurations ?
<rbasak> !ask | moksud_xp
<ubottu> moksud_xp: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<moksud_xp> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<zul> jamespage: https://code.launchpad.net/~zulcss/python-keystoneclient/0.3.0/+merge/173022 and https://code.launchpad.net/~zulcss/python-ceilometerclient/1.0.1/+merge/173015 when you get a chance
<zul> jamespage:  https://code.launchpad.net/~zulcss/python-swiftclient/1.4.0/+merge/173023
<skrite> hey all
<jamespage> zul: looking now
<zul> jamespage:  thanks
<zul> jamespage:  fyi upstream tarball for python-ceilometerclient  is missing  https://review.openstack.org/#/c/35638/ but we have it covered in the packaging
<jamespage> zul, all look ok
<zul> jamespage:  thanks
<jamespage> Daviey, how far did you get with havana CA?
<Daviey> jamespage: It was all pushed to proposed..
<Daviey> i sore one FTBFS
<Daviey> sore in the true sense.
<jamespage> Daviey, hmm - some are due to missing versions on deps
<jamespage> quite a few
<Daviey> jamespage: Yeah, i planned to just rebuild when it was all settled
<jamespage> I poked a few already
<Daviey> which it looks like you have done :)
<Daviey> super
<Akuw> i am using a wimax internet provider, how can i configure a server and see it from everywhere ?
<jamespage> Daviey, almost there - just ceilometer - building now
<jamespage> hallyn, zul: we should probably drop in a new ipxe snapshot at some point soon
<RoyK> just wonder, if xfs is part of the main repo, why aren't bugs addressed?
<RoyK> xfsprogs, that is
<sebrock> I need help in configuring a L2TP/IPSec VPN connection. It seems the IPSec is established. But L2TP does not open a tunnel. Anyone seen this before?
<CMOSteve> hey everybody, a quick question. what would one reccomend for somebody with one medium to highend VPS, and three local low to medium end dedicated servers, all runing ubuntu (VPS is 64bit....)
<CMOSteve> hadoop or proxypass
<CMOSteve> ?
<CMOSteve> and is load balancing a cluster configuration with less than 10 servers reliable using apache ever a good option, is it reliable, should it ever be used in a production environment, both for development of products, but also client websites?
<zul> jamespage:  why?
<jamespage> zul, dunno - something we normally do early in release cycle
<jamespage> we had to cherry pick a fix for a ftbfs
<zul> jamespage:  ah ack
<smb> jamespage, wasn't iscsitarget something I heard you say was fixed for 3.10 kernels?
<jamespage> smb: yes
<smb> jamespage, Just did a dist-upgrade on a box that was installed. May I hand you the pieces? :)
<smb> Need to look into it more but it feels like it broke to apply a 3.9 compat patch still doing something to the currently running 3.9 kernel
<jamespage> can I see the dkms build log please
<jamespage> smb ^^
<smb> jamespage, yeah I was just about to pastebin it for you
<smb> jamespage, http://paste.ubuntu.com/5844070/
<jamespage> smb, I'd not actually tested it against a 3.9 kernel
<jamespage> bah
<smb> jamespage, Unfortunately when you are just upgrading you still got at least half of it around still
<jamespage> okay
<jamespage> I'll look tomorrow
<CMOSteve> has anybody had experience with HAProxy? seems to fall in the middle kinda, might be just what i need...
<smb> jamespage, Wait a sec, I try to repeat / fix the install. I mean this is mostly an issue while still having 3.9 and that won't last.
<jamespage> it needs fixing - this all went upstream yesterday
<smb> oops ok
<vedic> I have upgraded from 10.04 to 12.04 using apt-get. While in 10.04, I had some libraries installed by compiling source eg: linear algebra and numerical computation related. Will I have to compile them again when 12.04 upgrade is done?
<Patrickdk> vedic, hmm, you don't upgrade from 10.04 to 12.04 using apt-get
<vedic> Patrickdk: I don't remember the actual command but that was from terminal I started for upgrade.
<CMOSteve> anybody have experience wtih HAProxy?
<brad100> hello?
<brad100> does anyone here use postfix&courier with thunderbird ?
<Patrickdk> !tell brad100 ask
<ubottu> Patrickdk: I am only a bot, please don't think I'm intelligent :)
<Patrickdk> heh
<Patrickdk> !ask brad100
<cyberdyn> I have a question (or two) ;) about my GRUB boot and /boot space.. my /boot has updates up to .32 (on 11.10 server)... when I boot with the default grub choice, it does not boot correctly... I have to go to a previous grub choice.. .26 presently. --- could I delete .27 through .32 and update the system again?
<adam_g> jamespage, still around?
<adam_g> zul, http://people.canonical.com/~agandelman/ca/grizzly/
<zul> adam_g:  +1
<adam_g> zul, do you know if there is a sync in progress from havana staging out toward updates or should i also do the backports for everything required in http://status.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/havana_versions.html
<zul> adam_g:  there isnt
<wxl> how does one get wifi to automatically connect to a hidden ssid on boot? the installer could connect no problem and left the setup in /etc/network/interfaces
<MikeyMike01> Is there something special I have to do in order to install to a USB drive? No matter what I've tried it boots to a solid black screen. If I hold Shift it says "GRUB loading" and nothing more.
<maxb> Generally no, nothing special. I would suggest trying the ubuntu server text mode installer, or perhaps the Debian installer if you prefer a smaller download just to validate that your machine's USB boot sequence is doing the right thing
<MikeyMike01> I installed NAS4Free onto the USB stick and it booted without issue
<maxb> What is the USB image you are trying to boot with problems?
<MikeyMike01> what?
<ruben231> hi guys how do i add static route permanently on ubuntu server
<adam_g> zul, http://people.canonical.com/~agandelman/ca/havana/ this will bring havana-staging up to date. also includes two newbies: python-anyjson and spice-html5 (needed by nova)
<adam_g> jamespage, ^
<zul> adam_g:  xen built fine?
#ubuntu-server 2013-07-05
<mgw> Is there a way for a kvm instance to access its uuid or id?
<thinknow> how to setup shell acounts(are putting together an botnet) on my ubuntu 12.10 server ? (-just installed it, regular installation with lvm encryption though)
<adam_g> zul, no, thats just the src package
<zul> adam_g:  k
<twb> debsecan "works" on Ubuntu, but it gives false positives for fixes in the M of -NubuntuM.
<twb> Is there something like debsecan, that talks to launchpad?
<twb> Plan B is to get my PFY to check, \forall CVEs debsecan reports, does /usr/share/doc/foo mention it (and if so, take no action).
<gartral> hey all, I hosed grub on my server and need to recover, I've managed to boot the system, but I need a perma-fix
<twb> http://cyber.com.au/~twb/snarf/extlinux.txt
<codepython777> Is there a faster way than this : ping -n 1 -w 100 IP4v  : For knowing if my server is up?
<twb> ITYM -c1
<twb> But not really.  You might want nagios or nmap or something.
<codepython777> twb: -c is not there on my ping for some reason
<codepython777> also, ping seems to be unreliable for detecting a machine is up or not...sometimes -c 1 does not work?
<twb> Shrug.
<Patrickdk> define, faster
<Patrickdk> cause what your specified I would not consider fast at all
<Pici> I vaugely remember there being a netcat argument that could quickly tell if a target was up or not.
<Patrickdk> and if your ping doesn't have -c, your not using ubuntu
<twb> Pici: well if you're testing e.g. for ssh, you can nc example.net ssh, with a timeout
<roasted_> hello friends
<roasted> is there a way to cron rsync to run every 5 minutes without having 6,000 entries in crontab?
<Patrickdk> yep
<Patrickdk> you did read the cron manual right?
<Patrickdk> second thing, you won't want to put rsync in cron anyways, cause then you could startup two copies of rsync, and well, rsync doesn't like that
<mardraum> man 5 crontab is all you need
<roasted> a few times. evidently I missed something.
<Patrickdk> */5 * * * *
<roasted> Patrickdk: have you ever used lsyncd? I might look into that instead.
<Patrickdk> personally, I use bash
<roasted> bash, as an alternative to lsyncd?
<Patrickdk> to wrap rsync
<roasted> ah
<Patrickdk> or perl
<roasted> I understand lsyncd watches for file system changes and rsyncs the data accordingly.
<roasted> I thought that would be kind of neato, but I'm not sure what kind of cons that setup would come with.
<Patrickdk> why would it use cron?
<roasted> lsyncd wouldn't use cron
<roasted> I was looking into a continual rsync and came across lsyncd just a minute ago
<twb> Patrickdk: you could wrap rsync with lockfile-progs, though running it every five minutes is a bit excessive
<Patrickdk> excessive?
<Patrickdk> I used to run it every 20seconds :)
<Patrickdk> over a 8gig maildir
<twb> I guess you had enough RAM to cache all the dirents
<Patrickdk> yep
<Patrickdk> that first rsync would take a good 3min or so
<twb> But at that point I would instead just use a while :; do rsync ...; done loop or something, rather than cron jobs
<twb> Or for maildir specifically, something maildiry like offlineimap
<Patrickdk> well, this was just a loop like that yes, with a 20sec sleep
<twb> Righto
<Patrickdk> well, offlineimap wouldn't work
<Patrickdk> it wasn't clean enough
<twb> k
<Patrickdk> this was my first attempt, and it worked well for several years
<Patrickdk> multi-master mailservers in multible datacenters
<twb> What do you do now, drbd?
<twb> Or some magic in dovecot
<Patrickdk> well, I would use dsync if I cared
<Patrickdk> but the internet has been much better than it was back then
<Patrickdk> back them, I would constantly randomly loose routing paths to one or another dc
<Patrickdk> local isp's fault
<twb> swap in a new ISP
<twb> ...with prejudice
<Patrickdk> wasn't an option
<Patrickdk> when you can only pick from 2
<Patrickdk> and the other was 30x the price, much more than they where willing to pay
<twb> We still had a quarter of our /24 reserved for staff dial-in pstn modems, until like 2008
<Patrickdk> servers in two other dc's where not even 1/3 that price
<twb> maybe 2010 even... whenever I took over
<twb> That is, staff connecting directly to us because ISPs didn't exist yet
<roasted> lsyncd is proving to be a headache.
<roasted> I somehow made it work from laptop to server, but the goal is to go from server 1 to server 2. It keeps failing saying the host verification key failed, yet regular rsync works without keys since SSH keys are set up.
<twb> roasted: running it as different users?
<roasted> tried my regular user and root
<twb> host verification failure is usually a result of known_hosts having different data in it, or running in -oBatchMode=yes and not having the existing entry
<roasted> if I run rsync manually it works fine
<roasted> if I let lsyncd do it, it tanks
<twb> I dunno about lsyncd, sorry.
<roasted> I'm looking at the log file pulling my ahir out because it looks perfect
<twb> But maybe lsyncd can't access your ssh agent?
<roasted> I suppose. I'm not sure.
<twb> Is it using passphraseless SSH keys for auth?
<twb> Also run it with LC_ALL=C and tell me the exact error message
<roasted> I have ssh keys set up. I have no idea if it's seeing it properly.
<roasted> for now I just set up rsync to run.
<twb> Are the passphraseless?
<roasted> probably not a good idea for me to troubleshoot half lit up and tired as can be. :P
<roasted> well, when I ssh to the server I get no PW prompt, so yea.
<codepython777> curl -k -X HEAD -i https://website -- hangs after printing the head- any ideas why?
<twb> WFM.
<codepython777> how do i measure the total number of bytes sent/received by a particular command?
<jamespage> smb: looking at iscsitarget right now
<jamespage> Daviey, everything is built in havana-proposed now
<jamespage> shall I promote to updates?
<sanderj_> What do I do when fsck /dev/sdb1 returns only the version number. and when I go into the dir I get: ls: reading directory .: Input/output error
<apw> sanderj_, i would look in dmesg and see if the drive is even present, also fsck on a mounted filesystem is a no-no unless it is r/o and even then not recommended
<sanderj_> apw, scsi0: ERROR on channel 0, id 1, lun 0, CDB: Read (10) 00 12 c1 ad 4f 00 00 08 00, Info fld=0x12c1cd8f, Current sdb: sense key Medium Error
<apw> medium error, this means physical issues
<sanderj_> apw, ok, thanks.
<jamespage> adam_g, what do you think about a feature for the nova-compute charm that allows you to suckup disks and mount them on /var/lib/nova/instances
<jamespage> right now they always sit on the OS disk by default
<jamespage> this would allow extra disks in servers to provide ephemeral storage
<jamespage> smb, just uploaded a new version of iscsitarget - should be OK now
<jamespage> when the patches landed upstream the whitespace/tabbing in the compat patches got fixed up
<smb> jamespage, Ok, I will get it downloaded as soon as it shows up and make the machine that failed verify it
<jamespage> smb, I tested it on a 3.5 12.04 machine and it looks OK
<smb> jamespage, ok, well the machine that exploded was a saucy one but just happened to get upgraded from 3.9 to 3.10 kernel at the same upgrade run
<smb> (not that I can repeat that exactly)
<phretor> hi, does this kernel build http://packages.ubuntu.com/precise/linux-image-server has the CONFIG_ROOT_NFS=y?
<zatricky> Hi, all. I updated my personal server at home last night from 12.10 to 13.04 - the upgrade went smoothly except that the new kernel (3.8) doesn't finish booting. There are no clues given except for an error saying "Timed out", and "Dropping to a shell".
<zatricky> The server runs off a 60GB Intel SSD with btrfs - which works without any issue with the previous kernel (3.5)
<zatricky> I've done a lot of googling but I'm not seeing much info relevant either to btrfs or simply "Timed out" in relation to the a boot process failure :-/
<foo357> Hello. I've had some trouble with cron-anacron recently, I'm fairly new to it.
<foo357> However I think I've found the answer: http://askubuntu.com/questions/92322/time-of-execution-of-daily-anacron-job
<foo357> the solution is to make cron start anacron every hour. But the suggested edits to the crontab file seems a bit flawed.
<foo357> 01 0    * * *   root start -q anacron || :
<foo357> @hourly root start -q anacron || :
<foo357> If I'm reading this correctly these two lines are equivalent and just uses a bit different syntax.
<foo357> so only one of them would be needed really.
<foo357> can anyone confirm if I'm right or wrong?
<zatricky> foo357 - correct, seems a bit strange to have two entries that do the same thing at the same time
<foo357> thanks for the response zatricky.
<Teduardo> okay i've figured out that if i interrupt the boot process by holding shift and then select ubuntu advanced and then tell it to boot normally the console works
<sebrock> I'm having trouble gettin L2TP tunnel to work with xl2tpd. It just sits there. No error messages, nothing. Can someone please help me?
<hallyn_> stgraber: I'm going to have to have lxc-start check whether it is already in a subdir of /sys/fs/cgroup/$d/lxc/$container and do nothing if so
<hallyn_> stgraber: it gets a bit hacky, but with new kernel restrictions it seems the only way to keep the mountcgroups hook usable
<hallyn_> just fyi
<stgraber> hallyn_: ok, does that mean that a nested container will essentially end up in the same cgroup as its parent (instead of its own sub-entry)?
<hallyn_> no
<hallyn_> it may be that doubly nested containers won't work any more - i haven't thought thruogh whether that's fixable yet
<resno> i have 2 vms behind a pfsense firewall, both configured the same. one can ping an ip the other cant... any suggestions?
<resno> both ubuntu 10.04
<sindri> Ok, I'm still having problem running vsftpd on my server; getting "530 Non-anonymous sessions must use encryption." My config looks like this: http://paste.ubuntu.com/5846998/ and my user config like this: http://paste.ubuntu.com/5847003/ any help would be welcome. Thanks!
<Free99> hey everyone. Trying to figure out how to use the "remember" option in PAM for the pam_unix.so module
<Free99> there apparently used to be a package called "pam_pwhistory" but it doesn't exist any longer for 12.04
<Free99> (shrug) ok then
<Vec_> Hi. <- learning newbie. Just about to install LAMP-stack on my server. Should i also install a webbased adminpanel like cPanel or ISPConfig3, or simply take my time and config it through a ssh? - what are you guys' reccomendations?
<Vec_> Basically at first i just want my box to serve webpages securly, then my goal is to host various java applets im programming for school.
<jpds> Vec_: You're going to learn a lot more via SSH.
<Pici> Vec_: The only web-based front end that I personally find useful is phpmyadmin (or phppgadmin), anything else is probably overkill.
<sarnold> Vec_: strongly recommend against web-based configuration panels. (a) they are very often used by hackers to gain access to systems, since their code quality is usually very poor (b) they get in the way of doing the configuration yourself -- it's like wearing boxing gloves with everything you do. I dislike them. Intensely. :)
<Vec_> hehe
<jpds> sarnold: Including boxing?
<Vec_> Ok, well im settled then. SSH it is.
<Pici> Also, I usually leave them disabled unless I'm actively working with them.
<Vec_> jpds: lol
<sarnold> jpds: lol :)
<Vec_> Tbh i've gotten really far in 1 week. From 0% knowledge of linux to now having a server sharing files, running automated backup, sharing a printer -- all configured as restrictive as my brain find logical and whatnot HOWTOs and ubuntu docs tell me
<Vec_> Its really really fun ^^
<maxb> The other *massively* useful thing about doing configuration in textual configuration files is that you can put them under version control, and have an audit trail, notes about why you changed things, and a way to roll back when things go wrong
<sarnold> Vec_: cool :) I'm glad it's fun :)
<Vec_> maxb: That sounds like something i should google.. not sure if i can handle the added complexity of learning version control (however that works) together with configing the LAMP stuff
<jpds> Vec_: sudo apt-get install etckeeper
<jpds> Vec_: https://help.ubuntu.com/12.04/serverguide/etckeeper.html
<enraged> maxb: I just joined in the middle of this conversation, but if I launch a GUI program that makes modifications to a config file, doesn't the user who launched the GUI program be recorded as the person who edited the text file, just as if they'd done it with a standard text editor?
<Vec_> jpds: "By default, etckeeper will commit uncommitted changes made to /etc daily" what exactly does this mean?
<maxb> The context of the conversation involved ssh vs. web admin tools
<enraged> Ah ok
<enraged> I apologize
<maxb> np
<jpds> Vec_: It'll do a daily commit of changes on its own.
<enraged> If we're discussing SSH atm in here, is there anyone using Ubuntu 10.04 that has managed to get multi factor authentication working with OpenSSH?
<Vec_> Please define commit. Also, if i make changes to a config file in /etc then i save it staight away (pretty sure im missing the target at this point? :p)
<enraged> I'm specifically involving ssh keys here
<enraged> An important detail missed out.
<jpds> enraged: I always use SSH keys, everywhere.
<jpds> Vec_: Commited into the version control.
<Vec_> jpds: As in logged? (will continiue to read now..)
<thinknow> easiest app to make an shell account on my server?
<jpds> Vec_: If you just save the file, the change isn't yet in the version control system until you commit it into it.
<enraged> jpds: Do you use mfa aswell?
<jpds> enraged: No.
<enraged> jpds: Aw damn.
<sarnold> thinknow: adduser(8)
<Vec_> jpds: Ah ok, so if i change stuff, notice i fubar'd it, then i can roll it back before its committed?
<jpds> Vec_: Yes, and even after it's commited.
<Vec_> well that sounds very nice
<thinknow> sarnold, but i mean shell account so i can add process like irc
<thinknow> dont remember the name
<enraged> jpds: I've been trying to get totp codes to be required as a secondary authentication method to an ssh key, but as far as I can tell PAM is required to do that and when you use an SSH key it bypasses PAM
<jpds> enraged: If they steal your private SSH key, you have other issues.
<enraged> jpds: Yeah, my concern is the laptop I use to remotely admin being hacked, the private key file being stolen and the laptop being keylogged so they know the passphrase to decrypt the file.
<enraged> jpds: So yeah, totp codes generated by a phone or something else as secondary authentication, because they'd then need to hack the phone aswell
<jpds> enraged: Welcome to the world of paranoia. Encrypt your /home directory on the laptop.
<enraged> jpds: Oh man! I wish I could, but the circumstances I'm in, the laptop is Windows 7.
<sarnold> enraged: see if this helps: https://www.duosecurity.com/docs/duounix
<enraged> jpds: So yeah, now you understand why I'm so nervous XD
<Free99> anyone know how I can enable the "remember" option in PAM?
<enraged> sarnold: Thanks. I remember annoying you about this a while back.
<Free99> I'm not clear on how to do it
<sarnold> enraged: yes, and I remember being very annoyed that I didn't completely understand opeenshd at the time :)
<enraged> sarnold: No problem man; It's what, a month later, and I still haven't figured this one out.
<jpds> enraged: You can still encrypt things on Windows (truecrypt and co.).
<enraged> jpds: Oh yes, but the private key file is stored on a usb stick anyways seperate from the laptop.
<sarnold> Free99: pam_cracklib's "similar" might do it?
<enraged> jpds: So the win7 laptop itself isn't the concern, just a keylogger and filestealer being installed.
<sarnold> enraged: man :/ you think this would be easier..
<Free99> enraged: what about using libpam-oath?
<enraged> sarnold: I talked to the guy who wrote the sirc protocol yesterday and mentioned this to him. Didn't believe me so he logged onto his test server, spent 10 minutes playing arond and came back giving me a puzzled look.
<Free99> sarnold, i'll take a look thanks
<sarnold> enraged: hahah :)
<sarnold> enraged: well, at least I'm not the only one then
<mgw> I have a firstboot script in rc.local (I used vm-builder). How can that script cause a reboot?
<sarnold> that makes me feel a touch better :)
<enraged> free99: Whole problem here is you can't use PAM
<sarnold> mgw: by calling /sbin/reboot ?
<mgw> Simply rebooting aborts rc and the firstboot flag never gets set
<mgw> so it repeats the reboot after every boot
<jpds> mgw: Nice.
<Free99> but enraged, sshd authenticates against pam
<sarnold> ah :) good luck ;)
<sarnold> Free99: only for passwords..
<mgw> sarnold, jpds: I guess I can set the firstboot flag manually
<jpds> mgw: Store that you've firsted boot in a file and check if that file exists before you reboot?
<sarnold> Free99: if you use keys, it bypasses pam entirely :/
<enraged> free99: Only when you use passwords. When you use SSH keys, it bypasses PAM for auth, so you can't use any pam modules.
<Free99> hum.
<enraged> hum indeed
<mgw> jpds: thanks, that's what the rc.local script does, but the firstboot.sh was exiting before it got there. SHould have it fixed now
<Free99> enraged, would this help? think about the possibilities: http://jpmens.net/2006/03/02/ssh-public-keys-from-ldap/
<jpds> enraged: You could just set up a firewall so that the server only allows access to sshd from your IP address.
<Free99> enraged, the idea isn't the LDAP part, its more the fact that the patch allows you to connect via ssh through seeing you have a user account via PAM, then checking the key against...well, whatever you want
<Free99> could potentially be a file or a stupid script or w/e you want
<enraged> I'll have to read more into this; it's the first time I've seen this post.
<jpds> enraged: LDAP doesn't slove your problem.
<enraged> It's close to a suggestion I recieved by the sounds of it, where we would have a key server that I logged into with a password and otp code, then from that key server, log onto the other servers
<enraged> Yeah, I'll have to read it more.
<enraged> I've never heard of LDAP before.
<enraged> How bad is that?
<jpds> "bad" ?
<enraged> Well, OpenSSH is something every sysadmin show know about...
<Free99> enraged: it's got a steep learning curve. it's the tech that microsoft borrowed to make active directory
<enraged> By comparison, LDAP is....?
<Free99> basically a database of user accounts and stuff
<enraged> hrm, ok
<Free99> update in one place, updated everywhere
<enraged> Just to be clear, purely focused on user management or is this just a general file syncing service?
<jpds> enraged: User management.
<enraged> Ok
<jpds> enraged: But you can store other things in it.
<Free99> enraged, what service provider do you have?
<Free99> for your cell
<enraged> British Telecom
<Free99> enraged, do you know what BT's sms gateway is?
<enraged> No...
<enraged> Sorry, you've gone off on a tangent here; what are we/you trying to do?
<Free99> enraged, if you want to replicate Google's OTP thing, I was thinking you'd have that pam plugin make the OTP and you can essentially "email it to your phone" via sms
<Free99> in the US, if you want to send a text to your phone, depending on your service provider (mine is AT&T) you email "<phone number>@wap.att.net" and it shows up as a regular text
<sarnold> Free99: but PAM isn't available if you're doing ssh authorized_keys :/
<Free99> sarnold, unless he uses that patch I just linked him
<sarnold> Free99: jpmen's ldap-thingy?
<Free99> yeah. the LDAP is totally PAM-based
<sarnold> aha :)
<enraged> Free99: Oh, I understand!
<enraged> Free99: One second.
<Free99> oh dang. the link to the patch is dead
<Free99> oh wait! github to the rescue!
<Free99> https://github.com/rfay/OpenSSH-LPK
<enraged> Free99: Ok, so at the moment, I have an app on my phone (Android) that produces the TOTP codes without contacting the server I'm connecting to. The problem is, how do I get the SSHd server to request the second authentication method, of the totp code, and then compare it against the PAM module which will confirm or declare false the code entered.
<jpds> Free99: You do realize using a hacked up version of OpenSSH like that is going to be a security nightmare in the long term?
<enraged> Free99: The PAM module is supposed to initiate after a succesful password login that then waits for the user to enter the TOTP code before giving Shell
<enraged> jpds: At the moment, this is more technical curiosity.
<enraged> jpds: If it can just be done I'll be happy.
<Free99> jpds, yeah.. I know. But how can I trust anyone tbh? Just because the repos are canonical maintained, doesn't mean they're always trustworthy. Even kernel.org... http://www.theregister.co.uk/2011/08/31/linux_kernel_security_breach/
<jpds> Free99: No, I meant more like having to compile and update OpenSSH by hand every time an update comes out in precise-updates.
<Free99> jpds, perhaps enraged will become a repo contributor... that's how it starts right?
<enraged> BWA HA HA
<Free99> openssh-server-lpk? lol
<enraged> Free99: I think you're overestimating my capabilities
<Free99> enraged, that's on you bro haha
<Free99> anyhow I'm enjoying my 5th of july off. Gonna hit the pool. see you guys! and good luck
<enraged> See ya man
<sarnold> enraged: the duo-security thing looks like an unfortunate hack the way it's implemented, but a pal who I trust uses it, so perhaps the caveats are worth it :)
<mgw> Free99: upstream has AuthorizedKeysCommand directive for ssh
<enraged> Sarnold: Yeah I'll have to give it a proper look later.
<enraged> I don't think Free99's ldap proporsal really solves the problem; it looks very similair to a certificate authority
<sarnold> enraged: he is only suggesting it because it patches sshd to use the PAM stack before doing ssh keys
<sarnold> enraged: the ldap is just a side effect
<sarnold> .. and probably one you can ignore
<enraged> ok
<enraged> I think I'm starting to get a bit closer to fully understanding why he wanted to do this now then :p
<enraged> I'll be reading through the duo security manual though before I decide which to try first
<sarnold> enraged: I'd also like to suggest against running a patched sshd :)
<sarnold> it's fragile code.
<sarnold> or, it has a long history of being fragile..
<enraged> Yeah, probably the main reason I am going to put my hope in your duo security suggestion...
<enraged> If this doesn't work, I'll come back and annoy you some more with the forcecommand issue...
<sarnold> :)
<enraged> Sarnold: You have so much fun to look forward to!
<sarnold> hehe
<thinknow> someone have an idea how to connect my server trough tor/vidalia ?
<thinknow> i have tried some tutorials, but cant find any apps that make this job easy or stable
<sarnold> thinknow: I think what you're looking for is tor onion addresses. maybe ask in #tor on irc.oftc.net.
<thinknow> ok i will look it up:)
<thinknow> thank you
<sandprickle> I've been trying for hours to get Nginx+php fpm working to no avail. Precise. Nginx 1.4.1 from the Nginx repo. All other packages from ubuntu repos. What might I be missing?
<sarnold> sandprickle: anything in hte logs?
<sandprickle> yeah: 2013/07/05 14:34:22 [crit] 25963#0: *1 connect() to unix:/var/run/php5-fpm.sock failed (13: Permission denied) while connecting to upstream, client: 127.0.0.1, server: localhost, request: "GET /test.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "localhost"
<sandprickle> file permissions?
<rOYk> smells like PEBKAC
<sarnold> sandprickle: could be; what ar ethe permissions on /var/run/php5-fpm.sock? does the nginx process owner have privileges to talk with thatsocket?
<sandprickle> www-data owned /var/run/php5-fpm.sock; did chown nginx:www-data /var/run/php5-fpm.sock; now I get a different error..
<sarnold> yeah don't change the ownership of the socket... the fpm runner should own it, it provides the socket after all :)
<sandprickle> Yeah, that didn't work. added nginx to the www-data group. now getting this: 2013/07/05 15:01:15 [error] 26598#0: *1 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 127.0.0.1, server: localhost, request: "GET /test.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "localhost"
<sarnold> TheLordOfTime: ^^^  :)
 * TheLordOfTime looks
<TheLordOfTime> sarnold:  you did poke me at a bad time though
 * TheLordOfTime was beating an nginx FTBFS
<sarnold> TheLordOfTime: d'oh :)
<TheLordOfTime> sandprickle:  pastebin your conf
<sandprickle> sure thing
<sandprickle> it's in multiple files... multiple pastes or just one (pastebin n00b)
<sandprickle> nginx.conf: http://pastebin.com/9WCkccyt conf.d/dev.conf: http://pastebin.com/9SmR5Y9X fastcgi_params: http://pastebin.com/sTprY17D
<sandprickle> TheLordOfTime: ^^
<sandprickle> /etc/php5/fpm/pool.d/www.conf: http://pastebin.com/PxVz0JUy /etc/php5/fpm/php.ini: http://pastebin.com/D3AjBb4L
<TheLordOfTime> sanderj_:  sorry i'm like jugging a billion things
 * TheLordOfTime looks now
<TheLordOfTime> erm
<TheLordOfTime> sandprickle:  ^
<sandprickle> no worries. #nginx woke up now anyway.
<TheLordOfTime> sandprickle:  yes they did
<TheLordOfTime> having said that i see a few pitfalls
<Vec_brb> On my apache server, i have java.html with 004 permissions. If the file is owned by root user and root group, i can view the file in my browser. If www-data group owns the file, i get permission denied. How come? o.O
<sarnold> Vec_brb: permissions are checked in the order of user, group, world
<sarnold> Vec_brb: when the web server owns the file, the first check finds '0', and returns forbidden
<Vec_brb> Oh, derp..
<Vec_brb> In other words, im denying the owner of content in displaying it to my browser?
<Vec_> Yeah, i could make www-data the owner group and give that group read permissions with everyone else at 0 and it works. I assume this is because its the www-data group that is because my user which is in www-data is responsible for serving the site
<sarnold> Vec_: yes, and worse, if your web server is compromised, it'd be easy for the file permissions to be set back to allowing the server to write the file, and then changes be made ot your website content in a persistent fashion
<sarnold> Vec_: web servers shouldn't own any of the content they serve -- their only write privileges should be their log files, database and fast-cgi-like sockets
<Vec_> sarnold: Ok. So best practice is having no owners on the files with 004 permissions ?
<sarnold> Vec_: well, make sure www-data doesn't own any more files than necessary; 004 is another matter (it's overkill, and perhaps counter-productive..)
<Vec_> There is only one user in www-data, me (the server superuser?), i don't see why it would be bad for effectivly me to own the files in my webdirectory.. I'm 100% new at this linux stuff, and i just installed LAMP so im kinda fumbeling atm >..<
<Vec_> I mean, does it matter when i can control the permissions anyway. And if my user is compromised then im fubared anyway
<sarnold> Vec_: on the one hand, you're right, if the servre gets compromised you're better off re-building from backups
<sarnold> Vec_: but business demands sometimes means fixing the iimmediate problem and getting back to business while you rebuild a new machine
<Vec_> sarnold: Thanks for making me understand what happened on my original question. Other than that i feel like you are replying with knowledge way outside my league at this point in time. Im just a random student who installed linux a week ago and now i have this awsome server up and running with some basic services like printersharing/filesharing/automated backup and now this LAMP server.
<Vec_> I should probably just read a whole lot more HOWTOs and documentation instead of conversing in this channel on a level i dont yet fully comprehend ^^
<Vec_> I was kinda apprehensive about installing LAMP tho as it exposes me so much (i assume) to the net.. Therefore i think i should read more to limit my exposure and get the permissions and fileownership right (and understand it too)
<sarnold> Vec_: heh, fair enough, just mark down that you'll want to ask me about it again in another six months or osmething :)
<sarnold> I've got a nice rant written about it somewhere..
<Vec_> ^-^
<uvirtbot> Vec_: Error: "-^" is not a valid command.
<Vec_> Hm, i should probably only installed apache, considering i really just want to serve static pages with java applets i program for school
<hallyn_> stgraber: are you by any chance around with a few minutes to look at an ugly lxc patch?
<hallyn_> (if so, http://people.canonical.com/~serge/0011-cgroup-hook-handle-stricter-kernel - else, i'll test some more and push to saucy and post to list)
<stgraber> hallyn_: +INFO("XXX checking subsystem %s against string devices len %d", cg->subsystem, len);
<stgraber> hallyn_: did you mean for those three INFO to stay there? the XXX looks like a temporary thing
<stgraber> hallyn_: besides that, as ugly as it's, it looks fine
<hallyn_> i kind of wonder if we went ahead and setup all the cgroups first, then ran hooks, then entered cgroup at very end, if that would be better overall
<hallyn_> meanwhile upstream git has diverged there from saucy's pkg...  already split up the devices setup a bit
<hallyn_> still, this is passing tests
<hallyn_> stgraber: you've told me before, but can't find it in my irc logs -  were you planning on merging upstream git in july?
<hallyn_> well really the clean solution will be "if you want nesting, use user namespaces and the cgroup management agent."  <shudder>
<stgraber> hallyn_: I've been pretty busy with other things but I think we should try and get an alpha release done upstream in early August, then use that for saucy
<stgraber> hallyn_: what we end up shipping with in saucy I don't really care much about, it's a non-LTS release with a 9 months support period, so as long as it's fairly recent and it works...
<hallyn_> stgraber: sounds good.
<thinknow> lol question, but command in ubuntu server for starting ftp host ?
<sarnold> thinknow: apt-get install vsftpd, edit the configuration as necessary, then 'service vsftpd start'   ought to do it
<thinknow> ok thnx
#ubuntu-server 2013-07-06
<sindri> I'm having problem running vsftpd on my server;  getting "530 Non-anonymous sessions must use encryption." My  config looks like this: http://paste.ubuntu.com/5846998/ and my  user config like this: http://paste.ubuntu.com/5847003/ any  help would be welcome. Thanks!
<mardraum> sindri: you seem to have turned that on in your config.
<mardraum> sindri: you enabled ssl then forced everyone to use it
<sarnold> sindri: make sure you also force ssl in the client
<sindri> mardraum: but shouldn't it still be possible to access it? running "ftp localhost" I'm not even asked for password
<mardraum> perhaps vsftpd handles localhost differently.
<sarnold> sindri: hrm, note the guest_enable=YES and guest_username=ftp combination, is that intentional?
<sindri> sarnold: I followed a guide on the forums for setting it up (virtual users and ssl) And I think that was included
<sindri> sarnold: but using a pre declared username in a .db I'm not considered being a guest right?
<sarnold> sindri: I don't know that level of details, it just looked potentially problematic. :)
<sindri> sarnold: Thanks, I'll make a note and look into it :)
<sarnold> sindri: client config is more likely your problem
<sindri> You mean the vsftpd.config ?
<sarnold> sindri: you need to make sure your ftp client requests SSL
<sindri> But isn't stating "ftps://ipadress" in filezilla forcing it to use SSL?
<sarnold> perhaps? does the log show the client asking for AUTH TLS or AUTH SSL?
<sindri> It says it initiates TLS after establishing a connection
<sindri> then I get timedout
<sarnold> sindri: you might need to break out openssl s_client -starttls ftp   ...
<sindri> On the server toward localhost?
<sarnold> sindri: sure
<sindri> hm, "Connection refused" Errno:111
<sindri> No ok, my bad - wasn't sure how to really run the command. can pastebin output.
<sindri> sarnold: thanks for help but I have no idea what that command is, trying to figure it out still
<sarnold> sindri: does the openssl s_client connect alright? can you get data back out of the ftp daemon after you've connected?
<axisys> ALERT!  /dev/mapper/rootvol-root does not exist.  Dropping to a shell! after 10.04 to 12.04 with do-release-upgrade
<axisys> any suggestion on a fix?
<sindri> sarnold: It connects in some way, but I don't know how to feed it my user and password :S
<sarnold> sindri: iirc, it's "user username-goes-here" and "pass password-goes-here"
<sarnold> sindri: full thing is here: http://www.ietf.org/rfc/rfc959.txt
<Guest51645> axisys: looks like you're using LVM, and somehow ubuntu cannot find that VG
<Guest51645> are you using LUKS  or RAID ?
<Guest51645> or something ?
<axisys> Guest51645: raid and lvm .. no luks
<Guest51645> axisys: RAID 1? 0?
<tarvid> how can I track down which tasks are using my database
<Guest51645> which one ?
<axisys> Guest51645: raid 10
<axisys> Guest51645: no, raid 1
<axisys> back to grub menu
<sarnold> tarvid: lsof | grep /path/to/socket
<Guest51645> axisys: can you run cat /proc/mdstat ?
<axisys> Guest51645: i can go to recovery mode or pick the first optio
<sarnold> tarvid: of course, if any programs are using a TCP socket, you'll need to look for those too, netstat -np | grep :portnumber
<virusuy> axisys: go to recovery and pastebin the output of cat /proc/mdstat
<virusuy> that will show us in which state your array is right now
<axisys> virusuy: k
<tarvid> sarnold, I am trying to track down which databases are actually being used. They have been created over time and most have been abandoned
<virusuy> tarvid: mysql ?
<tarvid> yes
<virusuy> run show processlist;
<sarnold> tarvid: beware cronjobs or webscripts that are rarely used but still needed..
<axisys> http://paste.ubuntu.com/5848449/
<virusuy> and that will show you which query and database are being used
<virusuy> at the moment
<tarvid> I created a log file and added a log: line in my.cnf
<virusuy> axisys: seems like everything is up and running
<virusuy> realy odd
<sindri> sarnold: Thanks alot! I'm guessing I'm close to a solution now, think my password might contain some illegal characters as I get error 331 which means User name ok but missing password. Using "!" and "_" among other tokens might this be a problem?
<tarvid> I cleaned up the apache virtual stanza but lining up users and databases eludes me
<sarnold> sindri: oh jeeze, that'd be unfortunate...
<sarnold> sindri: maybe make a new user account with very simple password, for testing..
<sarnold> does it work at all :)
<axisys> virusuy: md0 and md1 is missing
<virusuy> axisys: oh!
<virusuy> that's it !
<axisys> sda and sdb is missing
<virusuy> well, that's the reason why your system doesn't boot up
<virusuy> so, now we should see why those 2 drivers are missing
<axisys> virusuy: well not missing .. but not in that output
<virusuy> can you pastebin the output of  fdisk -l  ?
<axisys> virusuy: not from initramfs
<axisys> (initramfs) fdisk -l
<axisys> /bin/sh: fdisk: not found
<virusuy> oh, ok
<virusuy> uhmm
<axisys> [   21.982045] sd 9:0:0:0: [sda] 143134720 512-byte logical blocks: (73.2 GB/68.2 GiB)
<axisys> [   21.982298] sd 9:0:1:0: [sdb] 143134720 512-byte logical blocks: (73.2 GB/68.2 GiB)
<virusuy> well, at least are there
<virusuy> but somehow they're not defined as an array
<axisys> virusuy: yes
<virusuy> can you see /etc/mdadm.conf ?
<axisys> http://paste.ubuntu.com/5848468/
<virusuy> probably they're not defined there
<axisys> http://paste.ubuntu.com/5848471/
<axisys> /dev/md0 is defined twice
<axisys> exact same entry
<axisys> how do I modify from here and update ?
<virusuy> using vi
<virusuy> but first !! backup that file !!!
<virusuy> :-)
<axisys> not from initramfs
<virusuy> you can also rescan those arrays, and create mdadm.conf based on that scan
<axisys> mdadm --detail --scan does not see md0 or md1
<virusuy>  mdadm --examine --scan > /etc/mdadm.conf
<virusuy> but first, backup mdadm.conf
<axisys> (initramfs) cp /etc/mdadm/mdadm.conf /etc/mdadm/mdadm.conf.bak
<sindri> sarnold: Ok, didn't matter how simple the password was. :(
<axisys> virusuy: ok modified mdadm.conf
<axisys> virusuy: I think I need to update initramfs before the reboot
<virusuy> probably
<virusuy> but first, cat mdadm.conf
<virusuy> to see if it is ok now
<sarnold> sindri: nuts, I was afraid of that. check your vsftpd logs again, they might have new data..
<axisys> http://paste.ubuntu.com/5848486/
<virusuy> axisys: cool :-)
<sindri> sarnold: Will do tomorrow :) thanks again for taking the time - goodnight all!
<sarnold> sindri: good luck
<axisys> virusuy: thanks a lot for your help.. still may be one more step
<virusuy> axisys: no problem sir, you're welcome ! :-D
<axisys> virusuy: can I just reboot ? I know I need to run update-initramfs when I am on OS
<virusuy> axisys: i'm not sure
<virusuy> at least, you can re-do this steps
<axisys> virusuy: yep :-)
<virusuy> :-) tell us later if everything goes well
<virusuy> s/goes/went
<axisys> stuck same spot
<virusuy> even running update-initramfs ?
<axisys> mdadm -As after the --examine --scan and then exit seem to do the trick..
<axisys> looks good now.. thanks a lot for your help
<virusuy> no problem
<virusuy> good to know you got that big boy up and running again
<fangj1n> I installed postfix dovecot sasl2-bin in ubuntu-server,but use foxmail not connect to hostname,this error prompt:535 5.7.8 Error: authentication failed: authentication failure,who can help me ?
<sarnold> fangj1n: are there error messages in the server log files?
<fangj1n> Jul  6 09:45:25 ubuntu-server postfix/smtpd[8722]: warning: localhost[127.0.0.1]: SASL login authentication failed: authentication failur
<fangj1n> that is error log
<sarnold> fangj1n: time for me to go -- check the sasl configuration to see what it requires for authentication. good luck! :)
<hunterman> how to install unity on ubuntu server?
<axisys> don't see one of the VG after the do-release-upgrade
<axisys> lots of duplicate PVs
<axisys> http://paste.ubuntu.com/5850884/ shows VG splunk is there
<axisys> but vgs does not show it
<axisys> http://paste.ubuntu.com/5850887/
<axisys> anyway to recover the VG splunk?
<virusuy> axisys: you're having the same problem than yesterday ?
<axisys> virusuy: hey
<axisys> virusuy: no I past that
<axisys> virusuy: now issue with LVM
<virusuy> oh
<axisys> which is built on top of those mds
<virusuy> yeah
<axisys> md2, md3 and md4 should be the PVs that were used to build the VG splunk
<virusuy> seems like udev changed all your HD names
<axisys> sdc1,sdd1 => md2 ; sde1,sdf1 => md3 and sdg1,sdh1 => md4
<axisys> and then md2,md3,md4 to make VG splunk
<axisys> those are raid1s
<axisys> so trying to avoid rebuilding the PVs to keep the data if possible
<axisys> removed the duplicate PVs with pvremove
<axisys> but it does not let me add /dev/md2
<axisys> or /dev/md3 and /dev/md4
<axisys> only allow /dev/md2p1 or /dev/md3p1 or /dev/md4p1
<axisys> http://paste.ubuntu.com/5851037/
<mike024> I want to add 3 drives to my raid 5 and convert it to raid 6 at the same time. Any suggestions?
<mike024> can i mdadm --manage /dev/md0 --add /dev/sd[hig] --level 6
#ubuntu-server 2013-07-07
<packetloss> working with 1 master, 2 slaves bind9 servers on ubuntu 12.04 and have a couple questions.
<gartral> can someone please point me to a clear, consise explination as to why a sysadmin such as myself would use Landscape rather than carefully constructed Cron jobs and rsync?
<gartral> because as far as 3 months of research has shown, Landscape is an aweful misuse of valuable system resources
<gartral> and, for reference, if one of these "Ubuntu Engineers" can come forth and say that you can effectively not only cut my administrative time, but also my TCO and MTTF by a significant portion of my current values which stand at 1hr/day, $30/year and 10 years respectively, then I may consider using Landscape, but I can't, for the life of me, find any quantifiable data on the subject
<gartral> also, as a side note, what's the benifits of a sysadmin upgrading to 13.04 for server if the system doesn't carry the LTS release standard that we've come to expect from conical?
<vlad_starkov> Question: Could anyone provide working vsftpd.conf for virtual users and TLS/SSL/FTPS enabled?
<arrrghhh> hi all.  I've read a few guides on how to do this, and I'm still a bit confused on how to achieve it properly.  I need to "split" my network - I have eth0 and tun0, a wired connection and a vpn client.  most traffic goes thru the VPN, but stuff like SSH I would like to just go thru eth0 - as I can't access my server remotely when the VPN is up.
<roaksoax> z/win 4
<arrrghhh> anyone?  routing help?  :)
<mustafa> hi i have installed drupal on my server and i can see the first page but i cant see the other pages or any link it said (The requested URL /node/10 was not found on this server.) please help??
<mustafa> hi i have installed drupal on my server and i can see the first page but i cant see the other pages or any link it said (The requested URL /node/10 was not found on this server.) please help??
<TheLordOfTime> !repeat
<ubottu> Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or http://ubuntuforums.org or http://askubuntu.com/
<mustafa> hi i have installed drupal on my server and i can see the first page but i cant see the other pages or any link it said (The requested URL /node/10 was not found on this server.) please help??
<mustafa> hi i have installed drupal on my server and i can see the first page but i cant see the other pages or any link it said (The requested URL /node/10 was not found on this server.) please help??
<arrrghhh> mustafa, did you read the response earlier from ubottu ?
<arrrghhh> !repeat > mustafa
<ubottu> mustafa, please see my private message
<arrrghhh> I have a question as well, but repeating it over and over is not going to get it answered quicker.
<mustafa> hi i have installed drupal on my server and i can see the first page but i cant see the other pages or any link it said (The requested URL /node/10 was not found on this server.) please help??
<arrrghhh> oy
 * MoleMan definitely didn't just uninstall all versions of the kernel :/
 * MoleMan knows he should probably reboot, but both doesn't want to loose his uptime, and is scared it won't come back up...
<morph3k> hey guys i have a problemâ¦I have a server that I enabled UFW onâ¦here is the paste: http://pastebin.com/k9vH1ggf
<morph3k> i just ran nmap on it and got this:
<morph3k> All 1000 scanned ports on ks3298021.kimsufi.com (176.31.119.208) are filtered
<morph3k> Nmap done: 1 IP address (1 host up) scanned in 208.25 seconds
<morph3k> so it looks like it didnt save my firewall settings or something. is there anyway i can by pass this?
<morph3k> it's on OVH if that matters
<mstafait> hi please help i have installed drupal cms on ubuntu box but when i want give privilige to my mysql using phpmyadmin its tell me error and when i show the local host on the browser its show but no link seems to be functional please help
<mustafa> hi i have a problem with ubuntu box running apache ,mysql ,i installed drupal on it every thing seems to be okay but it doesnt open the hole site just the first page no link seemed to be work said ( cant find the requested node 10 ) any body have idea?
<vlad_starkov> Question: Anyone know is it possible to share single htpasswd between Apache2 and vsftpd (through PAM)? I need to setup virtual users for vsftpd with password longer than 8 characters.
#ubuntu-server 2014-06-30
<_Sigma_> can anyone help me with an issue to do with using mpiexec over 5 nodes, one of them being ubuntu 14.04 and the others being ubuntu 12.04. my error message is:unrecognized argument usize. does anyone know whats going on, or at least point me in the proper direction
<Pinchiukas> Is there a way to make the installation of Ubuntu server smaller and less memory hungry?
<histo> Pinchiukas: yes install a minimal system
<Pinchiukas> histo: how?
<histo> Pinchiukas: expert install, net install, or use debootstrap
<histo> !lowmemory | Pinchiukas
<ubottu> Pinchiukas: For installing on low memory systems, this page has useful information: https://help.ubuntu.com/community/Installation/LowMemorySystems.  See also https://help.ubuntu.com/community/Installation/SystemRequirements.
<Pinchiukas> Is the "Install a command-line system" still available on the installation CDs?
<Pinchiukas> I don't remember seeing one and I don't have one on hand.
<histo> Pinchiukas: the server install is a command-line system
<histo> Pinchiukas: afaik it's only availible on the server and net/mini iso
<Pinchiukas> Ok, I'll try that, thanks.
<MACscr> wth, why would my ubuntu server keep getting a dhcp address if i have a static one assigned?
<MACscr> its very frustrating
<MACscr> nvm, for some reason the network manager was installed. i removed it. hopefully that solves it
<Sachiru> 0118 999 881 99 9119 725... 3
<lordievader> Good morning.
<kickinz1> morning
<lordievader> Hey kickinz1, how are you?
<kickinz1> good, and you? your pxe is working right now?
<lordievader> kickinz1: Doing good, haven't used PXE in a while but should still be good. (I get the feeling you are confusing me with someone else ;) )
<kickinz1> if so sorry ;)
<kickinz1> I was wrong yes, but that doesn't matter for the good morning, and the like ;)
<lordievader> kickinz1: True, true. Just thought I'd mention it to avoid any further confusion ;)
<Braden`> Hello
<Braden`> How would I modify /etc/init.d/php5-fpm to always perform "chown www-data.www-data /var/run/php5-fpm.sock" every time "service php5-fpm start" is called?
<Sachiru> Query: Why do you want php5-fpm to do that?
<Braden`> I noticed that after upgrading ubuntu, the new version of apache fpm actually cares who owns the sock
<Braden`> socket
<Braden`> I get 500 errors if I don't set the owner
<Sachiru> Okay... so why do you need to set the owner every time you start the service?
<Sachiru> And not, you know, set it once and be done with it?
<Braden`> Because the sock file is destroyed and recreated when the service is restarted
<Braden`> and when it is recreated it is owned by root.root
<Braden`> Sachiru:  I presume you know how to accomplish what I am wanting, or will you sit there and let me to continue to suffer?
<Braden`> :)
<histo> Braden`: you've been answered multiple times in #ubuntu
<histo> Braden`: that's probably not what you want to do. try adding "listen.owner = www-data" and "listen.group = www-data" to the conf file in /etc/php5/<other
<histo>  â                 | stuff here>
<histo> from ben64Braden`: that's probably not what you want to do. try adding "listen.owner = www-data" and "listen.group = www-data" to the conf file in /etc/php5/<other
<histo>  â                 | stuff here>
<Braden`> Oh, I didn't see that
<histo> stupid touchpad on this machine.
<Braden`> Thank you
<dkorras> hi all, please help me. i ahev created a bond interface on my UBuntu machine, but when I ifup bond0 i get the error:  sh: echo I/O error
<pmatulis_> morning
<dkorras> monring
<dkorras> morning
<mrfraggs> hi, thers some shell gui tool to configure the interfaces
<mrfraggs> whats it called again? i used it (i hope it was on ubuntu and not centos ...)
<jamespage> zul, hmm - there is a bug in cloud-archive-backportpackage
<jamespage> its generating the changelog against 12.04 for 14.04 targetted packages
<zul> jamespage:  erp
<zul> jamespage:  ill have a look
<jamespage> zul, ta
<no_gravity> Shouldnt a change of the A RECORD of a subdomain immediately have an effect? When i dig sub.mydomain.org ... why do i still get the old ip?
<rbasak> no_gravity: it's common for DNS responses to be cached.
<jamespage> zul, urh - glance is also not backporting from proposed for precise-icehouse - that rings a bell? didn't we have trouble in the lab with that one?
<zul> six
<no_gravity> rbasak: yeah.. i found out now. 1h ttl.
<zul> jamespage:  interesting http://paste.ubuntu.com/7726547/
<jamespage> zul, yeah - I think its assuming we are always backporting to precise still
<begginner> How do I get the system to mil itself (14.04 LTS)  I installed sSMTP and alpine and can send mail to other machines, but not to itself.
<RoyK> begginner: install postfix
<begginner> I just installed postfix as you suggested... still no luck.  Where do I look for error messages?
<RoyK> begginner: /var/log/mail.*
<RoyK> begginner: have you setup a firewall?
<begginner> I have not set up a firewall, but the server is behind one (10.17....)
<RoyK> begginner: then you need to setup port forwarding somewhere to allow the smtp traffic to enter your machine
<begginner> Where can I read about that?  I didn't know the firewall could stop mail from localhost to localhost
<RoyK> erm
<RoyK> no
<RoyK> it can't
<RoyK> begginner: so - trying to just 'mail myuser' won't send it?
<begginner> instead of silenec I am seeing error messages now in the mail log
<RoyK> pastebin that
<RoyK> !pastebin | begginner
<ubottu> begginner: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<begginner> Just a second... I'll try that.   But now that I install postfix I can no longer mail off that box to other machines
<RoyK> that's wierd indeed
<begginner> !pastebinit http://paste.ubuntu.com/7727205/
<begginner> I guess I did that wrong
<RoyK> caldwell is your username?
<RoyK> and add things like postmaster/hostmaster/abuse etc to /etc/aliases and run newaliases to generate the hash
<begginner> yes
<RoyK> begginner: it's really wierd - never seen this before
<begginner> the only line there is "postmaster: root"; do I just set the rest to root?
<RoyK> preferably your own user
<RoyK> or
<RoyK> set them to root and
<RoyK> root: youruser
<RoyK> that way you get the root mail too
<begginner> things might be working...
<RoyK> :)
<begginner> Thank-you very much...   I check more carefully in awile but I sent mail to myself and another machine...
<begginner> bye
<bitbyte> Is any one any good with grub available ?
<bitbyte> well summary of the issue is on : http://pastebin.com/9rvUhbPv
<sarnold> bitbyte: I don't actually see any problems / questions..
<bitbyte> sorry most the details are in the pastebin link, iâve added it in grub and now when the server reboot now bypasses grub and goes straight to booting and still canât find the keyfile to unlock the encrypted LVM
<sarnold> why bother with encrypted filesystems if the key is stored on the machine?
<bitbyte> the first I would say its good security practice to have it encrypted, the second I work away alot and oftern need to reboot the server, thirdly this is a dry run for putting the keyfile on a USB stick so the final prodcut is as long as USB is plugged in itll boot into the OS
<bitbyte> there are other reasons which iâm not going to get into but for the moment iâm a little stuck with grub
<pythonista> Tried to change the mysql directory, cannot get either mysql or apparmor to restart: http://askubuntu.com/questions/490075/error-restarting-apparmor-while-changing-mysql-data-directory
<frogblue> 'lo sry to ask but do you know any serious channel where I could have answer with apache2 directives. httpd channel seems like more a bash channel than anything else...
<rbasak> !ask|frogblue
<ubottu> frogblue: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<frogblue> rbasak, well the question is there, maybe not well written, I concede..
<lordievader> frogblue: I guess what rbasak means is that you can ask your apache questions here. Who knows perhaps someone has the answer ;)
<frogblue> didn't want to bother you with apache2 questions but if you invite me, ty then
<frogblue> I have several vhosts. each sites have an admin backend. I'd like to force http://site/admin to https://site/admin
<frogblue> without htaccess
<frogblue> I tried redirectmatch but i can only do redirectmatch (.*)/admin https://tld/admin  what i would like to do is something like redirectmatch (.*)/admin https://$1/admin but the backreference doesn't catch the tld aparently
<lordievader> frogblue: For as far as I know, what you want can be accomplished with apache's rewrite rules. However, I know next to nothing about apache's rewrite rules. But I'm sure someone else can help you with that ;)
<frogblue> so the last answer I had on #httpd was you must not use redirectmatch but you can do what you want to achieve
<frogblue> hence my coming here where I regurlarly read more sensible answers :)
<frogblue> lordievader, ty
<rbasak> frogblue: can you not just do one per domain? Why must your (.*) catch the domain name also?
<rbasak> frogblue: you can have per-virtualhost redirects
<frogblue> yeah am reading the redirects only right now. of course I can write one line per vhost but am intersting i n knowing if I can use a "catch for all" thing
<frogblue> meaning that only file would be needed to force site1/admin site 2/admin... site1000/admin to https://siten/admin
<rbasak> I got the impression virtualhost level was the highest level you could go for this sort of thing. But I'm not an expert in this area.
<frogblue> same for me :)
<SpinDoct0r> Does anybody have an experience troubleshooting 802.3ad network card bonding in Ubuntu Server 14.04 LTS. It claims to be up but will not send traffic.  http://paste.ubuntu.com/7728111/
<blaaa> I am thinking about installing some web/php-based management tools (e.g. phpldapadmin)
<blaaa> Is it good practice to use the packages in the repositories, or is it better to install packages like this manually into a php-environment (from the repository)
<genii> blaaa: Best practice is to use the repository packages, since if there are any crucial security updates, they can be applied.
<PryMar56> blaaa, of course the repo packages use standard locations and file extensions. This makes it easy for outsiders to target your setup files and try and get usefil info
<frogblue> rbasak, RewriteEngine On
<frogblue> RewriteCond %{HTTPS} !=on
<frogblue> RewriteRule ^/?administrator(.*) https://%{SERVER_NAME}/administrator/$1 [R,L]
<frogblue> this works. tooko me 9 freaking hours to get there...
<blaaa> genii: Yes, maintenance-wise it's a bit more straightforward, but If there are any patches, theyr would be easily applied manually to the manual packages as well, maybe even faster if I'd keep a close watch on mailing lists etc
<lordievader> blaaa: That's manual work. Why not let apt do the updates for you ;)
<blaaa> PryMar56: I suppose using packages like this at all is the greates risk, but managing ldap from the command line can be a pain (for me at least)
<lordievader> If I know one thing, its that sysadmins are lazy :P
<blaaa> lierdievader: yes, true :)
<blaaa> I have picked 14.04 lts for the lts part, so why wouldn;t I use that
<Jeeves_Moss> how do I setup circular logging on a bind server for queries
<Monotoko> anyone got any idea at all why different servers of mine keep rebooting into memtest?
<Monotoko> I can't find any documentation of this behaviour
<sarnold> Monotoko: a goofy / broken grub configuration seems likely
<Monotoko> sarnold, it just randomly reboots... without me touching it, the one time I've seen it happen it's said "Ctrl Alt Del pressed"
<Monotoko> when I reboot it again, it's fine
<sarnold> Monotoko: I wonder if some process is writing to /proc/sysrq-trigger
<sarnold> Monotoko: or maybe yo'uve got a noisy/busted usb hub or keyboard?
<Monotoko> sarnold, it's virtual
<Monotoko> no keyboard there to hit
<Monotoko> i've only ever had it open when it's done it once
<sarnold> Monotoko: on crazy.
<sarnold> Monotoko: check the /etc/sysctl.d/10-magic-sysrq.conf file -- you can disable to sysrq interface, that might do the trick
<sarnold> Monotoko: but it'd be best to figure out why it's happening. maybe you could use auditd to watch /proc/sysrq-trigger?
<Monotoko> il have a look... cheers, it took my primary nameserver out today so I'm just intent on stopping it happening on my important systems atm
<sarnold> yikes.
<Monotoko> I will see if I can figure out why on a test system
<tiblock> Hi. In what version a2ensite/a2dissite/a2enmod/a2dismod scripts was invented? I fail to find that information in google
<sarnold> tiblock: they've been there since lucid at least: http://packages.ubuntu.com/search?searchon=contents&keywords=a2ensite&mode=&suite=lucid&arch=any
<tiblock> sarnold, thank you
<Patrickdk> even longer :)
<Patrickdk> they where around in 7.04
<sarnold> it feels like they've been around for ever but I don't have the tools or data to figure it out :) heh
#ubuntu-server 2014-07-01
<byte> n8
<michael_> Hey i have been looking for something on how to put a 4 TB GPT parition into RAID 1 with another but have been unable to find anything. Has anyone here had to do RAID one with anything over a 2 TB parition?
<ruben23> hi guys i have a ubuntu server with system running already, now i added a volume to be used as strorage is it ok i create this new volume as rpimary partition..? it will not effect the existing system partition..?
<frogblue> no
<frogblue> how manw primary do u already have?
<ruben23> what you mean..?
<ruben23> i have one rpimary as existing being used by ubuntu server..
<ruben23> i added new one for storage and selcedt primary partition on it..is this ok..?
<frogblue> that's the beauty of asking several questions at once then u don't know what the answer is for :)
<frogblue> yes
<frogblue> are you planning to add more partitions in the future?
<ruben23> possible
<frogblue> then you might have to reconsider the overall partitioning scheme. gonna explain...
<frogblue> you can always add more partitions at anytime. with an msdos label disk, you will be stuck at 3 primary + 1 logical (in which you can put plenty more partitions
<frogblue> you can decide to have a GPT label, in which case you can add as many partitions as you want (ther's a limit but i don't know which one but it is irrelevant for most useres
<lordievader> Or you jump to LVM, this give you the ability to make partitions on the fly, resize them, destroy them. Whatever you want :)
<frogblue> you can decide to use LVM (on top of GPT, msdos) in which case
<ruben23> thanks a lot for the info..
<lkthomas> hey guys
<lkthomas> our auth system is kind of messed up
<lkthomas> password keep in LDAP and Kerberos
<lkthomas> how do you guys sync between LDAP and Kerberos ?
<jdmf> I'm using "debmirror" to create a local mirror of 12.04 and 14.04. I have problems downloading i18n using debmirror --i18n option. I have created a workaround, but I would rather use the debmirror for this. Any ideas?
<bdbear> anyone know if userdir suppors webdav, and if so have a link for some documentation on how to implement it.
<pds> looking for documentation on how to kickstart ubuntu server 14.04 - kickstart configurator gui or config file itself
<frogblue> bdbear, haven't played with that since a long a time but I would say yes but it might need to have the userdir inside the dav folder
<frogblue> bdbear, some stuff I gathered a while ago http://pastebin.com/95TzK4FV
<frogblue> bdbear, and this I just went thru very quickly http://serverfault.com/questions/291104/apache-and-per-user-webdav-documentroot
<bdbear> frogblue: tanks
<pds> looking for documentation on how to kickstart ubuntu server 14.04 LTS - kickstart configurator gui or config file itself - working on a 12.04 LTS to do so though
<pds> ubuntu 12.04 LTS desktop that is
<kas84> hi guys
<kas84> Iâve just installed ubuntu server (default install) and Iâm stuck at boot
<pds> does it give any errors?
<kas84> the last line says adding 3604476k swap on /dev/mapper/ubuntuâvg-swap_1. Priority: -1 accorss: 3604476k FS
<kas84> but it doesnât show any errors
<kas84> it was a default installation with no network config
<lordievader> kas84: Where does /boot reside? In a LVM volume?
<kas84> yes
<lordievader> kas84: Hmm, that can be problematic. It's easier to put /boot on a separate ext(2) partition.
<kas84> aha
<kas84> okay, Iâll re-run installation
<riply> Hi guys, I have just bought 3 new drives to upgrade an old intel s5000vsa server from RAID1 to RAID5, but ubuntu wasn't picking up the additional HDD. So I turned to the BIOS and it doesn't look like the MB is picking up the 3rd HDD either. I can sway the HDDs in the bays and they pick up all three HDDS, just not at the same time. In fact, it only registeres in 2 bays. So my question is - doesn't anyone have experiance with this damn motherboard haha
<milissa> http://adf.ly/pyduc
<RoyK> riply: check all cables etc. looks like this board has hwraid support - are you using hwraid or swraid?
<see1> hello
<see1> is the ubuntu php5-fpm bug fixed in the packed now?
<patdk-wk> what ubuntu php5-fpm bug?
<see1> packed error
<patdk-wk> your not making any sense
<patdk-wk> I guess you don't speak english
<see1> not the most ..yes
<josepht> s/packed/package/g I think
<patdk-wk> ya, but package error doesn't really describe a bug
<patdk-wk> it's way too generic
<riply> RoyK, are you still around?
<riply> it does indeed have HWR, but I am wanting to go SWR because I don't have spare controllers, etc.
<RoyK> riply: IMHO there are very good reasons for using mdraid (the most used swraid on linux)
<RoyK> the flexibility is far better than what i've seen on hwraid systems
<rattking> on one of my servers I am having a strange issue. the login screen has the Â£ symbol in place of the black spaces. I am at a complete loss for where to start looking into this problem. has anybody ever heard of anything like that?
<riply> RoyK, I totally agree!
<riply> RoyK, now I just need to get this MB to recognise the 3rd harddrive..
<rattking> I suppose I could start with the console font.
<RoyK> riply: enter raid setup (BIOS thing, normally) and create a raid0 on the third drive
<RoyK> riply: most RAID controllers won't show new drives unless they're configured as a member
<riply> RoyK, the problem is though that on the SATA page in the BIOS, it only shows the 2 drives :( I will try the raid setup tonight when I am at home and see if it gets picked up on RAOD 0
<riply> thanks man :)
<RoyK> np
<RoyK> riply: then, if you can make linux see it, perhaps create a broken r5 on it, move the data over from the old raid (or use external storage for buffer if the new drive's not large enough) and extend the new raid
<riply> RoyK, there is no old data :) These are 3 new HDDs entirely. The old ones are going to be plopped in as another raid1 back-up in the box (there are a few spare bays). I ran the Ubuntu setup last night and it only picked up the 2 HDDs, not all 3. So I figured that it was a BIOS / MB issue? But I have never done anything other than a HWR 0 so this' all quite new and exciting..
<riply> RoyK, so I just need to be able to get the Ubuntu Installer to see it and then was going to use the built-in SWR installer? Or is there a better way to do it?
<samba35> i have messed dpkg /var/cache/ with rm now i am not able to install any package can you please tell me how do i rebuild dpkg /debconf so i can install any package
<samba35> dpkg: error: cannot read info directory: No such file or directory
<samba35> E: Sub-process /usr/bin/dpkg returned an error code (2)
<RoyK> riply: then just configure three RAID-0 sets, one on each drive, or use JBOD if the controller supports it. Same result. Ubuntu should see the drives as separate drives if you do this correctly
<RoyK> riply: any luck?
<smoser> hallyn_, i assume the answer is yes.
<smoser> but lxc-device will set permissions on the added device to match the user namespace of the container?
<zartoosh> Hi I am trying very hard to create ubuntu iso from trusty with uefi enabled (remaster iso). Could someone please let me know how to do this please? thx
<RoyK> zartoosh: afaik the normal iso should support uefi
<zartoosh> RoyK: yes but I had to customize it for our use. I needed to add preseed file (no internet access). Any idea how to do it please?
<RoyK> no, sorry
<RoyK> no internet access on install?
<zartoosh> what i mean is that we need to remaster the iso, because of our lab environment
<RoyK> ok
<RoyK> sorry, can't help there
<RoyK> haven't done that in years
<caribou> rharper: are you chairing the meeting this week ?
<caribou> rharper: just to let you know that I won't be able to be there. Nothing particular on my side
<gnuoy> jamespage, is https://code.launchpad.net/~gnuoy/python-ceilometerclient/update-control/+merge/225187 on the right lines ?
<gaughen> caribou, it's lutostag this week
<jamespage> gnuoy, looking OK - your new friend is going to be "wrap-and-sort -s"
<gaughen> unless lutostag bribed rharper to do it for him
<jamespage> gnuoy, also watch out for epochs
<jamespage>  python-keystoneclient | 1:0.9.0-0ubuntu1 | utopic  | source, all
<jamespage> so python-keystoneclient needs to be (>= 1:0.9)
<gnuoy> jamespage, wrap-and-sort is defo my new bezzy mate
<gnuoy> jamespage, ok, let me fix those things, thanks
<jamespage> gnuoy, trying to make another comment on the MP - LP is not being friendly
<gnuoy> jamespage, thats me
<gnuoy> I yanked the mp
<jamespage> ah
<gnuoy> sorry about that
<jamespage> gnuoy, np - you can always mark then work-in-progress and keep pushing your branch with updates
<gnuoy> ah, perfect
<caribou> gaughen: ah ok thanks.
<caribou> lutostag: just to let you know that I won't be able to be there. Nothing particular on my side
<lutostag> caribou: alright, that works; thanks for the heads up
<gnuoy> jamespage, where I'm seeing something like "pbr>=0.6,!=0.7,<1.0" and 0.8.2 is in the archive I'm going for (>= 0.8.2). Does that sound sane ?
<jamespage> gnuoy, +1
<gnuoy> ta
<jamespage> gnuoy, I'd probaly drop to 0.8
<gnuoy> ok
<hallyn_> smoser: you cannot use a device in a user namespace
<hallyn_> so i doubt whether lxc-device currently bothers to chown the device to the container root
<hallyn_> stgraber: ^ right?
<smoser> why can you not use a device in user namespace?
<stgraber> hallyn_: I believe lxc-device simply errors out if called against an unprivileged container
<hallyn_> kernel won't let you
<zoraj> hello there, I'm just setting up Subversion on my server running the latest version, but I can't find where can I start the subversion daemon
<smoser> hallyn_, how does the kernel not let you?
<zoraj> it says /etc/init.d/svnserve
<smoser> if i create the device node inside that container
<smoser> ^ as root
<zoraj> but there is no file like that on the directory
<smoser> and then change ownership and permissions on that such that the root user inside the container owns it
<hallyn_> smoser: anything requiring capabilities for device access will require that you have the capability against the init namespace
<smoser> shouldn't that work?
<hallyn_> if the device itself doesnt' require any capabilities to use it, then yes
<smoser> well lxc-device only works for block devices and network devices
<smoser> er.. ok it does work for more things . i thought man page said otherwise.
<smoser> but i'm only interested in block and net.
<hallyn_> hm, net devices should be do-able.
<hallyn_> stgraber: ^ if root has created an unprrivileged container it should be able to pass in nic's
<hallyn_> smoser: if that doesn't work for you, open a bug pls
<smoser> hallyn_, well if it doesn't set permissions to the namespaced permissions its not goign to work.
<stgraber> hallyn_: hmm, indeed
<zoraj> hi there
<zoraj> I've just finished installing subversion on my box, and installing subversion on it, I try to check out my repo using this command svn+ssh://192.168.1.2
<zoraj> --username my_user_name
<zoraj> it doesn't recognize my password
<sarnold> zoraj: it's been a while since I've used svn, but iirc svn+ssh lets you set the username via a ~/.ssh/config entry for that host...
<sarnold> zoraj: can you ssh username@192.168.1.2?
<sarnold> zoraj: it'd be best to set up key-based authentication instead anyway, but you need to be able to log in somehow in the first place :)
<zoraj> sarnold, ssh-ing username@192... works fine
<zoraj> is it the same password that I use to connect with ssh ? or there is some svn.conf that I have to edit ?
<sarnold> zoraj: iirc the svnserve method might have usernames / passwords in an auth file, but the svn+ssh method just worked if you could log in..
<zoraj> I prefer the svn+ssh method
<sarnold> yeah, I think I would too :)
<sarnold> zoraj: hmm. well, log in to the remote server, tail -f /var/log/auth.log, and then try your svn co command again
<zoraj> sarnold, check pass, user unknown
<zoraj> authentification failure;
<zoraj> Failed password for invalid user zoraj from 192.168.1.12
<zoraj> port 62227 ssh2
<zoraj> I did a "svn co svn+ssh://zoraj@192.168.1.2@" and it's ok but now it says No repository found
<zoraj> how can I tell it that the repo are all in /home/svn
<zoraj> ?
<lenios> zoraj, svn co svn+ssh://zoraj@192.168.1.2/home/svn
<zoraj> lenios, ok thanks, it works now
<zoraj> lenios, how do I do that the user check out in svn+ssh://192.168.1.2/project_name ? instead of svn+ssh://192.168.1.2/home/svn/project_name
<sarnold> zoraj: cool; you ought to be able to add a "host 192.168.1.2 user zoraj" stanza to your ssh config; check out the ssh_config manpage for details
<zoraj> sarnold,hmm.. I'm afraid I understand what you mean
<sarnold> zoraj: the ssh client can probably remember your username for you :)
<zoraj> sarnold, ah ok
<zoraj> if I use "svnadmin create", I dont have to use "svnserve -d" right ?
<lenios> zoraj, what are you trying to do?
<zoraj> lenios, I want to create all of my repo here /home/svn/
<zoraj> so I do this, svnadmin create my_repo1, svnadmin create my_repo2
<zoraj> so people can do a check out like this : svn co svn+ssh://192.168.1.2/my_repo1 and so on
<zoraj> basic :) nothing special
<zoraj> instead of svn+ssh://192.168.1.2/home/svn/my_repo1 ...
<lenios> you'll need to use the -r option of svnserve
<lenios> you can force it on the ssh access key (see http://coderazzi.net/howto/security/ssh_svn.html for example), or create a wrapper
<zoraj> lenios, thanks for the link, it seems to be really helpful,
<med_> zul, happy Canada Day, eh?
<med_> And soon, like all Canadians, you can chant "U-S-A, U-S-A" to world cup soccer^W futbol.
<blaaa_> Any suggestions for a personal file sync server? I don;t really like owncloud, as it it is a bit too bloated. Seafile? Something else?
<sarnold> what featureds are you looking for? rsync?
<maswan> or something like git-annex-assistant?
<blaaa_> It's supposed to have a nice web interface and it should be possible to share files with specific other people. I had been using webdav for my own purposes
<blaaa_> but that felt too technical for some other users
<blaaa_> pydio might be interesting as well
<michael_> hello could anyone give me some small assistance in putting a 4TB GPT partitioned hard drive into RAID 1
<michael_> or if i should do something else to get teo 4tb harddrives into raid 1
<michael_> two*
<sarnold> michael_: I hope this is useful: https://help.ubuntu.com/14.04/serverguide/advanced-installation.html
<michael_> thanks that looks like it could be what i need. I was googling for something useful yesterday for about an hour and was coming up with nothing. Thanks for the help :)
<sarnold> michael_: I can imagine, there's probably thousands of copies of ancient guides for linux 2.2 and so on :)
<michael_> yes that was the issue lol
#ubuntu-server 2014-07-02
<zartoosh> hi on ubuntu 14.04 the network interface is named em1 and p1p6, how could I change this back to eth0 and 1. I have tried may different way as suggested by googling on this matter with no success.
<Patrickdk> simple
<Patrickdk> uninstall that damned biosdevname package
<Patrickdk> update your initrd files
<Patrickdk> reboot
<zartoosh> Patrickdk, it did not work, here is what I did:  apt-get purge biosdevname; update-initramfs -u; reboot     ??
<zartoosh> I can not ssh to the system,
<Patrickdk> well, if the interfaces changed back to eth0/eth1 instead of em1/p1p6, oviously networking wouldn't work
<Patrickdk> till you updated it atleast
<zartoosh> yes, it did changed to the eth0/eth1. but I have to run dhclient manually to get Ip address on eth0.
<Patrickdk> so?
<Patrickdk> that says the issue is fixed
<Patrickdk> did you expect dhclient to run automatically?
<zartoosh> on next reboot i have to do the same thing again manually, I am hoping this be done once.
<Patrickdk> that isn't so, you have to configure that yourself
<Patrickdk> well, configure it to do so
<zartoosh> so then there are some configuration also needed to be changed?
<Patrickdk> sure, /etc/network/interfaces
<zartoosh> okay great thanks I go changes those now and see how it goes.
<zartoosh> that didn't do it, there should be some other configuration file needed to be modified?
<xpistos> Hey all I am having some troubel when I try to use apt-get anything i do tells me E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify a solution), but when I do  it tells me the disk is full although I have plenty of space
<xpistos> Any Ideas?
<cfhowlett> xpistos spring cleaning
<xpistos> cfhowlett: I am all for that but not sure what to do
<cfhowlett> xpistos sudo apt-get clean && sudo apt-get autoremove && sudo apt-get purge
<xpistos> cfhowlett: what does that remove?
<xpistos> unused stuff?
<cfhowlett> xpistos  after that, run df -h
<cfhowlett> xpistos your downloaded packages are retained in the apt/cache      - a major memory hog if you never empty it.  these commands do that
<xpistos> cool. thanks
<xpistos> cfhowlett: E: Unmet dependencies. Try using -f.
<cfhowlett> xpistos but no longer full disk?
<xpistos> my home has 6 gb free
<genii> I wonder how much /boot has
<cfhowlett> xpistos holy!!!  that's pretty tiny ...
<xpistos> cfhowlett: home has a small seperate drive. I have a /data drive with files on it
<cfhowlett> xpistos ahhh.  nice.
<xpistos> cfhowlett: I usually partition with a 300mb /boot, 20gb /, 20 gb /home and the rest is data
<cfhowlett> xpistos for comparison: my hdd has 211G for /home and my ubuntustudio uses only 9.8G
<xpistos> cfhowlett: and swap too of course
<xpistos> cfhowlett: this is an old server and I am just trying to squeeze another few months out of it before I erase everything and put dsl or puppy on it or somethig
<xpistos> cfhowlett: I am running disk analysis to be sure
<cfhowlett> xpistos sounds about right.  I'm not the one to advise on server issues, but I do recall that server logs can easily grow exponentially ...
<xpistos> that might be it
<xpistos> cfhowlett: it thinks /usr is full
<xpistos> ??
<cfhowlett> xpistos yeah, that don't sound right.  ask over in #ubuntu         Don't want to give you bad intel...
<xpistos> cfhowlett: Will do. thanks for giving it a go mate!
<tohuw> Is there a compelling reason to use a 64-bit kernel for a lighweight (1-2 GB RAM) web server?
<qman__> Software compatibility and platform unification
<cfhowlett> tohuw compelling?  no.  more that if your system is 64 bit capable, there's little reason to run anything else.
<tohuw> yeah. makes sense. this post was helpful: http://unix.stackexchange.com/questions/38369/running-64-bit-linux-with-750-mb-of-ram-worth-it
<cfhowlett> tohuw perhaps ask in ##linux for additional input
<tohuw> I feel comfortable enough with the input Iâve received where Iâve asked and looked thus far. :) Itâs not life or death to begin with.
<jak2000> cant create wp-content/uploads/2014/07 folder, the "ls -l" show me these results: drwxr-xr-x 2 jak ftp 4096 Jun 22 17:40 uploads   wich is wrong?
<Braden`> Hello
<Braden`> I just recently did an apt-get upgrade, and now whenever I try to do mysqldump, I get mysqldump: Couldn't execute 'START TRANSACTION /*!40100 WITH CONSISTENT SNAPSHOT */': Unknown command (1047).  Does anyone know how to solve that?
<jak2000> how to fix this error: sudo: unable to resolve host ubuntu1204
<vychune> im having trouble writing files to /var/www. Neither the admin or I can write to it. We've even done the 777 dumba** permissions and still cannot write. Any idea why?
<vychune> helloooooo
 * genii slides vychune a coffee
<vychune> water will be fine
<vychune> lol
<genii> vychune: I'd normally take it on but it's very late here and don't want to mess up permissions, etc
<vychune> genii:  :(
<vychune> we've been messing it up all night
<genii> vychune: If you don't have it sorted later today, you could try next time I'm online, which is usually 10am-5pm weekdays EDT
<vychune> ok then
<vychune> thanks for all you do, i see you help so much already
<vychune> and isnt it like 2 on the east coast? lol genii
<genii> Heh, yes, 2am here now.
<genii> Up late due to Canada Day fireworks in the neighbourhood
<vychune> LOL
<vychune> that sucks
<jak2000> genii any advice?
<genii> jak2000: No more advice tonight, unfortunately.
<genii> Bed soon.
<jak2000> :)
<vychune> get earplugs, bed sooner lol
<ciastek> How to disable IPv6? I've tried with sysctl, but it doesn't work: https://gist.github.com/ciastek/b9d64d31bf473b2aaf77
<peetaur2> ciastek: do you have an ipv6 address in some routing or dns config somewhere?
<ciastek> peetaur2: not sure where to look for that info. `ip route` and `cat /etc/resolv.conf` shows no IPv6 addresses
<peetaur2> that's the right place to look then.
<peetaur2> (unless nsswitch.conf or some other thing has overridden them)
<RuNnNy> I get this at boot "Stopping Read Required Files In Advanced"
<RuNnNy> This is most likely due to some of the services I'm starting
<RuNnNy> my web server gets initiated, but I can't ssh into the machine, it's stuck somewhere in boot
<zul> hallyn_:  libvirt 1.2.6 is out
<hallyn_> zul: yeah?
<zul> yeah
<gnuoy> jamespage, fwiw I've only found 4 packages in the openstack requirements.txt  which cannot currently be satisfied by the versions in utopic (python-msgpack, python-pecan, python-paramiko and python-neutronclient)
<gnuoy> #
<jamespage> gnuoy, good
<jamespage> zul: gnuoy has been busy :-) ^^
<zul> jamespage:  good...i like to keep him busy :P
<gnuoy> jamespage, zul, I'm champing at the bit to resolve these 4, what's the next step ?
<jamespage> gnuoy, update them
<jamespage> :-)
<zul> gnuoy: what jamespage said
<jamespage> gnuoy, what's the version difference like?
<gnuoy> jamespage, http://paste.ubuntu.com/7736717/
<jamespage> gnuoy, I'd check 'rmadison XX' for each of those first
<jamespage> gnuoy, you need to determine whether a) its already in utopic but held up in -proposed due to build or test failures b) not in utopic, but can be synced from Debian which does have the right version
<gnuoy> ohh, python-pecan is fixed in utopic-proposed
<jamespage> c) neither of the above and needs a upgrade in Ubuntu
<jamespage> gnuoy, http://people.canonical.com/~ubuntu-archive/proposed-migration/update_excuses.html
<jamespage> tells you why its still in proposed
<gnuoy> jamespage, thanks for the tips
<GrueMaster> Can anyone help, I have a server running 14.04 (upgraded from 12.04), and now one of the Windows 7 VMs in qemu-kvm won't restart.  It complains that "numad is not available on this host", and the libvirt config keeps adding a numatune section.  Other VMs are fine.
<cfhowlett> GrueMaster might query in #ubuntu-server
<GrueMaster> Erm, this is #ubuntu-server
<cfhowlett> GrueMaster D'OH!   right.  too many tabs.  sorry.
<fridaynext> if i'm running a cronjob that needs to hit a url, does the url need to be in quotes?
<RoyK> fridaynext: some cronjobs can be hard to quote up IMHO - make a shell script - test it - cron it
<lordievader> Good evening.
 * patdk-wk perfers params to always be in quotes
<patdk-wk> it makes things more predictable
<frogblue> 'lo, test    ALL = /usr/sbin/service apache2 restart allows my test user to restart apachae2, is there a one liner in sudoers to allow me all operations on apache2?
<frogblue> I mean to allow my test user
<sarnold> frogblue: try this:  test    ALL = /usr/sbin/service apache2 *
<frogblue> nope
<frogblue> bah gonna write 4 lines and that'll do
<tonyyarusso> Hi, we'd like to have SpamAssassin listen on a Unix socket rather than TCP, but I don't see any indication of a "normal" location for that socket.  My first thought was to have it in a subdirectory, eg. /var/run/spamassassin/spamd.sock, but since the /var/run/spamassassin directory doesn't exist after a reboot currently, I'd need to either a) edit the init script to create the directory first, and remember to do that if any ...
<tonyyarusso> ... future package upgrades overwrite my change, or b) put it in /var/run, ignoreing the FHS recommendation that if an application has more than one file it should use a subdirectory.  Thoughts?
<sarnold> frogblue: d'oh. yeah, a handful of lines is nice and easy.
<frogblue> arf :)
<frogblue> am in the sudoers man5 but with no luck so far
<sarnold> frogblue: no kidding. that's a rough manpage.
<frogblue> hmmm, in fact     test    ALL = /usr/sbin/service apache2 allows the user to restart but not reload
<frogblue> eventhough estart is not mentionned
<sarnold> frogblue: tbh i'm always skeptical of extra arguments with sudo; I'd rather write a stupid little C helper if I wanted to allow executing one specific program with specific arguments but not other arguments..
<frogblue> right but has to be knowledgeable in C, which is not my case :) nor in any kind of languages in fact
<frogblue> sarnold, that was a bad syntax from me...  right syntax  test ALL=(ALL) /usr/sbin/service apache2 re*
<frogblue> had spaces before/after =
<sarnold> frogblue: ARGH. I hate sudo. :)
<sarnold> frogblue: thanks for reporting back :)
<frogblue> but i don't get what the second ALL is for. working as well without it
<frogblue> https://kura.io/2010/01/13/howto-debian-sudoers-explained/
<histo> frogblue: what second all?
<frogblue> test ALL=(ALL)
<frogblue> after =
<histo> any host
<frogblue> that's the first
<histo> as any user
<histo> sorry i'm tired
<frogblue> can't understand "is the user(s) to allow the user to run commands as "
<histo> frogblue: what?
<GrueMaster> Reposting as I have had no response.  Can anyone help, I have a server running 14.04 (upgraded from 12.04), and now one of the Windows 7 VMs in qemu-kvm won't restart. It complains that "numad is not available on this host", and the libvirt config keeps adding a numatune section. Other VMs are fine.
<frogblue> histo a sentence i found in a web page explaining sudo
<histo> frogblue: yeah Let's them run as any user
<histo> s/Let's/lets/
<frogblue> oh well. have this command working now, not going to blow my neurons
<frogblue> histo, still don't get
<histo> it's tricky. if you man sudoers and scroll down quite a bit for some of the examples it will make sense
<sarnold> hallyn_,zul, any ideas with GrueMaster's qemu-kvm issue? ^^
<zul> GrueMaster:  nope
<zul> sarnold:  i mean nope
<sarnold> zul: thanks :)
<frogblue> histo, ok. had trouble understanding running as another user. understand now sudo -u anotheruser
<frogblue> guess am a bit tired as well :)
<frogblue> thx for the help
<hallyn_> sarnold: GrueMaster: might just try 14.10 to see if that fixes it;
<hallyn_> GrueMaster: you mean that you 'virsh edit domain', remove the numatune section, save and quit, and the numatune section gets re-added?
<hallyn_> GrueMaster: if so, please go ahead and open a bug, and append your domain .xml.  will have to try to reproduce, as it certainly doesn't do that for me
<toyotapie> My boss just made me setup an OpenVPN tunnel between a Ubuntu server and a Windows 2000 Server. I think my boss is trying to remind me how appreciative I should be that we can run Ubuntu at work.
<jrwren> windows 2000? as in, 14 years old?
<hallyn_> windows 2000, as in newer than xp
 * hallyn_ is an optimist
<jrwren> 2000 was before XP.
<RoyK> toyotapie: hehe - win server 2k12r2 just came out, perhaps time for an update? ;)
<RoyK> jrwren: win2k arrived just before windows ME
<RoyK> jrwren: but then, win2k was based on the winnt platform, which arrived in winxp, so not that ugly as winme
<toyotapie> True, but it's still really old in IT time.
<RoyK> jrwren: that is, the winnt platform arrived with OS/2, microsoft stole it and named it winnt 3.1 etc etc etc
<genii> IBM and MS had a split in 92-93 and the courts decided both could use the same kernel to build on. So IBM's became OS/2 and Microsoft's became the NT core.
<genii> They evolved from there.
<jrwren> RoyK: i lived all that. I remember :)
<RoyK> jrwren: ;)
<toyotapie> To be fair, the Windows 2000 server does what the customer wants it to do.
<toyotapie> mainstream support for windows 2000 only ended 9 years ago
<RoyK> tohuw: you'd be better off with an ubuntu 8.04 than with win2k
<tohuw> RoyK: ?
<tohuw> oh, wrong highlight
<RoyK> perhaps
<RoyK> toyotapie apparently left
<`Fibz> i dont know the mysql password for this machine. i have tried purging mysql and tried using tasksel to remove and re-install the lamp stack but when i re-install, it never asks for a mysql root password. how can i rebuild the stack from scratch without re-installing ubuntu?
<RoyK> `Fibz: just start mysqld with --skip-grant-tables
<genii> `Fibz: Basic process: https://help.ubuntu.com/community/MysqlPasswordReset   although perhaps use service mysqld stop instead of the old init.d way shown there
<RoyK> `Fibz: or perhaps jfgfi ;)
<`Fibz> ?
<RoyK> http://justfuckinggoogleit.com/images/bart.gif
<`Fibz> if you dont have anything nice to say, perhapse keep it to yourself
<RoyK> `Fibz: I did give you a good advice
<GrueMaster> hallyn_: Sorry for not getting back, work laptop crashed - couldn't connect to my irc server (Quassel).
<GrueMaster> I found out the reason the virsh edits were not sticking was another user was also trying to change the system settings.  He has been slapped for his efforts.
<GrueMaster> But still, what is the numad daemon and where is it in the repo?  Google had one reference to Fedora (shudder).
<GrueMaster> And I can't really do much with 14.10 other than testing, as this is a production environment.  I've fought hard to get everything on Ubuntu LTS (12.04/14.04) for the last 2 years.  Was a mixed bag of OpenSuse, Fedora, FreeNAS, etc.
<hallyn_> GrueMaster: so long as removing it by hand sticks, you're ok.  how it got in there, my guess woudl be virt-manager?  Did you use vir-tmanager under precise to create the domain?
<GrueMaster> Yes originally.
<GrueMaster> It worked fine until we tried to bump it to 4 vcpus.
<hallyn_> yeah, i still think this is worth looking into, but i'm not sure where to start.  Could you create a new vm under vir-tmanager and see if it adds the stanza again?  Then file a bug
 * hallyn_ out, but bbl
<adam_g> hallyn_, do you know if libvirt recreates required sub-directories in its state path /var/lib/libvirt/  if they get removed?
<hallyn_> adam_g: i think so...  i've never had to re-create them myself when i've messed things up
<memoryleak_> hi
<memoryleak_> hi
<sarnold> hello memoryleak_; note that in huge channels it's not too common for people to expect replies to 'hi', since that'd be a few hundred responses...
<sarnold> nothing else would ever be discsussed :)
<memoryleak_> right :)
<memoryleak_> sorry for off-topic, but how can I find a channel operator?
<sarnold> memoryleak_: the #ubuntu-ops channel has some
<sarnold> memoryleak_: in general, /msg chanserv access list #channelname  ought to show you
<memoryleak_> sarnold: Thanks, that's very helpful!
<jrwren> uvt-kvm list shows a VM, but virsh with system or session doesn't list it
<jrwren> *doh* and immediately after asking, I remember virsh doesn't list inactive by default
#ubuntu-server 2014-07-03
<`Fibz> I could use some help with https://bugs.launchpad.net/ubuntu/+source/php-mcrypt/+bug/1243568 Trying to install a PHP script and i'm getting this: http://xroads.x10.bz/xroads-network/file/pic/photo/2014/07/Spike-634pm.png
<uvirtbot> Launchpad bug 1243568 in php-tokyo-tyrant "put ini in correct path" [Undecided,Confirmed]
<`Fibz> i have mcrypt, curl and gd installed
<Sachiru> Query: To get around the 15-connections-per-client limit of GMail, would you advise me to build an IMAP caching server for our department's use (department email, thunderbird clients connect to imap cache, imap cache connects to google)?
<Phibs> so I install 14.04, apt update and reboot, and it sits at grub forever (headless server)
<Phibs> https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/797544
<uvirtbot> Launchpad bug 797544 in grub2 "grub2 waits forever for keystroke before booting default OS.  headless server. hang." [High,Fix released]
<Phibs> ffs still a bug
<Phibs>  "GRUB_RECORDFAIL_TIMEOUT=5" in /etc/default/grub
<Phibs> lol how do you ship a broke ass LTS
<Phibs> that was the same bug fixed in 12.04
<histo> Phibs: not broken when I test
<Phibs> histo: weird, broken for me
<Phibs> adding GRUB_RECORDFAIL_TIMEOUT=5 to /etc/default/grub fixed it
<histo> where's is the fix released?
<histo> Why is that assigned to nobody?
<histo> silliness
<Phibs> its an old ticket but still seems to apply to 14.04 :(
<Phibs> cause it applied to 12.04 too
<Phibs> I dunno that whole grub setup ubuntu has for newer versions is horribad
<Phibs> esp for servers
<histo> yeah
<histo> appears that way.. how sad
<zartoosh> hi is it possible to install two instances of trusty  (dual boot) on a disk in EFI mode?
<kaitanya> zartoosh: i can google. i have time :)
<kaitanya> zartoosh: dont even know what is EFI-mode
<kaitanya> :)
<kaitanya> zartoosh: okay. too hard for me because EFI is unknow for me
<kaitanya> zartoosh: u may wanna ask this also in #ubuntu
<histo> zartoosh: yes
<hgl> after i install dnsmasq, /etc/resolv.conf keeps pointing to 127.0.0.1. i wonder what might cause the link and how could i break it.
<ruben23> hi guys i got a ubuntu server - is there any application where i can do snapshot for the whole system on a daily basis somehow..?
<histo> hgl: also try ##linux
<hgl> histo, k, thanks.
<frogblue> ruben23 you could do that with LVM
<frogblue> if you have set up LVM
<Voyage> Why do I see this after an upgrade: Forbidden You don't have permission to access / on this server. Apache/2.4.6 (Ubuntu) Server at localhost Port 80
<ruben23> can you give some guide how to do it..?
<frogblue> google for that, plenty of stuff available. start with LVM page
<frogblue> voyage is it a "simple" apache2 setting?
<Voyage> frogblue,  simple?
<frogblue> nothing fancy you did after setting up aapache in the first place?
<Voyage> no, I had it working, just upgraded my ubuntu system. apache might have upgraded too. now it dont work
<frogblue> check if you need to reboot the server
<frogblue> cat /var/run/reboot-required.pkgs
<frogblue> or restart apache
<frogblue> sry not restart as it works
<frogblue> but no permission. have a look at the apache log
<Voyage> frogblue,  did did the reboot.
<Voyage> frogblue,  my site config. http://pastie.org/9349100
<frogblue> /var/log/apache2/error.log and access.log
<frogblue> oh userdir
<frogblue> am not familiar with that
<frogblue> oh no sry no userdir, correct
<Voyage> 27.0.0.1 - - [03/Jul/2014:10:55:39 +0500] "GET / HTTP/1.1" 403 492 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0"
<Voyage> [Thu Jul 03 11:01:18.323257 2014] [authz_core:error] [pid 4136] [client 127.0.0.1:56387] AH01630: client denied by server configuration: /home/user1/www/apache/
<Voyage> frogblue,  no user dir?
<frogblue> forget userdir, you are not using them
<Voyage> you mean I should not user a user dir?
<frogblue> correct the documentroot to default and sse if it works
<frogblue> s/sse/see
<Voyage> well, it was working fine before.
<Voyage> ok
<frogblue> DocumentRoot /var/www/html
<frogblue> sudo service apache2 reload
<Voyage> can I just change the server configuration?
<frogblue> was working, all is in was :)
<frogblue> server config, if you tweaked it in anyway yes. my point is go back to basic then redo things to pinpoint where you are stuck
<frogblue> during the upgrade did it ask you if you wanted to overwrite some apache2 files?
<Voyage> i didnt override and kept the old ones
<frogblue> might be the probel then
<frogblue> problem
<frogblue> back up your /etc/apache2 folder and do a reinstall of apache2 and accept the change
<Voyage> hm.
<frogblue> cause obviously the upgrade can't have changed permissions on you user/folder
<frogblue> how do access (URL wise) your site?
<frogblue> http://localhost i presume
<Voyage> reinstall works
<frogblue> you accepted a change that time?
<Voyage> yes. localhost
<Voyage> yes
<Voyage> well, I purge removed and reinstalled.
<Voyage> nothing was asked any way
<frogblue> glad it is working now
<Voyage> well, it does not lets me make the dir as home//..
<frogblue> huh?
<frogblue> leave 000-default untouched and make a vhost
<frogblue> then enable the new site
<frogblue> no hang on
<frogblue> it is working with 000-default. then you the default with new documentroot?
<frogblue> you tweak with...
<frogblue> you do a reload and it says what?
<frogblue> no bitching when it reloads?
<Voyage> yes
<Voyage> no errirs
<Voyage> errors
<frogblue> the http://localhost and still a permission problem?
<frogblue> s/the/then
<Voyage> hm. let me see
<frogblue> also apache2.4 directive are changing from apache2;2
<frogblue> Order allow,deny
<frogblue>                 allow from all
<frogblue> is now  Require all granted
<Voyage> so where should I put those lines?
<frogblue> first thing first. still a permission problem?
<Voyage> ya
<frogblue> check the permission of your dir
<Voyage> i cant make it in home dir
<Voyage> the default location works
<frogblue> revert 00-default to the default state.
<Voyage> then?
<frogblue> then   sudo ln -s /home/user1/www/apache /var/www/html/test
<frogblue> sudo service reload to activate the change back in 000-default
<frogblue> http://localhost/test
<Voyage> ya but my site is hard linked to /home/user1/...
<Voyage> localhost/test will work.
<Voyage> but I cant
<Voyage> move files
<frogblue> man I don't understand what you are telling me, sry
<frogblue> but form what I hear, permission problems then look in the permission of your dir
<Voyage> permissions is 777
<frogblue> that's a bit too much :)
<frogblue> well the only advice I can give you is to restart from the beginning and avance one step at a time until it doesn't work then you know what's wrong
<frogblue> get rid of hard links and whatsoever
<frogblue> ln -s is quite enough
<frogblue> http://httpd.apache.org/docs/2.4/upgrading.html
<Voyage> http://wiki.apache.org/httpd/ClientDeniedByServerConfiguration
<Voyage>  where should these configs go into? apache2.conf or 000-default.conf ?
<frogblue> you don't read what I write...
<Voyage> sorry. did I missed any thing?
<jpds> Voyage: /etc/apache2/sites-enabled/*
<frogblue> this also is changin in apache2 2.4 Options Indexes FollowSymLinks MultiViews
<frogblue> you need plus sign
<frogblue> Options -Indexes +FollowSymLinks +MultiViews
<Voyage> + sig for what?
<Voyage> where
<frogblue> well +Indexes in you case
<Voyage> wher do I need to put this
<frogblue> revert to default, read http://httpd.apache.org/docs/2.4/upgrading.html, make small changes at a time and you'll get there
<frogblue> and use vhost instead of 000-default
<frogblue> gotta split now
<Voyage> frogblue,  can you please tell where to put this config lines? Order deny,allow
<Voyage> Deny from all
<Voyage> or what ever lines
<Voyage> in which config file/
<jpds> Voyage: I already said: /etc/apache2/sites-enabled/*
<jpds> Voyage: Look for the <Location> or <Directory> options in there.
<Voyage> jpds,  frogblue   can you please tell where to put this config lines? Order deny,allow
<Voyage> <Voyage> Deny from all
<Voyage> <Voyage> or what ever lines
<Voyage> <Voyage> in which config file/
<jpds> Voyage: ...
<Voyage> jpds,  frogblue  http://pastie.org/9349216
<Voyage> jpds,  that correct?
<Voyage> frogblue,  jpds  by the way, now I cant open .php pages. it just shows the php script....     despite i have installed php5.
<Voyage> jpds,  frogblue
<Voyage>   the forbidden dir case is solved though
<Voyage> I cant see apache 2.4 to see / recognise or even include php5 in its mods-available. I upgraded from 12.04 to 13.10. I have php5 installed.  the apache guys referred me to this channel
<frogblue> well i assumed wrongly cause I ddin't ask that you were on 14.04. i should know better though... upgrade to 14.04 you have nothing to do with 13.10, it will only bring you problems
<pmatulis> morning
<zartoosh> histo you said yes to my answer, have you done it please?
<histo> zartoosh: yes it's trivial
<zartoosh> histo, thanks for getting back to me. I had done installation of 12.04 in non uefi mode. My main issue is the efi partition (fat32) gets corrupted, how did you manage that please? thx
<zartoosh> histo, the efi partition gets corrupted when I install the second instance of the trusty.
<histo> zartoosh: so you want one bios mode and one efi mode?
<zartoosh> histo: no I want both instantances to boot in efi mode.
<histo> zartoosh: okay install one, leave space on the drive, install two
<zartoosh> histo, yes but the both instance should share the same efi partition which mount on /boot/efi  am I right?
<histo> zartoosh: yes
<histo> zartoosh: you only need one efi partition
<histo> zartoosh: What is the reason you want to dualboot ubuntu with ubuntu by the way?
<zartoosh> histo, thanks, we need to have a backup filesystem in our embedded system in case of filesystem corrutpion.
<zartoosh> histo, I will try this shorlty, then hopefully the grub.cfg will be populated correctly also.
<patdk-wk> normally, doing dual boot, or dual filesystems is easy
<patdk-wk> the hard part, is detecting when you need to use it
<jrwren> is there a way to tell which version cloudimg I'm running from within the image?
<hazmat> can an app armor profile for a process be modified during the process runtime?
<patdk-wk> hazmat, sure
<patdk-wk> they are loaded into the kernel, not the app
<patdk-wk> the app/fork/... just selects what profile it's running under
<actionparsnip> hey guys
<actionparsnip> got a server where users are reporting "slowness", is an iowait of 10% ok in a virtual server?
<YamakasY> this is strange, my servers don't get their nameserver anymore from dhcp
<gnuoy> jamespage, with the neutronclient I want to update, should I be trying to get that updated in debian and then pull it into ubuntu ?
<jamespage> gnuoy, direct in ubuntu
<actionparsnip> YamakasY: what if you rerequest DHCP manually?
<gnuoy> jamespage, two of the updates I'm after are stuck in proposed due to build failures caused by missing dependencies with seem to me to be resolved now. Is there a process for getting those builds retried ?
<lordievader> Good afternoon.
<tcarrondo> hi, lordievader
<lordievader> Hey tcarrondo, how are you?
<tcarrondo> fine, you?
<lordievader> Doing good :)
<aandy> hi, sorry if this is the wrong place to ask, but: i have an "embedded" linux i386 with no toolchain, so i'm looking for a dns daemon to run - which can be compiled static, and supports record types besides A. dnsd seemlingly only supports A, bind(named)/powerdns can not drop glibc dependencies (even with musl), and dnsmasq is promising but limited record types. any alternatives i'm not thinking of? thanks
<sarnold> aandy: djbdns, knot
<sarnold> aandy: (sorry, no idea if one or the other would be easier to install statically linked)
<aandy> sarnold: that's fine, i was just looking for names. thanks a lot :)
<sarnold> aandy: oh yes!  nsd also :)
<ThKo> Hi guys, Iâve got an Ubuntu Server with 14.04 â¦ Installed node.js , now looking for a way to install android sdk without eclipseâ¦ If I install only the SDK tools, my Server returns bei command âandroidâ only that SWT is missingâ¦Any hints for me?
<digs> I am running 14.04 on AWS and have php5 installed from the standard repos. I need to downgrade to 5.3.x (I would prefer .27) I have tried to target it with a version by doing apt-get install php5=5.3.27-1ubuntu4.2 but I get Version '5.3.27-1ubuntu4.2' for 'php5' was not found
<digs> [14:43] <digs> What do I need to do?
<digs> (I was in the wrong channel.)
<pmatulis> digs: wrong channel?
<Patrickdk> digs, well, if your using 14.04, only the one version is going be available
<digs> Patrickdk - I thought that may be the case.
<shinobi_one> I'm using AWS 14.04 Server AMI, I've logged in as the default ubuntu user, but I want to move his home directory to a different share, I created the directory, gave him the ownership, created a new user with sudo priviledges, logged in as the new user and tried to `usermod -dm /new/home ubuntu`, but i get "usermod: no changes"
<digs> So, my options are to use fastcgi and run two php versions or to start from scratch and setup a 13.10 from a community AIM.
<shinobi_one> Anyone know what might cause this?
<Patrickdk> digs, why would you use 13.10? that goes unsupported soon
<digs> I don't see any other choice available except to fight a source install of 5.3.x and run two versions.
<Patrickdk> your just going have to loose support, and either live with 12.04, or use 14.04 and install php yourself from source
<Patrickdk> well, yes, if you want to pinpoint versions
<Patrickdk> there is no way ubuntu can support every version of software on ever release
<digs> I wouldn't expect them to.
<Patrickdk> 5.3 is so old though
<digs> It's not anyones fault we have drupal6 running but our own.
<Patrickdk> not sure why you would want to install something new today using it
<digs> I don't want to... I loath the idea.
<Patrickdk> well, use 12.04 then
<digs> But I am forced to do so by constraints out of my control.
<shinobi_one> I will specify that `usermod -d /path/to/new/home -m ubuntu` also gives the same response.
<Patrickdk> you will get 3more years support
<Patrickdk> that is your best bet
<digs> okay.
<digs> Thanks for the info Patrickdk
<Patrickdk> I think 13.10 has 6more months left
<digs> I guess I get to get better at setting these up heh. I had it all running smooth with varnish, memcache and backup scripts. ahh well.
<digs> it's my fault.
<Patrickdk> I personally wonder what breaks in drupal 6 :)
<shinobi_one> Is there anyone around that uses Ubuntu on AWS?
<Patrickdk> !poll
<Patrickdk> stupid bot
<shinobi_one> Better question, has anyone tried moving the first created user's home directory in Ubuntu? lol
<jhobbs> :q
<jhobbs> doh
<Patrickdk> what is a first created users home directory?
<shinobi_one> The first account created's home directory on the server
<shinobi_one> so let's say account name is ubunt it would be /home/ubuntu
<shinobi_one> ubuntu*
<Patrickdk> rm -rf /home/ubuntu works well :)
<shinobi_one> uh
<shinobi_one> i'm trying ot move it not remove it lol
<Patrickdk> then move it
<shinobi_one> uh
<Patrickdk> mv /home/ubuntu /....
<shinobi_one> it doesn't quite work that way
<Patrickdk> since when?
<Patrickdk> it does on my ubuntu servers
<Patrickdk> and aws has nothign to do with it
<shinobi_one> isn't there information about where the home directory for the user is stored in places?
<Patrickdk> why do you think this is an aws question?
<shinobi_one> it's not i dropped the AWS thing
<Patrickdk> yes, in /etc/passwd
<shinobi_one> so you're saying since usermod apparently hates me, i should move it by hand and edit /etc/passwd by hand?
<Patrickdk> why does usermod hate you?
<shinobi_one> because although it changed /etc/passwd to the new home directory
<Patrickdk> and I thought usermod would only update the passwd file not move the user directory
<Patrickdk> but I dunno
<shinobi_one> it's not moving over the files in /home/ubuntu to /new/home/ubuntu
<shinobi_one> it does with the -m option
<shinobi_one> If the -m option is given, the contents of the current home directory will be moved to the new home
<shinobi_one>            directory, which is created if it does not already exist.
<shinobi_one> therefore, `usermod -d /new/home/ubuntu -m ubuntu` should move it all over
<shinobi_one> i realize i can move it by hand, i'm just curious if other's have run into this as well
<shinobi_one> Okay, apparently it will work if the directory doesn't already exist.
<shinobi_one> Which it does not say in the man page, oh well.
<RoyK>  
#ubuntu-server 2014-07-04
<punkgeek> any body can help me how to change cli login text page?
<sarnold> punkgeek: check out /etc/motd or /etc/update-motd.d/
<punkgeek> thank you, after i change it, what should i do?
<sarnold> log in again and make sure it looks nice? :)
<punkgeek> no it doesnt work :D
<punkgeek> i change 00-header  but i see ubuntu massege
<punkgeek> need change others file?
<punkgeek> i need shell script for change root password, any body can help me?
<lordievader> punkgeek: No need for a script, simply run: sudo passwd
<punkgeek> no, i need shell script for another work
<lordievader> punkgeek: Besides, the root password is disabled with good reason.
<lordievader> Err, root account.
<punkgeek> Ø³Ø«Ø« ÙØ§Ø´Ù
<punkgeek> see that
<lordievader> Yes?
<punkgeek> #!/bin/bash
<punkgeek> echo "Enter Password For Root:"
<punkgeek> read pass
<punkgeek> echo -e "$pass\n$pass\n"| passwd root
<punkgeek> when run it:
<punkgeek> root@ubuntu:~# sh pass.sh
<punkgeek> Enter Password For Root:
<punkgeek> sdfDSF34rdfg
<punkgeek> Enter new UNIX password: Retype new UNIX password: Sorry, passwords do not match
<punkgeek> passwd: Authentication token manipulation error
<punkgeek> passwd: password unchanged
<lordievader> !paste| punkgeek
<ubottu> punkgeek: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<lordievader> punkgeek: Like I said, no need to build a script around it. Simply run 'sudo passwd'. Please read https://help.ubuntu.com/community/RootSudo too.
<punkgeek> thank you
<punkgeek> it's work, :X
<punkgeek> D:
<lordievader> punkgeek: Please do read the link I gave you. Enabling the root account is not Ubuntu policy.
<punkgeek> ok
<laconic__> hi all
<laconic__> I've just (accidentally) deleted (rm) my rc1.d (please don't ask me how)
<laconic__> any way to recover? (I'm aware of the obvious answer which includes reinstalling everything)
<laconic__> I'm running a 12.04
<laconic__> my system is still up and running, but I'd rather not try to reboot it
<laconic__> I've read somewhere that rc1 is used only for recovery, so it's not that big of a deal
<peetaur2> laconic__: testdisk
<peetaur2> laconic__: and for best results, remount read only, so nothing new has a chance to be written to the location of the old files, making them impossible to recover
<peetaur2> mount -o remount,ro /
<peetaur2> mount -o remount,rw /
<laconic_> got disconnected for some reason, not sure what I've missed
<laconic_> testdisk doesn't seem to be what I need
<laconic_> that is, it appears it doesn't deal with file recovery
<laconic_> http://www.cgsecurity.org/wiki/TestDisk
<gnuoy> jamespage, are planning to do anything with Bug#1319909 today ? If not I'll grab it
<jamespage> cbug 1319909
<jamespage> bug 1319909
<uvirtbot> Launchpad bug 1319909 in singledispatch "[MIR] python-logutils, singledispatch" [Undecided,Fix released] https://launchpad.net/bugs/1319909
<jamespage> gnuoy, please steal away - I'll sponsor your change if you like :-)
<gnuoy> ta :-)
<zetheroo1> I am trying to write a ping check script and this is what I have so far: http://paste.ubuntu.com/7746087/
<zetheroo1> I would like that if the ping is successful nothing happens, but that if the ping is not successful this command is passed: "virsh reset domain"
<zetheroo1> how do I do this?
<k1l> hi
<zetheroo1> :)
<DalekSec> .
<histo> zetheroo1: use an if statement or a test
<histo> zetheroo1: you could grep the output of ping for an Unreachable and if grep exits 0 then fire off your command
<zetheroo1> histo: is what I already have no good?
<histo> zetheroo1: well you aren't even testing ping
<histo> zetheroo1: yeah that works nvm
<histo> zetheroo1: sorry i'm tired
<zetheroo1> histo: I thought "ping -c 1 192.168.1.209" is a picg check ...
<zetheroo1> !?
<zetheroo1> oh ok
<histo> zetheroo1: you just have your exit status backwards imo
<histo> zetheroo1: or echo
<zetheroo1> I just don't know where to insert the "virsh reset domain" command
<histo> zetheroo1: http://paste.ubuntu.com/7746376/
<zetheroo1> wow ... it's that simple ...
<zetheroo1> thanks
<histo> zetheroo1: yes
<histo> zetheroo1: don't really need the then though
<histo> zetheroo1: unless you want to do something if it works
<zetheroo1> I see
<zetheroo1> is the 'Ping worked' written to some log?
<zetheroo1> like ssylog?
<zetheroo1> syslog *
<histo> zetheroo1: how are you calling the script?
<gnuoy> jamespage, this python-logutils is a funny one. The tests which are failing for python 3 relate to using dictionary based config which is part of standard python library as of python 3.2 & 2.7 so its only in the package in case your using an earlier version. Since we're trying to get the package into utopic the functionality and therefore the test seems irrelevant
<zetheroo1> histo: it's part of a script run from crontab
<histo> zetheroo1: well then remove teh echo 'It worked' and replace with    exit 0
<jamespage> gnuoy, trusty is 2.7 only as well right?
<gnuoy> I'm sure it is but I'll check
<histo> zetheroo1: check /var/log/cron
<zetheroo1> histo: so, like this? http://paste.ubuntu.com/7746422/
<gnuoy> jamespage, yes, 2.7
<histo> zetheroo1: yes if you don't care about output when the command worked
<jamespage> gnuoy, well a distro only patch is probably acceptable; if you could make it backwards compat still and get it upstream that would be better
<histo> zetheroo1: sorry this is ubuntu /var/log/syslog should log the job
<zetheroo1> histo: ok :)
<bitbyte_> does any one know, how I can remove a borken ppa:
<bitbyte_> I added deluge by add-apt-repository ppa:deluge but I need to remove it now
<peetaur2> bitbyte_: /etc/apt/sources.list    /etc/apt/sources.list.d/
<bitbyte_> see i checked the /etc/apt/sources.list and didnt see it listed
<peetaur2> and the .d?
<bitbyte_> and .d has nothing in it
<bitbyte_> iâm trying to get rid of this silly error : W: Failed to fetch http://ppa.launchpad.net/deluge-team/ppa/ubuntu/dists/trusty/main/binary-amd64/Packages  404  Not Found
<histo> !ppapurge | bitbyte_
<ubottu> bitbyte_: To disable a PPA from your sources and revert your packages back to default Ubuntu packages, install ppa-purge and use the command: Â« sudo ppa-purge ppa:<repository-name>/<subdirectory> Â» â For more information, see http://www.webupd8.org/2009/12/remove-ppa-repositories-via-command.html
<bitbyte_> so install ppa purge and point it to deluge
<bitbyte_> the orignal command was sudo add-apt-repository ppa:deluge-team/ppa
<lordievader> Good afternoon.
<bitbyte_> all sorted guys thanks
<k1l> !ops | nanaum spaming in pm
<ubottu> nanaum spaming in pm: Help! Channel emergency! soren, lamont, mathiaz, Pici, Daviey, Tm_T or pmatulis
<soren> k1l: How can I help?
<k1l> nanaum: spaming adverts in pm. already confirmed in #ubuntu-ops channel.
<soren> k1l: I understand the problem. How can I help?
<Myrtti> foobar
<doge> o.o
<k1l> remove/ban the spamer. i already asked in several ops channels but no one seems to care and i dont have ops in here.
<Myrtti> _o>
<k1l> thanks
<smb> rbasak, So I have the xen changes for uvtool in a local bzr branch. I believe push puts that out under my lp user. Remind me of what the other steps are to officially make that a "please have a look at the stuff". :)
<gnuoy> jamespage, I have a fix for the tests. Would it be correct to propose the fix  against  the project in bitbucket, then try and get it accepted into debian and then pull down to ubuntu ?
<jamespage> gnuoy, patch it into the package, and propose it upstream at the same time
<jamespage> you can feed it back to debian as well
<gnuoy> ack, thanks
<jamespage> gnuoy, use patch headers to document this - DEP8 I think
<gnuoy> ok
<vila> hi there !
<vila> I'm seeking some advice about mounting an image in a lxc container with qemu-nbd
<rbasak> smb: go to code.launchpad.net/~smb, click on your branch and propose for merging from there.
<rbasak> smb: note that I'm a bit tied up at the moment and I have a couple of MPs for uvtool pending already. Is it OK if it takes me a while to get back to you?
<smb> rbasak, Yeah, it won't be world ending :)
<rbasak> jamespage: FYI, juju-core 1.20 is reported to break juju-quickstart (bug 1337831) so I'll need to upload a fixed quickstart together with it.
<uvirtbot> Launchpad bug 1337831 in juju-quickstart "Quickstart crashes when used with juju 1.20" [Critical,In progress] https://launchpad.net/bugs/1337831
<vila> I've used lxc-device -n xx add /dev/nbd0 ; ran qemu-nbd -c inside the container and that created /dev/nbd0p1, so far so good
<vila> but there, trying to mount /dev/nbd0p1 /tmp/mntpoint fails saying that 'mount: block device /dev/nbd0p1 is write-protected, mounting read-only' and then 'mount: cannot mount block device /dev/nbd0p1 read-only'
<gnuoy> jamespage, did you particularly want dep8 or is dep3 ok ? (I'm a bit underwhelmed by http://dep.debian.net/deps/dep8/)
<rbasak> gnuoy: I think he meant dep3
<gnuoy> rbasak, thanks
<Goeland86> hi, I'm trying to run the android emulator through jenkins... Normally this should be window-less
<Goeland86> but I keep getting errors about libGL
<gnuoy> jamespage, I've created a mp with the fixes to the package https://code.launchpad.net/~gnuoy/ubuntu/utopic/python-logutils/fix-tests/+merge/225661 . Do I just sit back and drink Mojitos now ?
<Goeland86> either something about libGLES not being found, or the latest one, when I turn gpu off on the emulator, I get libGL error: failed to load driver: swrast
<Goeland86> anyone know how I can fix the last one?
<jrwren> http://discourse.ubuntu.com down for all or just me?
<RoyK> http://www.downforeveryoneorjustme.com/http://discourse.ubuntu.com/
<jamespage> gnuoy, sorry - was out for a bit
<gnuoy> np
<rbasak> kickinz1: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/1336742 looks like a good one for you to get started with when you have some time.
<uvirtbot> Launchpad bug 1336742 in squid3 "Caching responses with "Vary" header" [Medium,Triaged]
<kickinz1> rbasak, thanks!
<kickinz1> rbasak, I'll try when possible (coding right now)
<z1haze> hello, would someone mind helping me out with a system load issue? i just logged into my server and it says "System information disabled due to load higher than 6.0" is that bad?
<lordievader> z1haze: Depends: http://www.linuxjournal.com/magazine/hack-and-linux-troubleshooting-part-i-high-load
<Patrickdk> load has almost no relevence anymore
<Patrickdk> how many cpu cores do you have?
<z1haze> what command doicheck with? cat /proc/cpuinfo | grep processor | wc -l?
<lordievader> z1haze: uptime, top, htop all show load.
<z1haze> to se
<lordievader> Load can be caused by many things.
<z1haze> the cores*
<z1haze> oh alright
<z1haze> 12:40:38 up 5 days, 15:13,  1 user,  load average: 5.16, 6.12, 5.97
<lordievader> z1haze: Read the link I gave you ;)
<z1haze> Patrickdk I think its 6 cores
<lordievader> Ah the cpucores, sorry misunderstood: cat /proc/cpuinfo|grep processor|tail -n1
<z1haze> says 5
<Patrickdk> well, maxed out, but not overloaded
<z1haze> but it starts at 0
<z1haze> but that shouldnt be the case ever right?
<Patrickdk> what shouldn't be the case?
<Patrickdk> loadavg is how many programs are running
<z1haze> my loadbeing maxxed out
<Patrickdk> over the last 5 min, you had 5.16 programs running constantly
<Patrickdk> so 5.16 cores of you cpu where in use
<Patrickdk> that isn't overloaded
<Patrickdk> but it is almost loaded
<Patrickdk> the issue with loadavg is it doesn't take into account how many cpu's you have
<Patrickdk> so if you where on a single cpu system
<Patrickdk> it would be like you had a load of 0.8
<z1haze> so this load isnt something to worry about?
<Patrickdk> that depends
<Patrickdk> in general, it's not bad, assuming it is really suppost to be that busy :)
<Patrickdk> but it's not, overloaded
<lordievader> z1haze: A load of 5 on a single core is a problem. A load of 5 on a 6 core machine, no problem.
<Patrickdk> as long as whatever was running, is ligit
<Patrickdk> and working properly
<z1haze> thats what i wish i knew, crap
<z1haze> im by far not a system admin of any sorts i dont know really anything about it
<z1haze> I just lease this machine
<lordievader> Read the link I gave you, z1haze. ;)
<z1haze> oh i have been, but its foreign language looking to me lol
<z1haze> i have 16gb free of RAM and tons of hd space left
<z1haze> anyone have tim to help me track this down on this fine 4th of july?
<TJ-> z1haze: run something like 'top' or 'htop' to see the load individual processes are causing
<z1haze> yea i have those i was just looking at it, im looking at the %CPU?
<z1haze> i have like multiplace things that show the same thing twice? can i close some without hurting my programs? http://puu.sh/9WH6c/4367181fe1.png
<bluephoenix71> Hi all, could anyone assist on my query regarding ubuntu 14.04 LTS on VMware, Vmware running on mac osx maverick
<bluephoenix71> my question is regarding running free radius and daloradius in ubuntu server 14.04
<bluephoenix71> I have followed this guide https://help.ubuntu.com/community/CategoryNetworking/daloRADIUS
<Patrickdk> exactly how to you run a company on mac osx?
<bluephoenix71> I am doing this on a virtual environment first before I deploy it live.
<bluephoenix71> during the installation process, I was able to follow the instructions up to the end except when accessing the daloradius via my mac safari browser
<bluephoenix71> the page is not found...
<z1haze> does anyone know if the java -server argument is necessary in java 8?
<Patrickdk> dunno
<Patrickdk> but java is never *necessary* :)
<z1haze> ?
 * Patrickdk hates all things java
<z1haze> ah
<z1haze> well my game servers eat a LOT of java
<lordievader> From what I've heard Minecraft is horrible in resource management.
<z1haze> its terrible, im pretty sure
<z1haze> can you explain this ss to me though? http://puu.sh/9WI7v/30ce13d136.png why are there ao many of the same thing and some are 64% then the next one is 38% they all are in total well over 100% i dont understand
<lordievader> Multiple threads, most likely.
<Patrickdk> heh
<Patrickdk> the game servers probably dont
<Patrickdk> but anything java eats a lot of cpu :)
<Patrickdk> why I dislike it
<z1haze> and RAM
<Patrickdk> rarely have the ram issue, but ya
<z1haze> well minecraft uses a ton of RAM
<z1haze> my modded servers take at minimum 8gb
<z1haze> i wish i knew how to 'optimize' a system
<lordievader> Step one, remove all java :P
<z1haze> yea, well optimize and KEEP my games lol
<bluephoenix71> hi, anyone who has encountered same problems in installing freeradius and daloradius in ubuntu14.04 LTS?
<bluephoenix71> is this the right channel if not can someone point me to the right one?
<Patrickdk> it's an ok channel, but too rare a program for someone to likely know
<imarcusthis> Trying to get uvt-kvm to work with a bridge and a vlan, but I canât seem to get DHCP in the guest. Any ideas?
<imarcusthis> (created a br0, added eth0.31 to it, and feeding that as the âbridge parameter to create)
<imarcusthis> I can run dhclient directly on the bridge, and it will get an IP.
<imarcusthis> never mind, it just suddenly worked this time. Not sure wtf I did wrong the first time.
<bluephoenix71> hi
<bluephoenix71> anyone encountered this issue when installing freeradius and daloradius in ubuntu 14.04 LTS? Using this link as guide https://help.ubuntu.com/community/CategoryNetworking/daloRADIUS
<bluephoenix71> issue is that when you http to the server, it's saying
<bluephoenix71> The requested URL /daloradius.php was not found on this server.  Apache/2.4.7 (Ubuntu) Server at 192.168.2.130 Port 80
<bluephoenix> any takers on the issue of daloradius?
#ubuntu-server 2014-07-05
<noidea> How may I make two instances of vsftpd on one server?
<lordievader> Good morning.
<Thatguy> How do i stop my xfce booting as I installed it to use it via a x11 forwarding server called x2go
<cfhowlett> Thatguy so you want no gui?
<Thatguy> yeah
<Thatguy> tryed this text mode but cant seem to get it working
<Thatguy> added "text" to ther kernal line in grub
<Thatguy> but still boots gui
<cfhowlett> Thatguy I know what but not how: boot ubuntu to text mode.
<cfhowlett> Thatguy it's a grub setting
<Thatguy> Yeah do you know where i need to add this setting
<cfhowlett> Thatguy I've got a painfully slow connection - ask #ubuntu or ##linux
<Thatguy> ok
 * cfhowlett thinks "damn Chinese internet"
<Thatguy> :( shame
<Thatguy> do you VPN it?
<zartoosh> HI I am using trusty, I am trying to mount /dev on a already mounted disk partition, "mount --bind /dev  $MNTPOINT/dev"   The mount returns back with error code 32 and dmesg: mounted filesystem with ordered data mode. Opts: (null) does anyone know what this means? thx
<RoyK> zartoosh: http://paste.ubuntu.com/7751451/
<RoyK> zartoosh: tested that on precise and trusty
<cfhowlett> Thatguy nope.  straight from the pipe
<Thatguy> cfhowlett:  shame :(
<cfhowlett> Thatguy http://askubuntu.com/questions/16371/how-do-i-disable-x-at-boot-time-so-that-the-system-boots-in-text-mode
<Thatguy> thanks :D
<Thatguy> removed lightdm :D
<Thatguy> If it worksi
<Thatguy> then ill reinstall xfce
<Thatguy> and just remove lightdm
<Thatguy> as I'm gona use x2go
<Thatguy> look in to it its pretty cool
<maddeth> Hi guys, I have a question relating to apache, is there anyone that thinks they could help?
<maddeth> I need to change our IP ranges to a new subnet, and I wanted to route both sets of traffic, is there any way I can have 2 IP's on 2 different networks routing to the same websites?
<maddeth> or would I be better off asking somewhere else?
<Patrickdk> no idea what your attempting
<dkorras> hi all, i wonder if anyone could please help me. i have been attempting this all day! I have a Tp-Link TD-W8970 3G router and on my ubuntu machine i have bonding enabled )mode 1 - active-backup) but the minute the LAN is plugged in and the wlan joins the wifi there is NO connectiong. as soon as i disconnect the eth0 the wlan works. i have concluded that the tp link is not allowing wlan
<dkorras> and eth to connect from the same mac
<RoyK> dkorras: think you'd better use some failover instead of bonding - bonding is meant to keep the ip-address
<RoyK> dkorras: see http://www.lartc.org/
<RoyK> dkorras: bonding happens on L2, you'd want failover on L3, so bonding isn't the write thing for you
<subman> I'm getting the following on my server when trying to update, ideas?  http://paste.ubuntu.com/7752456/
<Patrickdk> subman, that has nothing to do with updating
<Patrickdk> but has everything to do with whatever you did to your user account
<Patrickdk> looks like your server is screwed
<subman> Patrickdk, just an upgrade was done
<Patrickdk> /var/lib/sudo/keithclark/0: Read-only file system
<Patrickdk> an upgrade doesn't cause samba to break/ pam to have issues, and your filesystem to be read-only
<subman> Patrickdk, I have no answer to that.  Worked before upgrade, does not now.
<subman> Patrickdk, from my research it seems that my hard drive is failing.  Nothing to do with user accounts
<RoyK> subman: if the filesystem's read only, dmesg should tell why
<RoyK> subman: normal action for ubuntu installs is to remount filesystems readonly if something bad happens
<subman> No worries, I'll just pull it and scrap it.  Put another in its place.  Everything is backed up.
<Thatguy> On my webserver im trying to setup sftp but it wont use my MYSQL Database to get the users like normal ftp does
<Thatguy> even though its got all the required configuation lines in the config
<Patrickdk> what is normal about normal ftp that ignores local users and uses mysql instead?
<Patrickdk> really though, just replace sftp with proftp, it supports sftp
<Thatguy> YEha i got proftpd
<Thatguy> created a virtualhost for the SFTP
<Thatguy> http://pastebin.com/yQ6z8mfb
<Thatguy> used that config for it but uses normal ssh details which is wierd
<bekks> Thatguy: Thats a webserver config. It has nothing to do with FTP.
<Thatguy> yeah it does haha
<Thatguy> uses the same tags for the virtualhost
<Patrickdk> bekks, doesn't look like a webserver config to me
<Patrickdk> hmm, it looks ok
<Thatguy> Patrickdk: have you used proftpd much?
<Patrickdk> yes
<Patrickdk> but not for sftp
<Thatguy> I see looks the same as anyone elses SFTP with mysql users
<bekks> Thatguy: Because the configuration of vsftpd with virtual users is much more easy.
<Patrickdk> vsftpd supports sftp now?
 * Patrickdk perfers proftpd over vsftpd any time though
<RoyK> vsftpd is nice, but it sucks with ssl, and ftp over ssh kills everything else
<Thatguy> bekks: does not really help me with this problem
<bekks> Patrickdk: Sure it does.
<Patrickdk> must be newish
<Patrickdk> where is this sftp support in vsftpd? I can't locate it
<Patrickdk> ok, according to the vsftpd website, user manual, and config syntax, it does not support sftp
<Thatguy> lol
 * Patrickdk thinks bekks is thinking of ftps
<Patrickdk> that is one horrible, horrible protocol, ftps
<Patrickdk> take everything broken with ftp, and make it unfixable
<Thatguy> yeah it is haha
<bekks> Patrickdk: Yeah, indeed. For SFTP, all you need is SSH basically :)
<Patrickdk> except if you want something odd, like virtual user support :)
<Patrickdk> then it gets fun
<bekks> And setting up SSH with SFTP with virtual users is still more easy than messing with proftpd :)
<Patrickdk> that depends
<Patrickdk> you can't chroot sftp
<Patrickdk> you can with proftpd
<bekks> you can chroot ssh.
<Patrickdk> or atleast, the chroot requirements of sftp using ssh, are not practical
<sebastianlutter> how can I install virtualbox headless on ubuntu server 14.04 (with rdp). https://www.virtualbox.org/wiki/Linux_Downloads does only lists binaries up to 13.04. Is there no 14.04 version?
<bekks> Use the generic installer instead, e.g.
#ubuntu-server 2014-07-06
<vychune> hi i cant upload with ftp at all, not even to my home folder. Any ideas on whats wrong
<vychune> hello?
<cfhowlett> !patience|vychune
<ubottu> vychune: Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or http://ubuntuforums.org or http://askubuntu.com/
<cfhowlett> vychune ask in #ubuntu or in ##linux
<cloudman> hi, grub wants to update on a fresh install of ubuntu 12.04lts, can someone tell which I should choose, sry, noob here... http://postimg.org/image/ym5g1f4zj/full/
<lordievader> Good morning.
<byte> moin
<sebastianlutter> I want to install virtualbox headless on ubuntu server 14.04 (without x11 dependencies if possible, will use rdp to manage guests). But the ose version as well as the puel version from oracle had x11 stuff as dependency. What is the most minimal way to install virtualbox on ubuntu server?
<Macer> what is the best way to figure out what is eating up memory?
<lordievader> Macer: htop is nice for that.
<Macer> Swap:         8.0G       1.3G       6.7G
<Macer> seems a bit high
<Macer> wonder if zfs is eating up that much
<Macer> but then again i have a few containers running
<Macer> i'm willing to bet it's the zimbra container i'm running :)
<histo> !atemyram | Macer
<ubottu> Macer: If you are wondering why some tools report your system has very little free memory, have a look at http://www.linuxatemyram.com/ | A short primer on Linux memory management can be found here: http://sourcefrog.net/weblog/software/linux-kernel/free-mem.html
<Macer> turkiss is msging spamming me
<Macer> just throwing that out there.. i usually am +g but reconnected a while back
<Macer> histo: it isn't the lack of ram that's bothering me...
<Macer> it's the fact the swap is getting hit for 1.3GB ;)
<cloudman> Hi can anyone recommend a comprehensive study book for running a ubuntu server?  Thanks.
<cfhowlett> cloudman "the ubuntu server guide"
<cloudman> ;)
<histo> Macer: /ignore turkiss
<Macer> histo: yeah i get that. i usually am +g irregardless it's just a spambot
<histo> Macer: that page will explain it for you
<Macer> histo: yeah i'm pretty accustomed to how ram works in linux. but i would still like to know why/where it is hitting the swap
<Macer> lordievader: thanks... i'll try it out and look into it
<histo> Macer: did you even read the page?
<histo> Macer: pastebin your free -m output
 * Macer facepalms ... yes. but it didn't explain anything new
<Macer> the original question is what can i use to see what is eating memory... lordievader told me htop.. and he was right. i figured out what was eating memory. it was the zimbra container's java
<Macer> my swap was getting tagged for 1.3-1.5GB
<cfhowlett> cloudman http://www.amazon.com/Official-Ubuntu-Server-Book-3rd/dp/0133017532/ref=la_B001ILKDJI_1_1?s=books&ie=UTF8&qid=1404644737&sr=1-1
<dasjoe> cloudman: I'd stick to the Uubuntu Server Guide, coupled with the community wiki: https://help.ubuntu.com/14.04/serverguide/
<cfhowlett> cloudman this ^^^
<dasjoe> !ops | turkiss is a spam bot
<ubottu> turkiss is a spam bot: Help! Channel emergency! infinity, soren, lamont, mathiaz, Pici, Daviey, Tm_T, pmatulis, Corey, IdleOne, ikonia, funkyhat, Myrtti, ocean, genii, phunyguy!
<histo> dasjoe: more of a freenode issue
<cloudman> ty
<lordievader> Macer: Swap at 1.3 is nothing to worry about. Swap is not cleared as it is not efficient.
<RoyK> Macer: how much memory?
<omfgitsasalmon> Hi! Anyone here? I need a little help
<cfhowlett> !ask|omfgitsasalmon
<ubottu> omfgitsasalmon: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<RoyK> !ops | turkiss, privmsg spamming
<ubottu> turkiss, privmsg spamming: Help! Channel emergency! infinity, soren, lamont, mathiaz, Pici, Daviey, Tm_T, pmatulis, Corey, IdleOne, ikonia, funkyhat, Myrtti, ocean, genii, phunyguy!
<omfgitsasalmon> my old server recently kicked the bucket, and luckily, my hard disk didn't bite the dust. But unfortunately, when I boot from my hard disk, I'm unable to connect to the internet. ifconfig shows only a lo, and no eth0. I bought another disk and installed another copy of ubuntu. When I installed, wired network is working fine. Shows up as p1p3 instead of eth0.
<omfgitsasalmon> Now, is there anyway I can re-run network config installation for the old drive because without eth0, I cannot run mysql and thus, is unable to recover my mySQL databases.
<cfhowlett> !server|omfgitsasalmon
<ubottu> omfgitsasalmon: Ubuntu Server Edition is a release of Ubuntu designed especially for server environments, including a server specific !kernel and no !GUI. The install CD contains many server applications. Current !LTS version is !Trusty (Trusty Tahr 14.04) - More info: http://www.ubuntu.com/products/whatisubuntu/serveredition - Guide: https://help.ubuntu.com/12.04/serverguide/C/ - Support in #ubuntu-server
<cfhowlett> DOH!  dammit/ignore me
<omfgitsasalmon> eh?
<omfgitsasalmon> I'm running ubuntu server, not ubuntu.
<omfgitsasalmon> I know what the server franchise is
<omfgitsasalmon> oh, I forgot to include. The old hard disk is running 12.04, the new OS is running 14.04
<lordievader> omfgitsasalmon: Does the precise install load a driver for your network card?
<omfgitsasalmon> lordievader: I have no idea, anyway to check. When booting up, it does show "configuring network" but results in a [FAIL]
<lordievader> omfgitsasalmon: lspci -k|grep -A2 Network
<omfgitsasalmon> displays nothing
<omfgitsasalmon> okay, when I run sudo lshw -class network
<omfgitsasalmon> it shows my new card
<omfgitsasalmon> but shows "Network Disabled"
<rau> omfgitsasalmon: Please stop abusing your return key, you subliterate asswipe.
<cfhowlett> rau profanity is not required or allowed here - as you well know
<lordievader> omfgitsasalmon: Wait,lspci doesn't show any network device?
<omfgitsasalmon> nope
<lordievader> omfgitsasalmon: Is this the same if you run lspci without any argument?
<omfgitsasalmon> when I run lspci without any arg, it shows an Ethernet controller
<omfgitsasalmon> but I think it's the controller for the OLD chasis.
<omfgitsasalmon> lshw shows it as a Gigabit Ethernet Controller. Which is the old eth1, my new card is an ASUS built-in.
<lordievader> omfgitsasalmon: That can hardly be.
<dasjoe> omfgitsasalmon: check /etc/udev/rules.d/70-persistent-net.rules
<omfgitsasalmon> dasjoe: Vendor shows "Realtek" which is not the case.
<dasjoe> omfgitsasalmon: just because you're using an on-board card doesn#t mean it's not a realtek chipset
<omfgitsasalmon> I remember it not being a realtek when I run lshw with the new ubuntu.
<omfgitsasalmon> let me just reboot into the new OS and run the same command
<omfgitsasalmon> 1 sec
<omfgitsasalmon> Hmm, You're right, It shows *-network Desc: Ethernet Interface. vendor: Realtek businfo: pci@000:03:00.0 logical name: p3p1 version: 0c serial: e0:3f:49:a3:**:**
<RoyK> omfgitsasalmon: I'd use lshw over lspci any day, but good you found it...
<dasjoe> omfgitsasalmon: oh, I just read your device shows up as p1p3 instead of eth0, that is expected behavior. Add "biosdevname=0" to your kernel command line to go back to eth0
<omfgitsasalmon> dasjoe: When I boot into the old OS, it shows this * Starting configure network device [fail] then after starting a bunch of other devices. it fails at configuring virtual network devices. and it got stuck at "Waiting for network configuration" and then "Waiting up to 60 more seconds for network configuration"
<omfgitsasalmon> RoyK: Yes, I used to do lshw when troubleshooting spoilt hw, but this time I have no idea how to fix cause it's a total new chasis lol
<omfgitsasalmon> dasjoe: Okay, I'll google how to do that
<dasjoe> omfgitsasalmon: that could also be related to /etc/udev/rules.d/70-persistent-net.rules
<RoyK> dasjoe: hm... yes - should be easy to remap there
<omfgitsasalmon> ahh
<omfgitsasalmon> dasjoe: Okay, it now shows eth0 and eth1, eth0 seems to be my old card. With the eth1 showing the same mac addr as the p3p1 of the new system. What and where do I add what?
<RoyK> omfgitsasalmon: do you want to swap them?
<RoyK> omfgitsasalmon: or have you removed the old eth0 card?
<omfgitsasalmon> RoyK: This is a totally new chasis, my old chasis bit the dust, but I swapped the hard disk over. But now it lost network connectivity with ifconfig only showing lo and no eth0 nor eth1
<dasjoe> omfgitsasalmon: I'm not sure what exactly you want to do. Did you remove the old eth0 and now want eth1 to take its place? Either remove 70-persistent-net.rules or edit it to your tastes
<RoyK> omfgitsasalmon: ifconfig -a ?
<dasjoe> omfgitsasalmon: also, "man interfaces" should help you with getting the system back online
<omfgitsasalmon> dasjoe: So by removing the entire file it will regen on boot again? And my /etc/network/interfaces seems screwed as well showing eth0 and not eth1
<RoyK> omfgitsasalmon: ifconfig alone only shows interfaces in the up status
<omfgitsasalmon> RoyK: with the a arg, it shows eth1 and lo
<dasjoe> omfgitsasalmon: your /etc/network/interfaces can stay the way it is. Your old card was added to 70-persistent-net.rules and thus blocks the name "eth0". Just delete its line and rename eth1 to eth0 in the other line
<RoyK> omfgitsasalmon: then just remove /etc/udev/rules.d/70-persistent-net.rules and reboot
<RoyK> or what dasjoe said
<omfgitsasalmon> when I do ifup eth1, it gives an error saying my /etc/network/interface:9 misplaced option
<omfgitsasalmon> ok
<omfgitsasalmon> let me test this out
<omfgitsasalmon> do I remove /etc/network/interfaces too ?
<rau> omfgitsasalmon: Please stop abusing your return key, you crude loser.
<omfgitsasalmon> oh wait, it's fixed now.
<omfgitsasalmon> Found out there's a double line in /etc/network/interface. Now after doing an ifup, the eth1 is up
<omfgitsasalmon> I'll still delete /etc/udev/rules.d/70-persistent-net.rules just to be safe though
<RoyK> omfgitsasalmon: fix /etc/network/interfaces - don't remove it. for udev to fix the device naming, just remove the rules file and reboot
<omfgitsasalmon> RoyK: Yes, I fixed the interfaces file
<omfgitsasalmon> and deleted the rules file
<samba35> my  ubuntu server 12.04 on vmware esxi has some problem and i want to repair with reinstall how i should reinstall
<RoyK> samba35: what problem?
<RoyK> !ask | samba35
<ubottu> samba35: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<Patrickdk> I guess his esxi doesn't allow him to mount a cdrom file and boot from it
<samba35> i mess with dpkg while repair cache ( run rm )
<RoyK> Patrickdk: it does
<RoyK> Patrickdk: oh - no - not a file on a cdrom - that probably won't work
<phunyguy> hello
<phunyguy> hi
<phunyguy> test
<phunyguy> 1
 * rau raises an eyebrow at phunyguy.
<phunyguy> 2
<lordievader> phunyguy: Nice one. Thank you.
<phunyguy> :)
<phunyguy> saw it in another channel
<lordievader> phunyguy: He had offensive behaviour all day in multiple channels.
<phunyguy> it was being a nuisance in #owncloud, and a whois revealed it was in here.
<phunyguy> so I tested it
#ubuntu-server 2015-06-29
<wolflarson> Hello all, I am having some issues trying out motherboard raid (intel) on my computer. I have created the RAID array and durring the install of ubuntu server it seemed to have detected it however I am having issues mounting the array
<wolflarson> can anyone point me in the right direction ?
<wolflarson> dmraid -s shows my array as expected I am just having problems  mounting it or perhaps formating it
<jamespage> morning
<jamespage> bug 1469584
<lordievader> Good morning.
<elliotd123> Hi guys, my servers for some reason report temp as 8300 in /sys/class/thermal/thermal_zone0, but there's no way that's correct (8.3C?). Indeed, lm_sensors reports much higher temps (appears normal). Anyone know what's going on here?
<teward> rbasak: poke
<dannf> rbasak: is there a specific person/persons that tends to approve mysql srus?
<teward> rbasak: i think you knwo why i'm poking you wrt nginx, no rush, i can poke the release team myself if you're not around :)
<teward> (rather you do it)
<coreycb> jamespage, zul: I finally looked at this again and it builds successfully for i386 on a local build so I'm at a loss as to why it ftbfs - https://launchpad.net/~openstack-ubuntu-testing/+archive/ubuntu/juno/+build/7573015
<Kully3xf> what's the name of the ubuntu-server download that is the most light weight
<Kully3xf> not lubuntu
<mnaser> minimal?
<Kully3xf> actual ubuntu - need to fit on a tight spaced pendrive
<Kully3xf> yes
<Kully3xf> thanks
<teward> Kully3xf: um... ubuntu minimal, but ubuntu-server comes pretty minimal on its own
<teward> (if you go through tasksel and unselect everything then you don't get much more than the CLI, kernel, and core components, IIRC)
<Kully3xf> yea it was minimal. Thanks all - having a brain fart
<axisys> whats the fix for leap second?
<teward> does update-ca-certificates by design not follow symlinks?
<teward> anyone seen rbasak?
<Azaril> should my boxes autoupgrade from say 12.04.01 to 12.04.05
<Azaril> ?
<teward> Azaril: 12.04.1 and 12.04.5 are identical if you continue to do apt-get update, etc.
<Azaril> ok
<Azaril> im just doing security updates, so thats ok right?
<teward> if it were me i'd pull from the updates repo too but that's just me
<teward> (12.04.1 and 12.04.5 i think are just the ISO respins with newer packages, updates, kernel, etc.but don't quote me on that)
<Azaril> thanks man
<teward> here we go... http://askubuntu.com/questions/106159/what-are-point-releases-in-lts-versions
<teward> but if you keep up with the updates on the repositories (security and -updates) then you're no different if you started on 12.04.1 or 12.04.5
<Kully3xf> hey all - I've got a brandnew ubuntu server running
<Kully3xf> apt-get upgrade returns 401 on ALL repos
<Kully3xf> and wget www.ubuntu.com returns  Resolving cfauth_1601 (cfauth_1601)... 10.0.7.20 Connecting to cfauth_1601 (cfauth_1601)|10.0.7.20|:80... connected. HTTP request sent, awaiting response... 401 Unauthorized  Username/Password Authentication Failed.
<tarpman> teward: modulo HWE bits on newer isos, moving an existing system to those is manual
<Kully3xf> any idea what's going on? I can get to them from the desktop just fine - but not this VM
<teward> tarpman: right, but otherwise standard updates will be essentially identical to 12.04.5 (from 12.04.1, etc.)?
<tarpman> right
<teward> Kully3xf: do you have a web proxy somewhere in between you and there?
<Azaril> hwe?
<teward> (although, wget ubuntu.com... why are you doing that)
<teward> Azaril: hardware enablement
<teward> i think
<Azaril> ah
<teward> hardware enablement stack
<Azaril> thats fine
<tarpman> backported kernel and X from later releases
<teward> but otherwise identical?
<sarnold> Kully3xf: check the 'host' output for a variety of dns names between your desktop and your vm, I suspect your hoster is doing something to try to use local mirrors for ubuntu content
<Kully3xf> I'm not sure if I do or if I dont
<Kully3xf> it's at work so probably
<Kully3xf> new job
<Kully3xf> idk what they're running
<teward> if it's at work they likely have a web proxy/gateway
<teward> which all data routes through, which needs authentication
<Kully3xf> how can I authenticate an ubuntu server?
<Kully3xf> hmm, maybe it's best to NAT the VM?
<teward> i think you should start discussing with your workplace's IT staff
<teward> because there's somethin up there
<noncomcinse> I installed ubuntu server today, and I'm wondering how to get audio to work?
<noncomcinse> I tried installing alsa, but that didn't seem to do anything
<gchristensen> Hi, is there a way to require an upstart target not start until another target has run and exited?
<gchristensen> (without altering the target)
<sarnold> gchristensen: is that becaus eyou don't want to modify the file or don't want to fiddle with the target at all?
<sarnold> gchristensen: the .override files might help you overcome the first half of that..
<gchristensen> because I don't want to modify the file, .override might do it :)
<gchristensen> perfect, thank you sarnold
<sarnold> yay :)
<gchristensen> sarnold: is there a way to, override the `start on` stanza, but just append to the criteria with an AND?
<parallel21> Setting up a bridged interface on this computer knocks out the wall port at my work
<teward> sarnold: mind if i pick your brain?
 * patdk-wk wants to watch!
<teward> probably better to ask "What's the policy to poke the release team on something that was emailed to their list?
<patdk-wk> only with 10lb sledges or larger
<teward> lol
<sarnold> teward: sorry, no idea re: release team
<teward> mkay
<sarnold> gchristensen: I think you have to specify the whole thing in one go
<teward> see, rbasak said they'd do it... but ehh
<teward> been lookin for them all day
<mfisch> zul: jamespage: do you have any plans on a new OVS package anytime soon? We're going to upgrade in the next few weeks and really only want to do it once
<mfisch> as it's painful
<mnaser> mfisch do you happen to use openstack?
<mnaser> if you do, kilo repos have a recent openvswitch release
<mfisch> mnaser: yeah we do, but its 2.3.1, thats from January
<mfisch> hence my question
<mfisch> we're on 2.3.0 currently
<mnaser> oh, 2.3.2 is quite recent
<mfisch> its not in UCA
<mfisch> http://ubuntu-cloud.archive.canonical.com/ubuntu/pool/main/o/openvswitch/
<mnaser> i figure it's because it was released less than 2 weeks ago
<mnaser> sorry, didnt know there was a new release!
<mfisch> right and if it shows up in UCA in 3 weeks, I'll delay my upgrade ;)
<mfisch> no worries thanks for the info
<adam_g> zul, sup with the python-oslo.log package?
<adam_g> or rather, sup with oslo packages
<zul> adam_g,  what do you mean?
<adam_g> zul, wait, nvm. my python env is borked
<adam_g> should packages be depending on python-oslo.log or python-oslo-log at this point?
<zul> adam_g, whats up with your python env? ;)
<zul> adam_g,  python-oslo-log
#ubuntu-server 2015-06-30
<adam_g> zul, is there an ETA for liberty1?
<zul> adam_g: for CA? or wily?
<adam_g> zul, both, i guess?
<adam_g> or are they not coupled anymore?
<zul> adam_g: uh...should be in the shoot now
<adam_g> also, have you run into issues with dh_python2 and requirements.txt constraints like: oslo.messaging!=1.12.0,>=1.8.0 # Apache-2.0
<adam_g> the !=1.12.0 breaks something
<adam_g> and the pkg ends up with a dependency on 'python-oslo-messaging' and 'python-oslo-messaging-'
<adam_g> i had to patch that !=1.12.0 out
<adam_g> jamespage, FYI ^
<Radar> I'm trying to run apt-get update and I'm seeing Unable to connect to ftp.rz.tu-bs.de. Trying to connect to that in my browser times out as well. How can I choose not to use that site?
<teward> Radar: remove it from your sources lists.
<teward> check /etc/apt/sources.list and /etc/apt/sources.list.d/* and wherever that source shows up put a # at the beginning of the line
<teward> (you will need sudo to edit those files)
<Radar> teward: that's made difficult by this being a Docker image.
<Redfoxie> is anyone on?
<Redfoxie> im running into a ticky issue with ubuntu server 14.04.2 thats making it impossible to install. Im using a memory stick that I have tried formating as fat32 and ntfs as well as put the os on via netbootin and dd I ether run into an issue where it says a cd is not located to do the install and when i manually mount the memory stick to media it is saying a file in pool is unable to be locaed
<Redfoxie> im back
<Redfoxie> looks like at the moment im running into a md5sum issue
<Redfoxie> before that it was claiming it couldnt mount a cdrom so i attempted to have the memory stick be mounted in media/cdrom and i ran into an issue where it could not locate a file in the pool driectory
<jak2000> http://pastie.org/10265431   <--- line8 this hard disk of 4tb formated with mkfs ext4 i want repartitioning (create 4 partitions 1tb each one) how do this? andof course mount each partition in /etc/fstab file how do it?
<jak2000> http://pastie.org/10265449
<jak2000> now for format: mkfs.ext4 /dev/sdb2p1   right?
<jak2000> the device apparently does not exist; did you specify it correctly?
<jak2000> Could not stat /dev/sdb2p1 --- No such file or directory
<jak2000> any advice for format my partition?
<nayKang> how to capture child out in shell
<bero88> Hi there, My server is suddenly giving me this message , error :hdd0,1 out of disk
<bero88> grub rescue:
<bero88> Please just tell me what to look for,  My server is suddenly giving me this message , error :hdd0,1 out of disk  grub rescue:
<jezeniel> Is upgrading the kernel will avoid the problems cause by the leap second?
<TJ-> jezeniel: what problems?
<jezeniel> TJ-: problems that will happen when the leap second happened.
<jezeniel> or happens rather*
<TJ-> jezeniel: what problems?
<TJ-> jezeniel: what applications are you using that are leap-second sensitive?
<jezeniel> TJ-: i am just asking if my deployed ubuntu servers will still be affected by this,
<TJ-> jezeniel: And I asked which applications you are using that are time-sensitive?
<TJ-> jezeniel: so far as I know, with most recent releases, the only direct impact may be for NTP, As long as the timezone data packages are up-to-date that should take care of inserting the leap second
<TJ-> jezeniel: Other than that, it's down to the individual applications as to whether they might do something unexpected
<lordievader> Good morning.
<jamespage> coreycb, zul: start of documentation for git packaging workflow
<jamespage> https://wiki.ubuntu.com/ServerTeam/OpenStackPackaging
<jamespage> coreycb, can you add some stuff on pushing your own repo and proposing a change?
<rbasak> tekzilla: sorry, had a ton of requests come in yesterday. Now chased.
<rbasak> ^^ uh, teward
<teward> rbasak: ack, i saw your email today
<coreycb> jamespage, I updated the wiki.  I wonder if there's an easier way to propose a merge.
<jamespage> coreycb, did you?
 * jamespage looks
<coreycb> jamespage, I should save that
<jamespage> coreycb, +1
<jamespage> :-)
<coreycb> jamespage, done :)
<coreycb> jamespage, have you ever hit this?  http://paste.ubuntu.com/11798943/
<coreycb> the existing version of python-cliff gets that in wily, so I assume it's a dep issue wit pbr or something else
<coreycb> with
<arcsky> hello im trying to install ubuntu server from USB. it does work to boot up but after keyboard settings it search for "detec and mount CD-ROM" .. why that when if ddo this from USB ?
<teward> rbasak: the only thing missing in your email to the release team is, we could technically do nothing for Wily and leave 1.6.x in there
<rbasak> teward: good point.
<teward> then i deal with the complaints later saying "We missed the freeze date for the merges, sorry!" and blame whatever we want... xD
<teward> rbasak: although i think there'll be more complaints with that method, it's still an option if the release team doesn't get back to us by wily featurefreeze or finalfreeze
<teward> rbasak: i may follow up your email with a chaser one saying that's an option, but only for Wily, if only to follow up your message with the other lesser-desirable option :P
<rbasak> dannf: sorry I didn't reply yesterday. No specific person - chase away. They have a daily rota I think.
<rbasak> looks like RAOF is on the hook today.
<dannf> rbasak: ok, cool
<dannf> rbasak: where's the right place to poke btw?
<dannf> lp team list?
<rbasak> dannf: #ubuntu-release I think.
<teward> rbasak: i also replied to your email and gave my two cents, especially that while it's an undesirable option, it's available for Wily, so long as we decide on the exemptions or what not for X (16.04)
<rbasak> dannf: for stuff that is priority inside Canonical, it's not uncommon to ask my team's manager to go across the company to find an SRU team member who is also a Canonical employee to do it.
<rbasak> (or your manager perhaps in this case)
<slowe> Is there a place/mechanism in 14.04 that caches network configuration? I'm seeing a situation where changing interface files is still leaving fragments of the old configuration behind.
<slowe> I won't rule out that I'm doing something wrong, of course. :-)
<slowe> Found the answer (including it here in case anyone else needs it)---need to be sure to run "ip addr flush dev <device>" after changing configurations (after "ifdown <dev>" and before "ifup <dev>")
<dine909> i have a problem with a uart port
<dine909> ugh i cant even explain it
#ubuntu-server 2015-07-01
<billy_ran_away> anyone familiar with gpt partitions?
<billy_ran_away> i put a RAID array in a computer and it tried to boot off one of the disks, ever since the GPT partition has been fucked
<nayKang> I have a shell script start a python program,how do i redirect the python out to the parent shell?
<JanC> nayKang: not sure I understand correctly, but that sounds like the default?  (also: there are probably better channels to ask shell programming questions)
<nayKang> JanC: which channel?
<brianw> Anyone familiar w/ Ubuntu 14.04 upstart interfaces file? I need help with assigning a tagged vlan to a bridge interface... The interface file I am using ( http://paste.debian.net/272634/ ) seems to actually bring up the vlans and the bridges, but fails to assign an ip. The funny thing is, I also can assign an ip, set gateway and it works just fine. So why is it puking? How could I determine?
<jamespage> mfisch, I will be doing a point release update to 2.3.2 for ovs - have it prepared - hopefully it will be in the queue tomorrow
<skylite> I configured a dual channel network card to master-slave bonding but I cant rename the bond0 interface via udev rule. Is it something different than real network cards?
<pupil> hello, good afternoon
<pupil> i want to remotely upgrade my production server, do you guys have any suggestion for me?
<pupil> i'm a junior sysadmin btw
<pupil> hem, no answer
<JernejL_Work> hi guys
<JernejL_Work> how come mysql 5.7 is still not in any ubuntu server channels? it has been released over a year ago.
<shauno> as I understand it, 5.7 hasn't been released.  it's just a less-than-obvious naming convention
<shauno> eg, the current 5.7 branch is https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-7.html
<shauno> which calls itself a release candidate, and notes right at the top that it's "use at your own risk".  so we're still on the stable-end of the 5.6 branch, which doesn't include such red flags
<arcsky> hello im trying to install ubuntu server from USB. it does work to boot up but after keyboard settings it search for "detec and mount CD-ROM" .. why that when if ddo this from USB ?
<lordievader> Good morning.
<skylite> is it possible to rename bond0 interface with udev rule? (bond0 is created from 2 other NIC with bonding)
<SpamapS> jamespage: ping regarding python-ironicclient in wily/UCA
<SpamapS> jamespage: Need 0.7, mind if I just do that?
<teward> rbasak: was there anything from the release team, or should I poke -release ?
<b4tm4n> i have a bash script that i'm using to configure iptables rules so i can run ubuntu as a router - where is the best place to put this so it runs on startup before networking starts?
<b4tm4n> i know about iptables-save and restore, but since i'm doing more than just iptables rules in this script, i didn't feel like that applied
<b4tm4n> anyone around?
<billy_ran_away> Anyone really familiar with GPT partitions? Like what happens when your BIOS tries to boot from one?
<lordievader> billy_ran_away: It boots? Sure you need a bios partition for grub, but a bios can boot from a gpt disk just fine.
<lordievader> billy_ran_away: https://wiki.gentoo.org/wiki/GRUB2#Partitioning_for_BIOS_with_GPT
<billy_ran_away> lordievader: It was 4 drives used in a RAID array, the bios has screwed up two of the drives
<lordievader> What kind of RAID?
<billy_ran_away> RAID 5
<lordievader> Hmm, I got two gpt drives in RAID1, boots just fine.
<billy_ran_away> lordievader: i think i've botched one drive already too...
<billy_ran_away> lordievader: my system boots up fine, i just need to fix my drives
<billy_ran_away> lordievader: http://pastebin.com/TSx0rYWR
<billy_ran_away> lordievader: i've tried using gdisk and sgdisk but haven't had any success in fixing the partitions
<lordievader> What does parted say about it?
<billy_ran_away> lordievader: just some dumb bs like this: http://pastebin.com/A66PvCzv
<lordievader> sdd in particular.
<lordievader> Is sdd and sde in the same raid?
<billy_ran_away> Yea
<lordievader> Hmm, and the partition should be 2.7T too, I suppose?
<billy_ran_away> same kind of drive too... thought about using sgdisk to backup sde and restore on sdd
<billy_ran_away> lordievader: yea
<lordievader> Do you use mdadm or something for your raid? Can't you let that rebuild it?
<billy_ran_away> mdadm: sure if the bios hadn't gotten to two disks of my 4 disk raid array
<billy_ran_away> err i mean lordievader
<billy_ran_away> lol
<lordievader> The bios shouldn't write anything to the disks, just read.
<teward> is there any kind of guide for setting up a mailserver to accept mail for a domain but to just forward that mail to another domain?
<teward> s/domain/address/
<teward> i.e. teward@foo.bar will be valid, a mailserver accepts, then forwards to teward@baz.foo and that's all
<teward> kinda how the @ubuntu.com addresses work for members...
<Daviey> teward: Just add the domain in main.cf under virtual_alias_domains, then in virtual add "teward@foo.bar teward@baz.foo"
<teward> ffff i just remembered i have to set up all my MX records again >.<
<teward> stupid zonefile corruption...
<tyhicks> zul: hello - I'm trying to get on top of the MIR audits assigned to the security team and bug #1213934 is showing up in the queue
<tyhicks> zul: there are some standing questions around whether python-oauthlib (which is already in main) is now sufficient for keystone
<tyhicks> zul: do you have any updates on that?
<teward> with postfix how can I make it accept messages for multiple domains and then work as a mail forwarder onl
<teward> only*
<teward> Daviey: consider i'm less than fluent in postfix, so you may have to give me some guidance as to what all needs changed/done
<teward> i have 3 domains that need to send to the same server and use those as mail forwarder pints
<teward> points*
<ivoks> teward: google postfix and virtual users
<teward> ivoks: what about the multiple domains?
<ivoks> that's just adding domainname under mydestination
<ivoks> (if it's not virtual)
<Daviey> teward: Sorry for being curt, tied up... I tried to point you in the right direction with what i said above
<teward> Daviey: no problem, i'm less than fluent with mailserver stuff so ehhh
 * teward shrugs
<teward> i'll start lookin thanks
<Daviey> /etc/postfix/virtual is a file to add "teward@foo.bar teward@baz.foo" to
<ivoks> https://help.ubuntu.com/community/PostfixVirtualMailBoxClamSmtpHowto
<Daviey> and adding the domain into main.cf under setting virtual_alias_domains, then in virtual add "teward@foo.bar teward@baz.foo"
<Daviey> ivoks is your man
<Daviey> in main.cf, virtual_alias_domains = foo.bar
<smb> hallyn, chat time?
<teward> ivoks: that's fine and dandy for virtual mailboxes, but I don't want virtual mailboxes, I want this as a mail forwarder, I.E. accept: test@foo.bar, forwardto:teward@ubuntu.com.
<teward> and i'm confused by that document you've provided and whether that's how to achieve that
<teward> (the forwarding will have to process on multipel domains as well :/)
<ivoks> teward: if you are looking for a document that will give you copy/paste instructions, then you will spend days/months looking
<teward> ... that comment isn't helpful, NOR am I looking for copy/paste instructions
<ivoks> teward: you need to combine multiple things and learn from every doc
<ivoks> you need to accept emails for all domains
<teward> unless i'm misunderstanding virtual mailboxes and mail forwarders
<ivoks> and forward everything to another mail server
<ivoks> or you are looking to forward different domains to different mail servers
<ivoks> looking at your example, you are actually looking for aliases
<ivoks> and not domain forwarders
<teward> ivoks: then i'm looking for aliases.
<ivoks> then, what's the problem?
<ivoks> set up /etc/aliases
<teward> well from what i've got from that, i've set it up, i get "User unknown in virtual alias table" from the server
<ivoks> and when you install postfix, it actually asks you multiple questions, just answer those
<ivoks> it has 4 options, iirc
<ivoks> yours is internet site with smarthost or something like that
<ivoks> or without smarthost
<ivoks> only you know that
<ivoks> smarthost = relyhost = machine that you will send all your mail to
<ivoks> Daviey: where did they 1990s go? where 'rtfm' was the answer for everything :)
<teward> ivoks: it was consumed by the internets
<ivoks> too bad; 90s produced best linux sysadmins
<ivoks> hell, i even learned english by reading man pages :)
<teward> i think mailservers are just a tad more confusing to learn/configure than nginx :P
<teward> which cna be pretty tricky to set up for complex things :/
<ivoks> postfix is a bit too complex for this, if you don't have mta knowledge
<ivoks> it's an overkill
<ivoks> but, it can be used
 * teward shrugs
<teward> it came installed on the vm image i guess
<ivoks> dpkg-reconfigure postfix
<teward> i was kinda told "Do this for us, with postfix"
 * teward shrugs
<teward> i have a headache, but it's working now...
<teward> ivoks: the next very tricky question: if we have foo@domain1, and foo@domain2, can we hvae those go to different locations
<ivoks> then you need virtualdomains
<teward> blargh.  meh, i'll leave it as is, the same-server-different-alias-different-destination is a longer term thing, for now, this'll work fine
<teward> thanks
<jrwren> at least you arent' running sendmail and running m4
 * teward shivers
<jrwren> or worse, skipping the m4 and editing sendmail.cf yourself.
 * patdk-wk hates the m4
<patdk-wk> but then I learned sendmail.cf before that existed
<patdk-wk> sendmail.cf is not a config file, it is a scripting language
<teward> lets not talk about sendmail
<teward> because i want to personally burn sendmail on one server, because of the way it's utilized by a python script to do in-house listserv thingies andthat script nuked my brain having to retool it for fixes
<SpamapS> zul: any thoughts on me updating python-ironicclient? I'm testing with 0.7.0 in wily and trusty+UCA right now.
<kabads> I'm pulling my hair out with permissions here- on apache2 with 403 on my server: because search permissions are missing on a component of the path.
<kabads> Yet, I've set the permissions as they should be - is there anything else I could be checking?
<sarnold> kabads: you may have apparmor profiles installed; check aa-status output to see if your apache process is confined
<kabads> sarnold: thanks - 5 applications are in enforced mode, but not apache.
<sarnold> kabads: okay, then that's probably not it :) hehe
<kabads> Other searches online have said to check for SELinux, but I've not gone down that road *at all* - still puzzled.
<sarnold> kabads: check the error logs in /var/log/apache*/something ...
<sarnold> kabads: SELinux is difficult to get working on ubuntu, you're probably not doing that if you're here :)
<kabads> http://pastebin.com/JciQk0p6
<sarnold> kabads: alright.. try ls -l / /var /var/www /var/www/test.txt
<sarnold> sigh not that
<sarnold> kabads: alright.. try ls -ld / /var /var/www /var/www/test.txt
<kabads> http://pastebin.com/B4iY9Ees
<sarnold> there we go, /var is funny :) mine is: drwxr-xr-x 15 root root 4096 Sep 20  2013 /var
<sarnold> chmod 755 /var and give it another shot
<kabads> compares...
<kabads> sarnold: boom! Thanks
<sarnold> :)
<kabads> Didn't think to check var itself
<sarnold> I've wanted a recursive-upwards ls -ld command to be everywhere by default since it makes this kind of troubleshooting so much easier...
<sarnold> oh well. now you know, check upwards all the way to the root, and that's one more person who can help debug these things :)
<sarnold> (and yeah, I _have_ seen people with broken permissions on / -- hilarity ensues :)
<teward> sarnold: what about the people who recursively chmod everything as 777 because one thing doesn't work
<teward> i've seen that before
<kabads> sarnold: I'm doing a linux sysadmin course - so, it's all part of sharing the info. Thanks again. Seeing permission problems on /? I've been using linux for a long time, and that one is still new on me.
<sarnold> teward: the install media is _right over there_... who knows what else they've screwed up ;)
<sarnold> kabads: thankfully, only seen permission problems on / a few times in ~20 years
<teward> sarnold: they broke the universe, yes. xD
<sarnold> hehe
<teward> sarnold: i saw someone say "Hey, so, I chmod 777'd everything,was that bad?"
<teward> i wanted to commit vicious acts then
<SpamapS> zul: ?
<zul> SpamapS: huh im on holiday today?
<SpamapS> zul: gotchya.. just asking if you mind if I upload python-ironicclient 0.7.0 to wily?
<zul> SpamapS: nah im cool with it
<SpamapS> zul: cool, ty
<Lurchy> hey everyone...
<Lurchy> I got a question...anyone have some pointers on how to setup a mail server on ubuntu?  I dont have my domain pointed to it as of yet...its behind my firewall on my home cable modem
<Lurchy> but just trying to serup my LAMP server with moodle webpage.....setup my mail server.....and then point the domain to it once its all setup
<patdk-wk> it won't work
<patdk-wk> home cable isp's do not allow mail servers, for very good reasons
<sarnold> home cable modems ar eoften on dialup blackhole lists
<patdk-wk> well, they don't allow any kind of servers, but they normally tollorate some
<Lurchy> its a small server I am setting up for my students to use
<patdk-wk> and with outbound port 25 blocked
<Lurchy> a class website actually
<patdk-wk> you need a business cable account, atleast to do email
<patdk-wk> or you have to relay though someone else
<Lurchy> any way to test whether port 25 is blocked on my current isp?
<Lurchy> or is there a "inexpensive" solution?
<patdk-wk> telnet gmail-smtp-in.l.google.com 25
<patdk-wk> you must not have port 25 blocked, you must have a static ip address, and you must have reverse dns setup
<Lurchy> hmm
<sarnold> Lurchy: nc -l 25   on your machine, and then from the outside try to nc ip.add.res.s 25   and see if you can talk to it or not..
<patdk-wk> or else you will end up with an email server that is never allowed to send email
<Lurchy> I was going to use dyndnip or something similar for dynamic IP issues
<patdk-wk> sarnold, that normally ALWAYS works
<patdk-wk> isp's don't care if you accept spam
<patdk-wk> only if you *send* it
<sarnold> Lurchy: this might not be entirely doomed if all your students set up YOUR server as an account, but I wouldn't expect them to be able to use their existing email to talk with you
<Lurchy> kk
<sarnold> patdk-wk: I've seen blocked incoming 25 too
<patdk-wk> yes, but blocked incoming is not a big deal :)
<sarnold> heh
<jrwren> if you don't need to interop with other email domains, you won't need 25 at all.
<patdk-wk> but then ht wouldn't need dns setup either :)
<jrwren> true!
<Lurchy> cant I do a port forward or something to that effect for mail traffic?
<patdk-wk> no
<patdk-wk> how can you portforward port 25?
<patdk-wk> when port 25 is blocked?
<Lurchy> sedn out mail on another port to a service that would bounce it?
<patdk-wk> and doesn't matter anyway, since you can't setup reverse dns
<jrwren> if only tcp port was included in MX records :)
<patdk-wk> you need a business account, period
<sarnold> jrwren :)
<Lurchy> ahh..ok
<patdk-wk> jrwren, that is what srv is for :)
<jrwren> if only smtp routers everywhere on the internet consulted srv RR before mx RR :)
<patdk-wk> Lurchy, you can do that, but that uses port 587, not port 25, and not portforwarding
<sarnold> Lurchy: _maybe_ the answer is a $5/mo digital ocean droplet or something similar? those are less likely to be on RBLs, less likely to be forever-blocked, etc..
<patdk-wk> nothing better than many spof's :)
<Lurchy> kk sarnold....just trying to get ideas as I am a novice :-)
<sarnold> patdk-wk: hehe
<patdk-wk> don't worry, doing email is the hardest, and most annoying thing to do
<sarnold> yes.
<sarnold> I'm glad to not do it myself anymore
<patdk-wk> cause no one wants spam, and no one will trust you, unless you do it perfectly the first time :)
<sarnold> it was fun fifteenyears ago..
<patdk-wk> lucky I started doing it 17years ago
<patdk-wk> so  Ididn't have to learn it all at once
<sarnold> that too
<patdk-wk> Lurchy, it should take someone a day if they know how to do it, and normally a week generally
<patdk-wk> if you have no idea, expect a month
<Lurchy> ok...so here is what I want to do....run a domain server behind my 100mb/15mb cable connection.....but not pay the outlandish price for static IP...cant I use dynip service for  dns/mail/etc?
<sarnold> dynip doesn't let you do reverse lookups correctly
<patdk-wk> you can do anything you want
<sarnold> and failing those will probably drop most of your email on the floor already :)
<jrwren> Lurchy: you can try, it sounds like a nice learning experience and challenge!
<patdk-wk> but no one on the internet will care to accept email from you
<Lurchy> lol....
<patdk-wk> that is the point
<patdk-wk> besides the fact, your still blocked from using port 25
<Lurchy> btw...what is a RBL??
<Lurchy> bann list?
<patdk-wk> I guess you can thank for not having a spam issue yet
<patdk-wk> yes
<Lurchy> ok
<patdk-wk> dnsrbl
<patdk-wk> or just rbl for short
<Lurchy> so...just so I understand...bad idea to setup mail server on residential cable modem.....what are best(cheapest) options for domain mail?  droplet account?
<patdk-wk> the only option is to use a vm somewhere and relay using it
<Lurchy> virtual mail?
<sarnold> honestly, google something or other services are worth the cost; their antispam is far better than you could roll yourself, most places accept mail from google services because _not_ accepting mail from google services is cutting off too many users, etc..
<patdk-wk> that has the right things you need, allows port 25, allows setting rdns (ptr)
<sarnold> but the downside is that it's a lot less fun and you don't get any control over anything when you go google. heh.
<patdk-wk> sarnold, ya, like me :( google, and yahoo
<patdk-wk> both source of insane spam
<Lurchy> I understand...but I dont think I want to spend all my time messing with email issues.....I am busy as hell during school year...I coach football also
<Lurchy> I am just frustrated as hell with performance of existing hosting providers...which are crap
<jrwren> oh?
<Lurchy> website is slow when I get 25-30 students on my site trying to take online quiz...etc
<Lurchy> virtual hosting is what they are.....and I cant afford dedicated boxes on the net
<Lurchy> I have two domains...one for my classes...and one for football
<jrwren> you can do email one place and move the online quiz elsewhere.
<Lurchy> hmmm
<jrwren> what quiz software are you using and who is your host?
<jrwren> there is a lot of poorly written poorly performing software out there.
<Lurchy> I am using moodle...educational open source webpage
<jrwren> ah moodle.
<jrwren> i'd think moodle on bluehost would be fine, but I don't really know.
<jrwren> 30 concurrent users is not very many.
<sarnold> interesting, I had a reasonable opinion of moodle, they seemed like they had their act together anyway
<jrwren> sarnold: yes, me too.
<jrwren> maybe it is just a VERY bad hosting provider.
<sarnold> funny idea of what security embargoes meant, but they felt like they did a good job..
<Lurchy> ive tried two diff hosting providers.....performance sucks once you get 25-30 students...and its not school internet...thats 100 mb fiber
<sarnold> 30 is just .. adorable. these days we expect services to handle thousands of simultaneous users withut trouble..
<jrwren> thousands trivially, tens and hundreds of thousands with a little work, and millions with a lot of work :)
<Lurchy> well...this is why I am setting up moodle on my home box....want to be able to use my page locally....downloading homework and other stuff from virtual box is frustratingly slow
<Lurchy> or perhaps just mirror the website......
<patdk-wk> not really
<patdk-wk> generally you can only service 100 or so requests at a time
<patdk-wk> unless you doing a lot of caching
<jrwren> patdk-wk: YOU might only be able to :p
<patdk-wk> only so many php threads to go around
<patdk-wk> well, I refuse to put it into users
<sarnold> iirc moodle's in python, hehe
<tarpman> until quite recently moodle was pretty cache unfriendly, too
<tarpman> sarnold: php
<sarnold> tarpman: oh :(
<patdk-wk> cause users doesn't really mean anything, but rpp is more understandable
<patdk-wk> rps
<Lurchy> just got my ubuntu box up and running...and installed the apache/php..etc
<tarpman> also interactive stuff like quiz tends to add on database queries pretty fast
<patdk-wk> yes, 30 uses shouldn't be an issue
<patdk-wk> 10000 users, I could see being an issue, for a single box
<Lurchy> on a related note.....her eis a question
<patdk-wk> atleast normal php + mysql generally gets a limit of around 100 rps per cpu
<jrwren> patdk-wk: what do you mean normal php + mysql ?
<patdk-wk> it's latency induced slowdowns
<Lurchy> I have my student upload assignments with thier cell phones taking pictures and uploading to moodle submission...works well.....but when I am trying to grade them..seems like site is so slow...waiting 5-8 seconds for page request to come back....
<Lurchy> this is reason I want local moodle on ubuntu box....speed up my grading time
<patdk-wk> mainly between http + php fastcgi + mysql
<patdk-wk> oh pictures
<patdk-wk> ya, need to profile the traffic and see what is happening
<Lurchy> you understand..they use cell phones to take a picture of assignment..then upload it using moodle app on thier iphone/android
<patdk-wk> if it's just taking too long to get the pictures from where it's stored, or transfered to you
<jrwren> if they are all 10Mpixel images that haven't been shrunk for web, yeah, that is going to load slow, even on modern fast cable modem.
<patdk-wk> he did say 100mbit
<Lurchy> nah...they are usually 500kb-2mb at most
<patdk-wk> but likely the webserver isn't designed for high latnecy fast transfers
<Lurchy> yeah...my cable is 94mb downlaod
<patdk-wk> as that is not what they normally do
<jrwren> really?
<patdk-wk> normally it's a lot of small transfers
<Lurchy> patdk-wk..yeah...so I am lookign into other solutions..like making my own ubuntu box to serve it....I have dual core 3.8 ghz cpu and 8gb of ram on the ubuntu box
<jrwren> That isn't my completely uninformed guess analysis. My completely uninformed guess analysis is shared host limiting mysql and php resources and many files in a mysql moodle database is the bottleneck :]
<patdk-wk> could be
<patdk-wk> so many options
<sarnold> how long does it take the phones to upload the images?
<Lurchy> sarnold...typically 5-10 seconds
<patdk-wk> using what? wifi? 4g?
<Lurchy> wifi at campus...little longer on 4g..maybe 15 seconds
<patdk-wk> is there a specific time you normally do the grading?
<patdk-wk> like I know my cable provider goes to utter crap from 6pm till 10pm
<patdk-wk> due to everyone using netflix
<Lurchy> usually late nite...after practice and when I can relax in my underwear with a beer  :-P
<patdk-wk> I'm lucky if I can even get 1mbit download speeds
<tarpman> Lurchy: do you have a php cache running on your current host? adding apc (in newer php, opcache) made a massive difference on my moodle
<patdk-wk> tarpman, it is shared hosting
<patdk-wk> so no control
<Lurchy> well....I dont have any issues with my cable....but performance from moodle site is frustratingly slow...
<patdk-wk> just attempting to cover all bases
<Lurchy> tarpman...i dont know...I am a novice...do I have to enable one
<Lurchy> ?
<Lurchy> I am using hostmonster...the moodle install is setup for me from thier installer
<tarpman> I suppose patdk-wk is probably right and the hoster takes care of that
<Lurchy> patdk-wk...I am thankful for the isp cable I have...actually getting faster in a few months...250MB down....30mb up
<Lurchy> so why shouldnt I be able to host this thing at home on my ubuntu server?
<Lurchy> seems reasonable
<jrwren> Lurchy: a good shared host provider helps you to enable these types of caches
<Lurchy> besides...I want to learn what i can during the summer while on vacation
<sarnold> Lurchy: moodle is far more likely to self-host than email
<patdk-wk> and it's email should be easily configurable to go to your email hoster
<Lurchy> true....I can send email from moodle website to droplet...whatever....I just want to use email to automate assignment prompts to my kids(or inform parents via email when thier kids dont submit homework on the website)
<sarnold> teaching is different these days
<Lurchy> heh...at least I have some tech skills...but I am busy as hell all the time
<Lurchy> plus I coach varsity football and deal with football scout film..etc
<Lurchy> so...moodle makes my life easier...dont have million pages...can grade online using my ipad....but its too slow
<Lurchy> goal is to contine to have my students use webpage for assignment submissions/quizzes/support documents and speed up the website for students who are on it...and my grading
<Lurchy> I have leared a lot about moodle in the three years I have used it...but backend performance and such I am not an expert at
<Lurchy> thx for the info....
<Lurchy> I will install moodle on this ubuntu server box....and explore email solutions offsite
<patdk-wk> test how fast it is for you, make sure that *solves* the speed issues
<patdk-wk> then worry about email :)
<Lurchy> yep
<patdk-wk> make sure you test uploads offsite too
<patdk-wk> to make sure those are still acceptable speed
<sarnold> hah
<sarnold> yes :)
<Lurchy> well..wouldnt this dedicated box on my cable modem be faster than virtual server on my webhosting provider?
<Lurchy> I am assuming so
<patdk-wk> it might be, it might not
 * Lurchy shrugs
<sarnold> and since your students probalby all wait until deadlines to submit things, it wouldn't hurt to have a handful of people testing upload speed simultaneously
<patdk-wk> it shuld have more latency
<patdk-wk> it will have less cpu
<patdk-wk> but the cpu is dedicated to you
<patdk-wk> lots of variables
<patdk-wk> test test test :)
<Lurchy> true
<patdk-wk> once you learn the results, come back :)
<Lurchy> heh
<patdk-wk> I can probably help you with a solution
<patdk-wk> but interested what the results are so I can infer what the issues are
<Lurchy> well...I am enjoying my ubuntu server experience...been a while sinc eI did command line stuff
<Lurchy> frustrating since Its been forever since I did coding...like 20 years.....forgot so much
<Lurchy> also...I am thinking about running home automation in ubuntu also.....can I do it on same box?  I want to have everything behind a 24 port POE netgear router.....home security....environemntal controls...etc
<Lurchy> pool controls and sensors.....arduino stuff and the like
<sarnold> Lurchy: yeah it should be possible to run it all on one system if you want
<Lurchy> btw..I am science teacher..one of my degrees is in electronics
<Lurchy> been tinkiering with arduino stuff sinc eI have been teaching robotics the last year or so
<Lurchy> ok guys..thanks for the input...ill be around  :-)
<Lurchy> gotta run to practice...this heat sucks...105 today
<sarnold> Lurchy: cool :) I've wanted to build something do e.g. open windows, etc..
<sarnold> Lurchy: ugh. skip it entirely.
<sarnold> I'd lie down dead in that jkind of heat before doing anything :)
<sarnold> Lurchy: have fun!
 * Lurchy leaves
<jrwren> so cold here today
<smygIG> Hello i have a problem. I have an dns server and it works lan but from wan i cant find webpage. Port 53 and 80 is open.
<smygIG> can access webpage by ip but not http adress by wan
<TenthTARDIS> I'm having some issues with getting email to work on my server
<TenthTARDIS> I'm setting up OSTicket, and I'd like it to send email, but it keeps failing
<TenthTARDIS> I haven't been able to find much about it online-- can anyone point me to some resources?
<TenthTARDIS> I guess part of the problem is that I don't really know how to configure my server to send and receive email, while still letting my install application keep working.
<TenthTARDIS> That is, I know how to set up a dedicated mail server, but I don't know how to set up a way to send and receive email on a server whose primary purpose is to do something else.
<skylite> how this can be any output? service --status-all > /dev/null
<skylite> it lists everything that is handled by upstart
<skylite> all those otput is handled as error message? o_O
<leonixyz> Hello, running Ubuntu Server 14.04 and trying to make work an init script. It wish to start it automatically at boot, but it doesn't... however, "sudo service start geoserver" works. It's chmodded +x. https://gist.github.com/anonymous/6b29799d50b718b5292f
<sarnold> leonixyz: fiddle with update-rc.d to make all the symlinks?
<leonixyz> sarnold: sorry, I didn't understand you
<leonixyz> sarnold: I copied that file directly to init.d,... nothing done in update-rc.d
<sarnold> leonixyz: the initscripts are started / stopped via a mess of 14-odd symlinks in /etc/rc*.d/ directories, the Snn and Knn symlinks.. you can make them by hand or you can make them with the update-rc.d program
<leonixyz> thanks
<gdi2k> this morning I had a couple of lines in my syslog like this:
<gdi2k> Jul  2 04:32:56 smiles2 kernel: [311765.875614] mce: [Hardware Error]: Machine check events logged
<gdi2k> Google says I should have had mcelog installed to log these sorts of issues, but I did not.
<sarnold> install it now to catc the next one :)
<gdi2k> is there now any way to see what actually caused these? shortly after the occured I had a nasty server crash
<gdi2k> sarnold, heh, yeh it's installed now, but I'm not too enthusiastic about putting it back into production until I figure out what's causing this, and I may be waiting for a long time for it to happen again :/
<gdi2k> would have been nice if mcelog had already been installed as part of ubuntu server really - logging hardware faults is pretty important...
<sarnold> gdi2k: the esktop system I had throwing mces seemed kind of unfixable.. I didn't get around to swapping memory/cpu/motherboard, I wound up more or less replacing it with a laptop anyway..
<gdi2k> sarnold, did you ever actually get to see what mce errors it was throwing?
<sarnold> gdi2k: the recoverable ones were cache checksum errors or something fairly similar, but the unrecoverable ones just killed the machine dead, iirc :/
<gdi2k> sarnold, so they didn't get logged?
<sarnold> I can't recall now, it was almost three years ago now, sorry
<gdi2k> in my case, I still have some cron entries from the server running after it became inaccessible from the network and had no more graphics output. odd
<sarnold> I'd used the desktop for years for simple web-browsing sorts of tasks.. it only started falling over once I started doing hour-long compiles. :/
<sarnold> gdi2k: very odd
<gdi2k> sarnold, placing my money on a 4 port NIC I have installed. it's counterpart had its network card fail a couple of months back...
<sarnold> gdi2k: that seems plausible, especially if you lost nic and graphics but the rest of the system kept going.. maybe there are firmware updates for the nic?
<gdi2k> sarnold, yeh, will look into that... thanks for your help :)
<sarnold> gdi2k: good luck :)
<hexafraction> Will the server CD installers preserve an existing /home (not on a separate partition)?
<hexafraction> I'm currently on Precise i386 and my goal is to install Trusty amd64 (manually redoing configuration if necessary)
#ubuntu-server 2015-07-02
<zemmihates> good morning friendly irc folk.
<teward> good evening!  :)
<zemmihates> Or evening, depending on where you are in the world :p
<zemmihates> I have an issue with logrotate and I think I need an adults help.
<zemmihates> if anyone is feeling willing
<zemmihates> Basic gist of the issue is, I'm getting 'error creating output file <blah> file exists' - problem is, rotation is set to 10 years, the file it's complaining about is 7 months old. So I'm not sure what to try next.
<zemmihates> tried reinitalizing the state file, checked all the perms, checked if it was 0byte, made sure that there wasn't another config file that may be trying to touch it.
<sarnold> zemmihates: can you catch it in the act with strace?
<zemmihates> I didn't really want to go that far :p but looks like it's my next port of call. just had some people in another chan look at the config and looks like we're all good there.
<sarnold> heh yeah, strace isn't exactly fun..
<billy_ran_away> Anyone really familiar with GPT partitions? Like why they make get messed up when a BIOS tries to boot from them? Or how to fix that?
<billy_ran_away> This is what I'm seeing... http://pastebin.com/TSx0rYWR http://pastebin.com/A66PvCzv
<billy_ran_away> Two of my drives in a 4 drive RAID array are messed up...
<JanC> billy_ran_away: I hope you have backups
<billy_ran_away> JanC: I think if I could just fix the GPT partition table it work
<erkburgles> I am trying to gain functionality of my trackpad for dell inpsiron 3541i with ubuntu 15.0.4, I went here http://askubuntu.com/questions/527793/clickpad-not-working-on-dell-inspiron-13-7000-running-ubuntu-14-04 followed everything, waited hours for the source to go through and absolutely nothing is fixed can anyone help me
<erkburgles> zxcv
<erkburgles> can anyone help me with my trackpad issue
<erkburgles> followed this http://askubuntu.com/questions/527793/clickpad-not-working-on-dell-inspiron-13-7000-running-ubuntu-14-04 and after HOURS absolutely nothing is fixed
<histo> erkburgles: is your trackpad still broke?
<neonixcoder> Good day team..
<neonixcoder> I am facing a strange issue..
<neonixcoder> I have an issue with /etc/resolv.conf file whose content are moved by some process..
<neonixcoder> after removing, My VPN connectivity is lost and I can not do any thing..
<neonixcoder> any suggestions?
<neonixcoder> permissions on that file is 644 for root user..
<TJ-> neonixcoder: "/etc/resolv.conf" should be a symlink created by resolvconf. See "man 8 resolvconf"
<neonixcoder> TJ-: I am aware of this, but my system worked fine with same config.. ie its not a symlink to any file..
<neonixcoder> So bit curious how is it got edited and becomes empty..
<TJ-> neonixcoder: are the resolvconf scripts altering it directly? As I recall they perform updates on the "/etc/resolv.conf" symlink
<neonixcoder> TJ-:How can I conform on this? I checked if any service running with resolvconf with ps -ef | grep resolv and I did not get any process..
<TJ-> neonixcoder: If I recall correctly its the resolvconf hook scripts
<neonixcoder> TJ-:Did not get you..
<neonixcoder> can you give more info on this?
<TJ-> neonixcoder: "man 8 resolvconf" see the discussions on how it works, and the FILES section
<neonixcoder> TJ-:Will try to check it.. but I am sure.. resolvconf service is not working in my host..
<TJ-> neonixcoder: as the docs say... it isn't a service! It's a series of hook scripts triggered by other processes
<neonixcoder> TJ-: Got your point..
<neonixcoder> TJ-:Another question, do we require ubuntu-minimal package if I want to go with simple ubuntu machine?
<TJ-> neonixcoder: As far as I recall that's a meta-package describing the minimal set of packages to useful install, but you can install whatever packages you know are needed
<neonixcoder> I removed ntpdate from my machine as I installed ntp package and this ntpdate removed ubuntu-minimal along with it..
<neonixcoder> so just curious if we really require this package or not?
<TJ-> neonixcoder: It's usefdul to retain it for upgrades since the depends may change but it doesn't have anything of its own to install, it just has a list of depends to satisfy
<neonixcoder> Ok..
<neonixcoder> TJ-:I got what is changing my /etc/resolv.conf file..
<neonixcoder> A bit background, I use 3G modem to connect my remote server to internet. Once Internet is established, I use vpn to connect to my central servers.
<neonixcoder> I can see modem is connected properly then VPN is connected properly..
<neonixcoder> But after some time VPN is dropping off in a random time and this guy is moving /etc/resolve.conf file contact and replacing it with an existing file..
<neonixcoder> I am struck up here..
<maswan> Hm. I'm really scratching my head here, and wonder if someone of you have any ideas. Out of two identical machines one just does not get it's statically configured ipv6 ip at boot. And the same applies to one out of a dozen VMs. As far as I can tell they're identical too, the logs I've found say nothing, any clues for where to look next?
<lordievader> Good morning.
<jamespage> SpamapS, ack - wondered who did that (came through on my backports notification email)
<jamespage> SpamapS, I'll sync up debian experimental as well
<rbasak> jamespage: opinion on https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1470778 please? Critical bug / SRU regression or expected behaviour?
<jamespage> rbasak, definately not intended - libvirt != docker
<jamespage> youch
<rbasak> hallyn: ^^
<jamespage> SpamapS, ironicclient 0.7 uploaded to experimental - I'll resync once LP notices
<clays116> hello who can help me with openstack? when i try create instance i see error: There was an error submitting the form. Please try again
<arcsky> dns settings where do i configure that ? resolv.conf doesnt seems to be the proper way nowdays...
<a_ok> Can someone tell my why linux-image-generic is stuck at version 3.13?
<a_ok> apt-cache tells me that 3.19 is available
<bekks> !info linux-image-generic
<ubottu> linux-image-generic (source: linux-meta): Generic Linux kernel image. In component main, is optional. Version 3.19.0.21.20 (vivid), package size 2 kB, installed size 27 kB
<jpds> a_ok: You're looking for: linux-image-generic-lts-vivid
<a_ok> jpds: Thanks. Rather confusing naming schemes though...
<jpds> a_ok: Not really.
<jpds> !hwe | a_ok
<ubottu> a_ok: On August 7, 2014, Ubuntu 12.04.5 will deliver the kernel and graphics stack from 14.04. At that time, security updates and bug fixes for older hardware enablement stacks will cease. Users of older hardware enablement stacks are encouraged to update to the 12.04.5 hardware enablement stack or upgrade to 14.04. Please see https://wiki.ubuntu.com/1204_HWE_EOL for further details.
<arcsky> hey guys, im trying to install Ubuntu. I got error when i come to the Grub installation. it says "Unable to install GRUB in /dev/sda" but i want it to be installedf on /dev/sdb . how can i do that?
<coreycb> jamespage, can we promote python-keystonemiddleware to proposed in the juno cloud archive?
<jamespage> yes
<coreycb> jamespage, and oslo.messaging for icehouse please
<coreycb> beisner, icehouse 2014.1.5 is ready for trusty testing
<kpoman> hello to all. I would like to emulate a localhost smtp server by using ssmtp to relay to a gmail account I have. can someone tell me if this is possible and point me a how-to ?
<bekks> Just install postfix and set it up as internet relay - you will be asked upon installation.
<kpoman> bekks: postfix has too much overhead and security implications. I thought more as a microdaemon emulating a smtp server only in localhost and relay
<bekks> Too much overhead? :)
<kpoman> bekks: yep, lot of files, daemons, configurations, etc...
<bekks> A small number of config files, one daemon.
<kpoman> bekks: I am not gonna use quite nothing about its subsystems etc... Isnt there some tool able to create a localhost smtp server and create then send mail commands on the data inputted to it ?
<bekks> Which "subsystems" do you actually talk about?
<kpoman> bekks: the queues deferreds et al
<bekks> Postfix is mailserver, its only subsystem is the MTA functionality.
<bekks> *is a
<kpoman> it has lot of user management, virtual domains, and all kind of complications I'd like to avoid
<bekks> So you didnt even try to set it up. You didnt even see how easythat process is actually.
<kpoman> bekks: it's just about curiosity. I already installed some postfix on my past but now as I am using ssmtp relaying to a gmail account on a small virtual hosted server I need to economize ram, disk space and stuff
<bekks> Postfix isnt a ram-hog nor a space-hog.
<kpoman> ssmtp is working fine, but lot of apps ask for a server:port conf
<kpoman> bekks: anyway, dont you think a virtual smtp server just adding an interface for apps to the ssmtp ultra-light-and-simple tool, wouldnt be a great tool ?
<bekks> Nope.
<bekks> A postfix internet relay ist fast, small, efficient. No need for reinventing the wheel again.
<kpoman> bekks: so postfix would completely replace ssmtp, right ?
<bekks> Right.
<kpoman> am gonna look for some tutorials out there on the internet then ...
<kpoman> I thought you were proposing use of postfix only as that virtual stuff to send to ssmtp
<bekks> kpoman: https://help.ubuntu.com/lts/serverguide/postfix.html
<bekks> kpoman: Postfix is a MTA, no MUA.
<beisner> coreycb, ack, i'll kick the icehouse proposed tests - thanks!
<teward> ivoks: where's the link for PostFix virtual domains again?  I lost my browser history ://
<teward> (so test@domain1 and test@domain2 can be forwarded to different addresses rather than to the same, etc.)
<patdk-wk> link?
<teward> patdk-wk: he gave me a wiki link yesterday, i don't have scrollback or internet history
<patdk-wk> hmm, what your asking is the same thing
<patdk-wk> postfix forwards to whereever yo utell it to
<teward> patdk-wk: um... aliases != virtual domains?
<patdk-wk> there is nothing different about local/offsite/internal/external/same/different
<teward> patdk-wk: explain that to forwarding - it only accepts the left side of the address
<patdk-wk> no
<teward> i can't pass it `foo@bar.baz: teward@ubuntu.com` in /etc/aliases without it yelling about the account not being local
<patdk-wk> how is aliases!=virtual domains?
<patdk-wk> local != virtual
<tdn> I have set up a LUKS encrypted /home on my Ubuntu 12.04. I have entered "none" in /etc/crypttab to indicate that I want the user to enter passphrase during boot. However, the Ubuntu Splash screen does not show the prompt, so it times out on mounting /home and asks user to skip or drup to shell instead. How do I make Ubuntu show the LUKS prompt in the boot splash?
<teward> patdk-wk: then postfix and what i'm told here are conflicting
<patdk-wk> stop attempting to do virtual when using local
<patdk-wk> no idea what you where told here
<patdk-wk> but the postfix manual and #postfix is very easy to understand
<ivoks> it's not conflicting
<teward> stop talking... just stop for a minute.  I'm trying to achieve postfix as a MAIL FORWARDER, accepting foo@bar.baz and foo@baz.bar and forward to different addresses.
<teward> for MULTIPLE DOMAINS
<ivoks> teward: you were told to use virtualdomains if you want to use multiple domains
<teward> i'm hearing 'aliases', 'virtual domains', etc.
<ivoks> you said you'll do that at some other time
<patdk-wk> are they local? or virtual?
<teward> ivoks: and i lost the wiki link you provided and want it again
<teward> ivoks: what's happening is patdk-wk is confusing me
<teward> and all I would like is that link you provided me yesterday
<teward> cause its not in my scrollback, nor my internet browser history
<patdk-wk> do you have a mydestinations = bar.baz and baz.bar
<ivoks> google 'postfix virtualdomains ubuntu'
<ivoks> https://help.ubuntu.com/community/PostfixVirtualMailBoxClamSmtpHowto
<patdk-wk> sadly he isn't using virtual domains if he is using /etc/aliases
<ivoks> patdk-wk: he didn't want to use virtualdomain, it was too complex
<ivoks> so... he went with internet site + smarthost
<patdk-wk> ah, he kept saying virtual
<patdk-wk> not once local
<patdk-wk> hmm, internet site + smarthost doesn't make a different of local or virtual
<ivoks> it doesn't
<ivoks> but it sets everything for local
<thor77> hey, i want to backup my server with duplicity via ftp. i want to use lftp as ftp-backend. lftp is installed, but duplicity complains about "UnsupportedBackentScheme": "UnsupportedBackendScheme: scheme not supported in url: lftp+ftp://myuser@mybackuphost/"
<thor77> and if i use ftp://... it wants me to install ncFTP
<thor77> uh, seems like the version from ubuntu-repos doesn't support lftp...
<thor77> nvm
<thor77> uhm, yeah. is it possible to ONLY backup files given in --include-filelist? what path should i provide as source_path than?
<lordievader> thor77: Perhaps you want to look into dirvish.
<thor77> lordievader: i'm rly happy with duplicity
<thor77> don't want to switch
<lordievader> Just making a suggestion.
<thor77> yeah
<thor77> oh
<thor77> didn't say i'm using duplicity
<thor77> my fault, sry
<lordievader> thor77: About your previous question, you really don't want to be using ftp.
<thor77> lordievader: i have to
<lordievader> Why? FTP is really bad nowadays.
<thor77> lordievader: my backup-provider doesn't provide any other protocol for backup-access
<lordievader> Wut? That is a very bad backup-provider.
<thor77> that wasn't my question :) i'm very happy with my provider
<lordievader> Not even sftp?
<thor77> nope
<lordievader> Wow. That is terrible.
<lordievader> So anyone between you and your backup provider has your files...
<thor77> its in the same network
<thor77> vps -> backup
<lordievader> Makes it a bit better, but still...
<lordievader> thor77: Duplicity has exclude options: http://duplicity.nongnu.org/duplicity.1.html
<thor77> i know
<thor77> but i want "backup all files from this list, nothing else"
<lordievader> So --include-filelist?
<thor77> yeah, but i need a source_path
<thor77> i tried using / as source_path
<thor77> -> http://pastie.org/private/mzxw1tmivfcmwshgxzkjw
<lordievader> Make an empty dir in /tmp?
<lordievader> And set the source to that?
 * lordievader has never worked with duplicity.
<thor77> already tried to set it to /dev/null -> "doesn't start with correct prefix /dev/null.  Ignoring"
<SpamapS> jamespage: thanks! I wasn't sure whether or not the Debian bits were in sync. So, the next question... the ironiccline tin UCA does not work with the Nova Ironic virt driver in UCA
<SpamapS> jamespage: ironicclient
<SpamapS> jamespage: I think 0.6.0 would be the better choice, as its requirements are aligned with Kilo requirements.
<hexafraction> Hi, will the Ubuntu server install disks preserve a /home that lives in the same partition as /?
<patdk-wk> it will do whatever you want
<patdk-wk> if you don't change anything, yes
<hexafraction> patdk-wk: OK, thanks.
<jamespage> SpamapS, pity that's not expressed in requirements :(
<jamespage> SpamapS, a version bump on ironicclient will need to go via the SRU process
<jamespage> (for vivid)
<SpamapS> jamespage: can't express optional requirements. :-P
<SpamapS> jamespage: but yes, vivid's nova+ironic is broken.
<SpamapS> jamespage: the real pity is there's no integration gate .. but.. infra will be doing that. ;)
<SpamapS> jamespage: I will say that requirements things being weird like that is a nice argument for all virt drivers moving out of tree. :)
<jamespage> SpamapS, https://github.com/openstack/requirements/blob/stable/kilo/global-requirements.txt#L126
<jamespage> interesting versioning for kilo based on your comment above
<SpamapS> jamespage: oh, 0.5.1 works too
<SpamapS> jamespage: so we just missed bumping the minimum, because ENOGATETEST
<jamespage> SpamapS, that might be a better choice then
<jamespage> SpamapS, I'm a bit concerned that the minimum version is know broken as well
<jamespage> SpamapS, we drive alot of our processes from global-requirements
<SpamapS> jamespage: so unfortunately, this happens. We don't test with minimums.
<jamespage> SpamapS, yah - hmm
<SpamapS> jamespage: its one of those 'it would be great to expand the matrix to include minimums"
<SpamapS> jamespage: nova+ironic _is_ gated, actually, but not with minimums.
<jamespage> SpamapS, yes - we often pickup incorrect minimums in distro
<SpamapS> jamespage: so the failure was in the ironic nova virt developers using 0.5 features without bumping global reqs
<jamespage> SpamapS, an example - https://bugs.launchpad.net/barbican/+bug/1470799
<SpamapS> jamespage: luckily, I"m building a cloud to add 2500 vm capacity.. we might be able to do just that. :)
<jamespage> SpamapS, OK - so this sounds SRU'able
<SpamapS> jamespage: it's easily demonstrable
<SpamapS> jamespage: test case: setup nova, setup ironic, nova boot -> see fail because 'configdrive' is passed.
<jamespage> SpamapS, could you raise a bug?
<SpamapS> jamespage: against vivid ironicclient?
<jamespage> SpamapS,  yp
<SpamapS> jamespage: k, on a call, then I will
<jamespage> SpamapS, we'll bump in a new version given sufficient justification - if you could document a test case and help with verification then +1
<SpamapS> jamespage: indeed.. I have all the puppet to reproduce. :)
 * jamespage gives SpamapS a nice big hug
<SpamapS> jamespage: https://bugs.launchpad.net/ubuntu/+source/python-ironicclient/+bug/1470950
<lordievader> thor77: Hence the empty dir ;)
<steadystatic> Iâm on  14.04.2 LTS trying to find a PPA for Postfix 3.0 - I am nervous to make and make install it from scratch and risk screwing up my production. Running Postfix 2.11.0â¦I tried digging through https://launchpad.net/ubuntu/+ppas but no luck yet
<steadystatic> (Having to do this for PCI compliance scan failure)
<steadystatic> Anyone know where I can find Postfix 3 for Trusty?
<andol> steadystatic: Out of curiosity, why on earth would you need Postf 3.0 to be compliant security wise?
<sarnold> steadystatic: apparently, previous auditors have been placated by showing them the USNs that demonstrate updates for SSL/TLS vulnerabilities
<steadystatic> andol: I kinda wondered too but they said on the PCI scan âDownload latest version of postfixâ
<patdk-wk> all pci scans say that
<sarnold> steadystatic: is -that- it? idiots.
<patdk-wk> did you actually expect pci people to actually track what version you have, and if you are vaunerable, and actually TEST for the vaunerability
<patdk-wk> no, they just do version compare, who cares if your vaunerable or not
<steadystatic> Can they even tell what version of postfix from an outside scan
<steadystatic> ?
<sarnold> steadystatic: here, I hope this can help: https://launchpad.net/ubuntu/+source/postfix https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions https://www.debian.org/security/faq#version https://access.redhat.com/security/updates/backporting
<steadystatic> Maybe I just upgrade to 2.9 then and call it good. Whatâs a USN?
<sarnold> steadystatic: check the "banner" postfix is advertising by nc hostname 25 ...
<steadystatic> ahh
<sarnold> steadystatic: http://www.ubuntu.com/usn/
<patdk-wk> steadystatic, what is your postfix server ip?
<patdk-wk> or dns
<patdk-wk> or they might just be checking what SSL/TLS is accepted and assume your running older version
<patdk-wk> if you are running 2.11 why would you *upgrade* to 2.9
<steadystatic> 107.170.200  dot 194 is my IP
<steadystatic> (I have no idea if bots troll these logs, that probably wonât do me much good lol)
<patdk-wk> it's a public server
<patdk-wk> I don't see how it would matter
<bekks> steadystatic: USN is a "Ubuntu Security Notice".
<patdk-wk> ESMTP Postfix (Ubuntu)
<patdk-wk>  is all it says
<patdk-wk> probably they assume your outdated cause it says ubuntu
<steadystatic> interesting so if i rescan and just change the banner
<steadystatic> that could appease them possibly?
<patdk-wk> they will likely still hit you up on it
<patdk-wk> based on other things
<sarnold> I'd rather you try to educate the idiots ;)
<patdk-wk> normally you just link them to the USN, and your done
<steadystatic> cool
<sarnold> but I can certianly appreciate the sisyphisian nature of the task :)
<patdk-wk> sarnold, it would never help
<patdk-wk> they just don't care :)
<patdk-wk> it would increase their workload to do proper checking
<sarnold> patdk-wk: like those idiots selling vulnerability scanners
<steadystatic> Why do their scans take 24 hours is what I want to know...
<sarnold> oh, sorry, "vulnerability scanners".
<sarnold> steadystatic: 'cause they want you to think you're getting your money's worth
<steadystatic> Thatâs what I thought, too
<patdk-wk> steadystatic, they take >7days when they scan me
<steadystatic> Ugh - yeah client picked these guys I had no say
<patdk-wk> atleast based on my web traffic logs from their ip space, and my 800% higher than normal http cpu usage
<patdk-wk> they pci scan EVERY SINGLE blog/forum/... entry
<steadystatic> Ok so Iâm just changed main.cnf and am updating their other items thenâ¦they say they want openssh 6.6 but iâm already on OpenSSH_6.6.1p1
<steadystatic> *changing
<steadystatic> I hate pci scans seems like painful meaningless quarterly to do list
<steadystatic> glad iâm a front end dev for my day job, you guys I feel your pain
<steadystatic> Oh these guysâ¦dug deeper into pci report this is why â* Running SMTP service * Product Postfix exists -- Postfix * No version for Postfix foundâ
<steadystatic> so they just ding me on that. im not gonna advertise to you what version im on!
<steadystatic> Should I request exception on this too? â* Running SSH service * Product OpenSSH exists -- OpenBSD OpenSSH 6.6.1p1 * Vulnerable version of product OpenSSH found -- OpenBSD OpenSSH 6.6.1p1â
<bekks> steadystatic: Depends on the vulnerability (CVE) they refer to.
<steadystatic> bekks: CVE-2014-2653 is what they listed
<bekks> So check which package you are using exactly, with apt-cache
<sarnold> steadystatic: probably; there is a vulnerability in our ssh package that needs to be fixed, but no deity can help you if you're using X11 forwarding over ssh on any system that handles credit card data :)  http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5352.html
<sarnold> steadystatic: that's been fixed: http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-2653.html
<steadystatic> sarnold: haha, no def. not x11 forwarding to this box
<steadystatic> OK one last PCI question: I setup this ssl cert myself through namecheap positivesslâ¦but does this mean #doingitwrong ? âTLS/SSL certificate signed by unknown, untrusted CA: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB -- Path does not chain with any of the trust anchors.â
<bekks> comodo had some severe trust issues, that why no one trust their certs anymore.
<steadystatic> I checked on ssllabs.com their scanner seems fine to my untrained eye
<steadystatic> crap. so to remediate I might have to get a new cert and shell out more cash?
<steadystatic> https://www.ssllabs.com/ssltest/analyze.html?d=awanderlustadventure.com
<steadystatic> I got an A rating there
<steadystatic> disabled RC4 and some of the other things i was supposta do
<sarnold> steadystatic: I wonder if they are complaining that your server is actually returning the trust root in the chain
<sarnold> steadystatic: .. maybe try taking the root CA out of your chain?
<Daviey> SpamapS: It seems it *is* possible to express optional requirements
<Daviey> jamespage: ^
#ubuntu-server 2015-07-03
<RoyK> Berlin tomorrow - could be nice
<Ryein> how do you guys manage your virtual machines?
<Daviey> rbasak, teward: Sorry, sent my message twice - first time from wrong address so it would have been wedged in list moderation.
<jub36> can someone help me with gpt and raid in server install
<lordievader> Good morning.
<rbasak> Daviey: no problem. Thank you for responding.
<VSpike> Hi. Should I still be able to do a do-release-upgrade on a 10.04 server?
<ronator> wow brave guy :)
<ronator> I am not sure if I would want to do it but if so, then I suggest you to have a rescue-cd and physical access to this 10.04 because I would bet there willbe problems with grub at least that can only be fixed in rescue mode (or before reboot)
<thor77> uh, duplicity is rly confusing: --include /etc/nginx/ -> includes all subdirs + files as well, --include-filelist /etc/myfilelist (contains /etc/nginx/) -> includes only /etc/nginx
<thor77> any idea, why duplicity is behaving like that?
<bekks> thor77: Thats intended.
<bekks> thor77: the filelist is a filelist, not a list of directories to be included recursively.
<thor77> bekks: can i use it as a list of directories to be included recursively?
<VSpike> ronator: pessimist!
<thor77> bekks: if i try /etc/nginx/** in the filelist, its the same
<VSpike> oh, he's gone.. well, it worked fine once I fixed the broken DNS
<bekks> thor77: It is a filelist, not a list of recursive directories.
<thor77> bekks: just got it by using --include-globbing-filelist and /etc/nginx/** :)
<Windows> help
<Windows> who
<Windows> list
<Windows> nick blackhawk
<Windows> list
<Windows> nickserv
<Windows> say hello
<Windows> ?
<Windows> help
<Windows> exit
<Windows> remove nickserv
<Zebra111> Windows prefix nickserv with a /
#ubuntu-server 2015-07-04
<Sprocks> is there anyone here that has used the find command before id like some information about capabilities
<bekks> Sprocks: "man find" tells you everything about the cpabilities of "find".
<JanC> actually, 'info find' will tell you a lot more...
<bekks> How comes that some programs use "man" and others use "info" for documentation?
<JanC> 'info' is a GNU tool, 'man' is much older (UNIX, BSD, etc.)
<JanC> so usually GNU tools come with 'info' documentation, but non-GNU tools don't
<JanC> 'info' has hyperlinks & such, so it's a bit more sophisticated
<bekks> Ah ok.
<JanC> OTOH, there are also tools/programs that come with HTML PDF, etc. for docs, of course
<JanC> compare 'man' & 'info' for commands like 'bash' & 'find' for yourself  :)
<lordievader> Good afternoon.
<OliPicard> Hi everyone, I'm trying to compile liblcfg
<OliPicard> but it's currently failing to compile, here's a log of what i'm trying to do. https://gist.github.com/OliPicard/dcfba67b13a45d7415fc
<Seveas> OliPicard: if a command fails, repeating it with sudo is *not* the first thing to try. In fact, it should be almost the last thing to try. You will now have messed up file permissions/ownership. Best start from scratch.
<Seveas> OliPicard: and the error means there's a bug in the Makefile.am file that you'll need to fix
<TJ-> My guess is that libtool isn't installed/found
<OliPicard> thanks :)
<OliPicard> Hi everyone, I'm currently trying to create a cron job with upstart. just wondering if anyone knows of any good tutorials/guides on how to do it?
<OliPicard> I'm trying to create a cron job that when fired, execs a python script just not sure how to setup the timer
<OliPicard> ah...
<OliPicard> I cant use it
<ikonia> create a cronjob with upstart ?
<ikonia> upstart is the init - it's nothing to do with cron
<OliPicard> i'll use cron instead :)
#ubuntu-server 2015-07-05
<samba35> i want to configure mail and web server on same system in that case what hostname i should use
<bekks> So do it?
<bekks> The hostname is irrelevant.
<samba35> my public rdns is aa.x.z
<samba35> ok
<samba35> if i have web server with abcd.com and mail server with aaa.com in that case what should be hostname
<bekks> The hostname is irrelevant.
<samba35> ok then what i should configure
<bekks> You need to configure your webserver and your mailserver to work for the domains/mailboxes you want.
<samba35> ok
<samba35> do you have idea on postfix (banner name config)
<bekks> Start here: https://help.ubuntu.com/community/Postfix
<bekks> The banner is the most irrelevant part in your list.
<bekks> And the name is irrelevant too. All that matters is the config.
<samba35> i am getting banner and tls related error on mxtoolbox.com for my smtp configuration
<bekks> So fix your configuration.
<sarthor> Hi, I am using ubuntu-server 14.04, want to install pt-get install python-simplejson python-tz python-unicodecsv python-unittest2 python-vatnumber python-vobject python-werkzeug python-xlwt python-yaml wkhtmltopdf
<sarthor> , but nothin happens.it says. "0% [Waiting for headers]" how to change repositories if that can help.
<Lurchy_away> happy sunday people
<Lurchy> question about ubuntu server backup
<Lurchy> in reading...I thought I saw where there is a default backup option for ubuntu server....correct?
<Lurchy> I have a fresh install and want to take a snapshot of disk image...
<Lurchy> before I start adding stuff...
<Lurchy> what is best option for backing up accross a network an archive drive on another box?  other box is dual boot win7 and ubuntu client
<Lurchy> what is best option for backing up accross a network to an archive drive on another box?  other box is dual boot win7 and ubuntu client
<Lurchy> I am reading tutorial at https://help.ubuntu.com/community/BackupYourSystem
<Lurchy> There are lots of otions....I think I want to auto incrementall via CRN
<Lurchy> err CRON
<Lurchy> any opinions?
<teward> with regards to Landscape, are VPSes considered Virtual or Physical machines?
<Lurchy> nobody awake?
<Lurchy> rsync help anyone?
<ikonia> ask a real question rather than just saying key words
<Lurchy> look up
<ikonia> nope
<ObrienDave> 'look up' is not a question or a good way of receiving help
<ikonia> hence why I'm going to do something else instead of help
<Lurchy> so...rsynch is installed on ubuntu server...seems grsynch is used to backup a client...is that correct?
<Lurchy> trying to use grsynch on my client box on network to backup my ubunut server to a network drive...
<Lurchy> besides Ikonia...I dont want your help after your insulting attitude towards me from before....sorry I am not an expert at linux...at least I am trying
<Lurchy> [00:23] <ikonia> you have no idea what you are doing
<Lurchy> remember?
<ikonia> Lurchy: I have no idea what you are talking about, and 00:23 could be anytime, but as I've hardly been active for 48 hours, I'm not sure where you got that from
<pmatulis> Lurchy: rsync can be used to back up files. is that what you want?
 * Lurchy ignores ikonia
<Lurchy> pmatulis..im trying to learn how to use rsynch to do incremental backups from my ubuntu server accross a network
<ikonia> man rsync
<ikonia> and there are many basic howtos on the net
<ikonia> you'll get a better response if you ask specific questions
<Lurchy> Im asking for opinions to help me decide the route to go...as I honestly admit I a newb on ubuntu server...
<ikonia> opions on what though ?
<ikonia> you've not stated what you're actually doing
<ikonia> what are your requirements and what is the question based around those requirements
<Lurchy> and check your logs....you know what those are dont you?  and you would recall your crappy treatment towards me.....
<ikonia> Lurchy: logs of what/when ?
<Lurchy> just drop it....
<ikonia> drop what ?
<Lurchy> the issue
<ikonia> I have no idea what you are on about, and YOU keep referencing something
<ikonia> I'm asking for your requirements and the problem around your requirements that you want help with
<ikonia> you keep referencing some past problem you have
<ikonia> no-one else
<Lurchy> bottom line...I dont want help from you.....
<ikonia> you'll get help from no-one if you can't ask a question clearly
<ikonia> or respond with the attitude you're showing me
<Lurchy> when you insult people with less knowledge than you
<ikonia> no-one is insulting you
<ikonia> you've just been asked to state your question clearly
<Lurchy> recall you said I should only use ubuntu client...when I said I wanted to use ubuntu server to learn command line...and you said I had no clue what I was doing....
<Lurchy> but...I prefer to move on.....
<ikonia> so ?
<ikonia> ubuntu desktop is great for learning
<ikonia> if you prefer to move on - why do you keep referencing it
<Lurchy> I am using both.....
<ikonia> what ?
<ikonia> just use the desktop - and use a shell on the desktop to learn the command line
<ikonia> the shell is the same as the non-X11 enviornment of the server
<ikonia> but you have the desktop tools to fall back on / make multi-tasking easier
<ikonia> it won't stop you learning anything
<ikonia> it will just make it easier for you to find your feet
<pmatulis> Lurchy: i recommend launching rsync manually until you understand what it does and how it does it. if you're not looking to create disk images but simply to back up precious files then rsync may work well for you. if the destination of the files is on a remote host you can use SSH, which rsync understands natively, or just ensure the DST network "drive" is exposed locally
<pmatulis> Lurchy: but rsync command syntax does need to be understood. so either â  man rysnc or â¡ check some online tutorial (both what ikonia said)
<ikonia> (or ask specific questions about what you're trying to do)
<Lurchy> yes pmatulis....I want to backup the whole drive on the ubuntu server to a remote drive....at least until I move archived media files to the drive and it gets large....but goal is to take snapshots along the way so if I screw something up I can go back(similar to norton ghost functionality)
<Lurchy> so..is rsync the best to do this?  or would another solution be better?
<ikonia> Lurchy: you'll struggle with that approach, it will be a lot of disk space
<ikonia> rsync is not a snapshot tool
<ikonia> it's a file / file system tool
<pmatulis> Lurchy: yeah, then rsync is not your tool. study 'clonezilla' for image management
<pmatulis> http://clonezilla.org/
<ikonia> keep in mind that cannot be used while the host is online
<Lurchy> ok....question for down the road...if I wish to mirror the website on my domain to this local lamp box...would rsync be the way to go?  I want to take snapshots (I heard of clonezilla) as I set this box up (for the moment)
<Lurchy> but clonezilla I dont think would allow me to mirror the website....true?
<Lurchy> er would not
<ikonia> Lurchy: clonezilla for a whole machine, rsync for files
<Lurchy> ok....rsynch would automate the mirroring function I am trying to accomplish...updating files that are changed on hosted to the local lamp box...and vie versa?
<Lurchy> vice versa
<ikonia> not automate
<ikonia> you'd have to automate it using rsync
<ikonia> no
<ikonia> you have to write the automation, rsync is just the tool
<Lurchy> automate via CRON on hosted besite...or on the lamp box
<Lurchy> website
<ikonia> either
<ikonia> your choice
<Lurchy> ok
<Lurchy> My box I currently have the ubuntu server install on does not have a video card in it...do I need a video card to run ubuntu client?  Or can I install the client version on the box...remove video card...and then ssh splashtop/VNC/etc.  into the box?
<ikonia> client ?
<ikonia> what do you mean ubuntu client ?
<Lurchy> yes
<ikonia> what is ubuntu client ?
<Lurchy> ubuntu desktop
<Lurchy> non-cli
<ikonia> you will need graphics to run a desktop
<ikonia> so something to render graphics
<Lurchy> hmmm....
<Lurchy> this was one of the reasons I made decision to go with ubuntu server....but I shall reconsider
<Lurchy> I installed ubuntu server into the dual core box I made to be my LAMP server...then configured openssh to remote admin the box...
<Lurchy> over the network I made....
<Lurchy> Putty is what I am using....is that a good choice for openssh remote admin client?
<ikonia> it's just an ssh client
<ikonia> use whatever you like
<Lurchy> ty for the info...ill be back....gonna read a couple tutorials.
<sarthor> Hi, I want to install these packages. "http://paste.ubuntu.com/11827688/" my /etc/apt/source.lst is also there in pasted matter, says " Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?" . no result for apt-get update --fix-missing HELP
<sarthor> how to add more repository if i am using 14.04
<sarthor> Hi, my ubuntu 14.04 is unable to "apt-get install nginx"  Can some check on their own side.
<pmatulis> sarthor: works fine for me up here in this cloud
<sarthor> pmatulis, I am installing on my vm, No cloud involved.
<sarthor> Can you share your source.lst pmatulis ? or the repo
<pmatulis> sarthor: this is all i have in my file:
<pmatulis> deb http://archive.ubuntu.com/ubuntu/ trusty main restricted universe multiverse
<pmatulis> deb http://archive.ubuntu.com/ubuntu/ trusty-updates main restricted universe multiverse
<sarthor> pmatulis, says W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/main/binary-amd64/Packages  404  Not Found [IP: 91.189.91.13 80]
<sarthor> E: Some index files failed to download. They have been ignored, or old ones used instead.
<TJ-> sarnold: "sudo apt-get update" first
#ubuntu-server 2016-07-04
<jonah> Hi guys, I just wanted to ask how people running server cabinets tend to power the cooling fans of the cabinet itself. I realise you can use prebuilt units, but do any users opt for standard case fans with then some kind of power supply. I know this site sell a power adapter to power 1-4 fans with just a standard ac plug socket... http://www.rackfans.com/pages/ProCooL_AV_PS/ProCooL_AV_PS.html
<bhuddah> jonah: ordinary cabinets don't have cooling fans.
<jonah> bhuddah: my cabinet has mounting holes for standard 120mm fans with the screw holes etc. You can fit two in the cabinet top panel...
<patdk-lap> cabnets have cooling fans?
<patdk-lap> never had any fans on any racks I have used
<jorgesanjuan> Has anyone had some experience with the HP moonshot m400 server? It's arm64 and I'm trying to boot it in UEFI mode (instead of U-Boot).
<sz332> hello
<sz332> I try to install ubuntu server using packer behind a proxy
<Palm_premium> ?
<sz332> I get message: installation step failed, and it seems, that it is not able to download the packages from the internet
<sz332> my preseed file looks like: http://pastie.org/10898517
<sz332> any idea how i can find out whether the proxy is configured, or not, and if not, how to fix the issue?
<cpaelzer> sbeattie: hi, just FYI (as you did the related upload back then) bug 1575220
<ubottu> bug 1575220 in passenger (Ubuntu) "puppet broken after libapache2-mod-passenger upgrade" [Undecided,Confirmed] https://launchpad.net/bugs/1575220
<mnms_> how I should properly backup software raid 1. I should make image of all devices in raid or image of raid devices (md*) ?
<chrisan>  I'm not sure what to call this/google for.. but I am trying out 16.04 on a new VPS and I noticed when I restart a service, like nginx, there is no longer any output.  Is there a way to add this back?
<patdk-lap> use an os without systemd?
<velusuniverse> hello all, i have  vps on ubuntu, and i currently have apache and php on the server, if i want to send emails through smtp would i need to install something like postfix, even if im using an external smtp server ?
<patdk-lap> velusuniverse, sure, or some kind of nullmailer
<patdk-lap> unless you do not use the built in php mail command
<patdk-lap> some kind of nullmailer would be most simple
<_KaszpiR_> velusuniverse  you could use sendemial so that it uses bouncer box to send emails
<Keyboard_> Hi
<Keyboard_> http://pastie.org/10898890 can anyone help?
#ubuntu-server 2016-07-05
<FarhaadN> hi every one, i use ubuntu server 12.04 , i need upgrade openssl from version 1.0.1 to version 1.0.2 , any issue happend? what dependency need too this
<FarhaadN> only way to upgrade is from source?
<FarhaadN> apt-get dont upgrade to version 1.0.2?
<FarhaadN> no one answer?
<FarhaadN> pleaseeee
<FarhaadN> i neeed this
<FarhaadN> hi every one, i use ubuntu server 12.04 , i need upgrade openssl from version 1.0.1 to version 1.0.2 , any issue happend? what dependency need too this
<FarhaadN> only way to upgrade is from source?
<FarhaadN> apt-get dont upgrade to version 1.0.2?
<nasko_> hi
<lordievader> Good morning
<aderyugin> hi, folks! I have a question regarding packages for OpenStack Newton. Is there any way to get murano packaged for newton?
<aderyugin> jamespage: ^^
<jamespage> aderyugin, possible - we normally sync that via debian
<aderyugin> jamespage: ok, is there any estimates for package sync?
<jamespage> aderyugin, just synced it - will go into staging today
<aderyugin> jamespage: thanks
<ram___> Hi. Can I install OpenStack Liberty using the OpenStack Autopilot 15.01?
<warpx> Hello
<warpx> Does anyone over here have Thunderbolt networking experience?
<warpx> I'm looking into using Thunderbolt in the same rack to replace NIC
<patdk-lap> not sure how you can do that
<patdk-lap> thunderbolt is not a network, it's pcie
<warpx> Yes, I know
<warpx> However, it's PCIe, so I should be able to do everything and anything with it
<patdk-lap> heh?
<warpx> All I need is to get TCP/IP over it
<patdk-lap> pcie is point to point
<warpx> Yes
<warpx> I failed to find switches
<patdk-lap> they make pcie switches
<warpx> Yes
<patdk-lap> the issue is, only one side can control the switch, so not useful
<warpx> Yes
<warpx> I was hoping to daisy chain my db hosts
<patdk-lap> you need to start making your own asics
<patdk-lap> and drivers
<warpx> Yes
<warpx> I was hoping someone started this
<trippeh_> intel has some "multi host" pcie network stuff. but its gonna cost ya
<warpx> trippeh_: I'll look into that
<trippeh_> I think the general idea is to use it in something like a blade chassis.
<warpx> So I need rackspace
<warpx> For blades
<warpx> hmm
<Mr_Pan> i tried upgrade 15.04 >> 16.04 ... but now i have the  message "The user `syslog' is already a member of `adm'" . The installation is blocked. Any ideas?
<dr4c4n> hi, can anyone give me a hand with bridges and vlans? I have created a bridge, and the vms that I have created in kvm can talk to one another, but if I try to add another physical box on the same vlan, they can't communicate.
<dr4c4n> they can't communicate to the physical box <clarification
<darsparx_> anyone here know how to trouble shoot msmtp? It's ignoring my config file so I can't even finish setup to use gmail with my DO server...
<rattking> did you try -v to "Print lots of debugging information"
<darsparx_> no but i am noticing the fact it' ssaying permission denied now which is weird....wonder what usergroup it's trying to access it at now that i think about it
<rattking> there is also -P to print the configuration settings that would be used
<darsparx_> well I think I got it to work sorta fixed it....though looks like I have to wait for my mx record to fully go through >_<
<darsparx_> well now i've gotten msmtp to work on the server(16.04) but can't seem to get php to use it, it just keeps going for the error side of my test, and there's nothing in my specified log file... :-\
<tomreyn> hi
<tomreyn> i'd like to move vm's over the internet between two DCs. those are qemu (KVM) linux guests, stored on (LVM2) LVs.
<tomreyn> so far the only solutions i found for copying the entire partition from the source HV to the target HV is a combination of dd and ssh. this seems both quite ineffecient and, moreover, error prone.
<tomreyn> i would expect that if the network link fails / times out for some reason then i 'd need to restart the copy from the beginning?
<nacc> tomreyn: are you using libvirt? i have no idea if it's doable for your configuration (or advisable), but you could do an offline migration
<tomreyn> is there another approach which provides resumable transfers, and better compression than ssh -c?
<patdk-lap2> what is the connection speed between the two?
<patdk-lap2> not likely to have resumable at all
<patdk-lap2> I would just dd | pigz | mbuffer
<tomreyn> yes i'm using libvirt. i tried an online migration with a test vm, but this apprently expects your data to be available on both ends, and in synch, so basically it expects network based storage which i dont have
<patdk-lap2> and the same in reverse at the other side
<nacc> tomreyn: did you read `man virsh`? i think you wanted '--copy-storage-all'
<tomreyn> well i would still want to encrypt the data in transit
<nacc> tomreyn: unless you have base images on both eneds, then you could do --copy-storage-inc, i think
<tomreyn> i'll look into '--copy-storage-all', thanks
<patdk-lap2> that is going give you a serious limit on your throughput
<tomreyn> encryption? yes, it surely will, but i dont mind so much
<tomreyn> i can have some downtime, otherwise i'd have started with network based storage in the first place.
<nacc> :)
<tomreyn> where 'some' is "hours" or, worst case, "a day"
<patdk-lap2> that depends on speed, cpu, ...
<patdk-lap2> and exactly how large it is
<patdk-lap2> could be hours, to 3days for mine atleast
<tomreyn> those storages are like 50 GB each, the slowest network link is like 50 mbps, the cpu should be 'good enough' on both ends.
<tomreyn> but it's over internet, so weather conditions can change ;)
<patdk-lap2> ya, but it depends on if you get multicore support or not
<tomreyn> so i guess roughly 2-4 hours per storage
<patdk-lap2> actually, that 50mbit will be the limiting factor
<tomreyn> i think so, too
<an3k> How can I check on which harddrive the linux disk cache is written to and how can I change it?
<sarnold> an3k: hmm, this sounds like it needs a lot more context
<an3k> Well, I have a DOM on which Ubuntu is installed. Then I additionally have 4 HDDs turned into a RAID10 using mdadm. I often read or write huge files that do not need to stay in disk cache at all.
<an3k> However, regardless of that I want to be sure that the DOM is not used for caching anything at all. Everything should be on the RAID
<an3k> a) the DOM is very slow and b) it doesn't like plenty of writes because that sooner or later destroys it.
<sarnold> an3k: okay; which services would be caching data on the disk?
<an3k> par2 and tar but par2 is the main "problem"
<sarnold> an3k: presumably you've already made sure you're not swapping to the DOM, right?
<an3k> swapoff -a
<sarnold> hmm, I don't recall seeing any caching options from tar
<an3k> par2 doesn't have any afaik. I hoped I could configure the linux disk cache itself so I don't have to do it for every single application
<sarnold> an3k: .. ahhh. I -think- I get it now.
<sarnold> an3k: the kernel does not cache disk data onto other disks by default.
<sarnold> an3k: you can set up e.g. bcache or ZFS's l2arc if you wish
<an3k> So it's caching onto the disk it is installed to?
<sarnold> an3k: what tool is telling you about caching?
<an3k> free -m
<an3k> and htop
<sarnold> those are pages in memory, not on block devices
<an3k> Hmm, so I misunderstood http://www.linuxatemyram.com/ ? :)
<sarnold> I'm afraid so :)
<sarnold> the opening sentence is probably where things go awry: "Linux is borrowing unused memory for disk caching"   -- it should probably read "Linux is borrowing unused memory to cache data from the disks."
<an3k> so swap is the only "cache on disk" and every other cache is in RAM?
<tomreyn> its data previously read from disk, kept there for the purpose of skipping future requests fro the same data to be read from disk again. it is data from disk, cached in ram for faster repeat reads.
<an3k> that is awesome but also bad. Bad because I hoped that was the reason (caching on the slow DOM) why the server is kind of slow in the last time ;)
<sarnold> an3k: swap is slightly different -- it's memory pages with unique data that hasn't been used in a while. executables (and libraries) can always have that data re-read from disk if needed, but swap is for memory from programs that can't be simply re-created like that. so it gets stored to disk, so more frequently used memory pages can stay in ram.
<sarnold> an3k: hehe yeah, I can understand that. finding out if there's actually performance problems, and if so, what you can do about it, is a huge subject..
<tomreyn> swap is usually the only cache stored on block devices (this may differ if you are using unusual file systems or services which create their own disk caches etc.)
<tomreyn> make sure you are using TRIM on the DOM (if it supports it)
<sarnold> hopefully there's not enough writes to the DOM for that to really matter :)
<an3k> tomreyn: Nah, that isn't a nice SSD. It's a "crappy" Disk on Module that is slow and cheap but it's tiny and fits directly into a SATA port so ... 1 HE server ;)
<an3k> Thank you both for the help and clarification!
<tomreyn> welcome ;)
<sarnold> an3k: this is probably too in-depth to be useful immediately, but it .. well, it should have more than everything on how the memory system works https://www.kernel.org/doc/gorman/html/understand/
<an3k> Holy cow ...
<sarnold> and this is a fantastic introduction to one way to figuring out performance bottlenecks http://www.brendangregg.com/usemethod.html
<an3k> I didn't even finished the book I bought 6 month ago and that's non-technical and in my native language ... that link will take me ages :)
<sarnold> (again, it might be too in-depth but it will help make http://www.brendangregg.com/USEmethod/use-linux.html make sense :)
<an3k> I can't give a huge :thumbsup: here but I would if I could ;)
<sarnold> :D
<JanC> an3k: not sure if that's your problem, but you might also want to put /tmp and other directories that might be used as a "scratchpad" on a faster disk (ramdisk or physical) instead of on the slow one
#ubuntu-server 2016-07-06
<hhee> hey! guys mysqld in ubuntu14 get about 0,5 GB RAM in idle state. without any work. is it normal?
<Xin> hhee; depends how your db's are configured..
<Xin> but remember; ram is there to be used, not to be free/idle
<hhee> Xin, default config from official mysql oracle repo
<hhee> Xin, tried to reboot, after reboot - same picture
<Xin> welp
<Xin> if you havent done anything to it
<Xin> then it is, by definition, normal
<Xin> I mean you could quite likely reduce that
<hhee> Xin, dunno. i've found this http://dba.stackexchange.com/questions/129411/mysql-5-7-ubuntu-14-04-eating-up-my-ram
<Xin> is that advisable? unclear
<Xin> would it have any gains/downfalls? unclear
<hhee> Xin, yeah smth like that http://stackoverflow.com/questions/10676753/reducing-memory-consumption-of-mysql-on-ubuntuaws-micro-instance
<hhee> mem usage reduced in 10 times
<AtuM> Hi. I have some issues using nfs-kernel-server on 16.04. After boot I need to restart rpcbind to get nfs ports to open...
<AtuM> It used to work fine on a previous release
<Youbi> Hi, Iâm trying to deploy Openstack on a single Ubuntu 16.04 VM, I run `conjure-up openstack` but after the second screen, the installer freeze :/
<cpaelzer> stokachu: present for you ^^
<lordievader> Good morning.
<jeffmess> Hey all... getting a W: Failed to fetch http://za.archive.ubuntu.com/ubuntu/dists/trusty/main/source/Sources  404  Not Found [IP: 197.155.77.2 80] error when I run apt-get update
<jeffmess> this is on a new machine, anyone aware of any issues?
<hateball> jeffmess: tried using the main mirror?
<hateball> could be some issue with some .za mirror
<jeffmess> not yet
<jeffmess> okay, will give it a bash
<jeffmess> looks like main is working
<jeffmess> thanks!
<hateball> Happens every now and again. I don't quite know where you are supposed to report mirror issues
<jeffmess> oh well :/
<Guest_94845> Allah is doing
<Guest_94845> sun is not doing Allah is doing
<Guest_94845> moon is not doing Allah is doing
<Guest_94845> planets are not doing Allah is doing
<ddellav> coreycb` i fixed up lp:~ddellav/ubuntu/+source/openstack-trove and lp:~ddellav/ubuntu/+source/keystone CI but they require the 3.14 version of oslo.utils that isn't available yet to build. I also took care of lp:~ddellav/ubuntu/+source/neutron and it builds successfully
<ddellav> jamespage ^
<coreycb`> ddellav, ok I'll look in a bit, thanks
<coreycb`> ddellav, yeah so it looks like we need to bump oslo.utils to 3.14
<coreycb`> ddellav, neutron is pushed.  want to bump oslo.utils?
<ddellav> coreycb`: I'm pretty sure I bumped it already but il check again.
<cpaelzer> with so many bumps in scandinavia I'm sure http://www.theverge.com/2016/7/5/12099612/hyperloop-one-helsinki-stockholm-30-minutes-study will explode on the first test :-)
<coreycb`> ddellav, looks like all that's left in red is swift and nova-lxd so I'll look at those
<yoink> hi folks, so I'm having some trouble with 16.04, kvm and libguestfs. Basically, there seems to be a bug in the ubuntu dhclient-script that I'm trying to work around but I don't know how to solve it. Basically the version of libguestfs that ships with 16.04 is incompatible with as dhclient-script has a bug in it which causes virtual machine initialization to fail (actually get stuck in a loop).
<yoink> "/sbin/dhclient-script: 31: /sbin/dhclient-script: cannot open /etc/fstab: No such file
<yoink> RTNETLINK answers: File exists
<coreycb> ddellav, jamespage: swift is better now. zul is looking at nova-lxd.
<jbicha> coreycb: hi, could you take a look at bug 1599313 ?
<ubottu> bug 1599313 in python-funcsigs (Ubuntu) "Sync python-funcsigs 1.0.2-1 (main) from Debian experimental (main)" [Wishlist,New] https://launchpad.net/bugs/1599313
<coreycb> jbicha, hi, I'll take a look in a bit
<tuxiano> Hi, I have issues to get gpu passthrough working on a ubuntu 16.04 + intel + nvidia system. I try to run this script: http://paste.ubuntu.com/18644889/ and this is my configuration and other relevant outputs: http://paste.ubuntu.com/18645325/. But I cannot the any output on the monitor connected to the nvidia grafic card.
<tuxiano> *cannot see any output
<sawdog> Hi folks, Iâve got a snap (app) installed that I want to alter apparmor security policy, so that a particular file is writeable. Iâm getting this recommendation from snappy-debug.security; but Iâm struggling to find docs on how this is managed.  Any direction/pointers? Effectively Iâm trying to allow a curl snap application to write itâs output to a file; and snappy is denying it.
<sawdog> guess more like apparmor is denying it
<rharper> sawdog: you might also try in #snappy on freenode
<sawdog> yeah, itâs not really a snappy problem; itâs an apparmor profile issue
<rharper> sawdog: most that i know is that the snappy folks tell you to start with --devmode first
<sawdog> apparmor denies all mknod from enforced apps
<rharper> sawdog: well snappy is using apparmor profiles, so there may yet be an interaction
<rharper> ah, so global policy
<sawdog> yeah; I am just learning whatâs going on in Core - so was mistaken with snappy references; only issue related to snappy is how Iâm installing apps in Core
<rharper> the snappy folks might know a bit about modifying or extending the policy of an snap to allow mknod creation; might also be seccomp filtering the mknod
<sawdog> ubuntu core doesnât have all the apps I need; e.g. aa-complain /apps/bin/curl.curl seems to be a solution; but aa-complain isnât installed; so trying to understand how to change profliles/edit profiles
<rharper> sawdog: you can use snappy in the ubuntu-server 16.04 images
<rharper> that might be easier since more of the tool sets are available (rather than slimmed down core)
<sawdog> well, I need core for installing on an IOT gateway with small internal eMMC device
<rharper> sawdog: sure, but you could try to get the snap working on ubuntu-server image with snappy
<rharper> once working there, transition to a core image
<sawdog> true true
#ubuntu-server 2016-07-07
<grendal_prime> cannot seem to install on hp probook 6560b
<grendal_prime> i just get a black screen with flashing cursor
<sarnold> fiddle with secure boot and uefi/legacy bios settings?
<torodoro> hello!
<torodoro> is it possible to make site on my ubuntu server to be available  only with ssl  secure connection with usage of certificates, but i give to the client my self made certificate. Not the browser download it
<torodoro> sorry for my bad english
<Shoe16> So I installed Ubuntu server with hyper-V on a Windows 10 host
<Shoe16> However startx isn't working
<Shoe16> And lspci returns absolutely nothing
<cpaelzer> torodoro: ssl only apache setup (there are many more sources if you google for it) http://ubuntuforums.org/showthread.php?t=1455655
<cpaelzer> torodoro: and for making/installing certificates https://help.ubuntu.com/lts/serverguide/certificates-and-security.html#installing-the-certificate
<cpaelzer> torodoro: If I understand you correctly you want to avoid the message "invalid certificate, to you want to ... accept"
<cpaelzer> torodoro: which almost sounds like wanting to exploit someone
<cpaelzer> torodoro: never the less the install certificate locally from the link should help to make the local system believe
<cpaelzer> torodoro: browsers might need an extra step I don't know
<cpaelzer> Shoe16: not even a lspci -vvv shows anything?
<cpaelzer> Shoe16: how does that guest even work :-)
<cpaelzer> Shoe16: unfortunately no hiper-v around to test
<hateball> torodoro: you can also use letsencrypt for a free and browser-accepted SSL cert
<cpaelzer> hateball: while it doesn't anwer what he asked for I like your suggestion way more!
<cpaelzer> Shoe16: should be something like here http://www.overclock.net/t/1478179/lspci-produces-no-output (last post)
<cpaelzer> rbasak: if you are around you might want to throw another bug or merge at me
<cpaelzer> rbasak: if it is a merge please do the import into the repo and let me know
<cpaelzer> rbasak: I doubt that I start today, but looking at m other loose ends I might have some time on Monday - and nothing is worse than idling
<Shoe16> cpaelzer: nope
<Shoe16> nothing
<Shoe16> and xorg fails saying
<Shoe16> something along the lines of no screen attached
<Shoe16> however the VM runs fine, has network and all
<cpaelzer> Shoe16: if it has network it has to have some virtual card at least - hmmm
<Shoe16> cpaelzer: thats exactly what i dont get
<Shoe16> network works perfectly fine
<Shoe16> but lspci is empty
<cpaelzer> Shoe16: well lets go backward from there - what does ifconfig report your network is on?
<Shoe16> cpaelzer: the usual, eth0 and lo
<cpaelzer> sometimes also the easy mistakes - "sudo lspci" maybe ?
<Shoe16> cpaelzer: nothing
<cpaelzer> ls -laF /sys/class/net/
<cpaelzer> ?
<Shoe16> cpaelzer: eth0 and lo
<cpaelzer> Shoe16: eth0 should be a symlink to somewhere - where is it pointing to?
<cpaelzer> Shoe16: mine for example is "enp0s25 -> ../../devices/pci0000:00/0000:00:19.0/net/enp0s25/"
<Shoe16>  /devices/LNXSYSTM:00/ something
<Shoe16> let me take a screenshot
<Shoe16> cpaelzer: http://puu.sh/pTeFR/5d885cbbe7.png
<cpaelzer> Shoe16: ok, now we start :-)
<cpaelzer> Shoe16: virtual devices on hyper-v do not use pci
<cpaelzer> Shoe16: they use vmbus
<Shoe16> oh
<cpaelzer> Shoe16: that is why we don't see anything in lspci
<cpaelzer> Shoe16: and that is what matches your screenshot
<Shoe16> and thats why xorg detects no screen
<Shoe16> hmm
<cpaelzer> Shoe16: possible, at least for old xorg
<cpaelzer> Shoe16: if it wouldn't work in general I'd expect more people to complain
<cpaelzer> (or older hiper-v)
<Shoe16> cpaelzer: i just made this VM 2 hours ago
<Shoe16> cpaelzer: and i updated windows last night
<cpaelzer> Shoe16: good, is the ubuntu in the guest a recent release ?
<Shoe16> cpaelzer: 16.04
<cpaelzer> Shoe16: yeah that should really be fine - I wonder if it is just missing a little piece to recognize the HiperV stuff in xorg
<cpaelzer> Shoe16: but as I said initially I don't have one around to test quickly
<Shoe16> cpaelzer: should i just forget this and use znc or something?
<Shoe16> i have no experience with that kinda stuff though
<cpaelzer> znc is an irc bouncer - did you mean vnc ?
<cpaelzer> Shoe16: if you need graphics you likely want a Desktop install anyway - and vice versa people using server usually prefer just a network console
<Shoe16> right, vnc
<cpaelzer> Shoe16: if you can afford the time I'd wonder if graphics work if you install Ubuntu Desktop 16.04 in another hiper-v VM
<Shoe16> cpaelzer: i just need to use a web browser on the guest
<Shoe16> and for that i need graphics
<Shoe16> otherwise im fine with tty
<cpaelzer> Shoe16: if you really want to run your X against vnc you could follow http://askubuntu.com/questions/621313/vnc-server-for-headless-ubuntu-14-04
<cpaelzer> Shoe16: but I'd prefer digging down why it doesn't atch the graphic -and installing an Ubuntu Desktop to see if it is a general issue on your setup would be my first step
<Shoe16> cpaelzer: i just realized, i have 90MB of upgrades pending
<Shoe16> cpaelzer: im downloading those now, will report back
<Shoe16> connection is slow so
<Shoe16> will take time
<Shoe16> cpaelzer: ubuntu live desktop works
<Shoe16> cpaelzer: however shows some 'fatal error' stuff at frist
<Shoe16> and then goes black for a while
<Shoe16> i thought it wasnt gonna work
<Shoe16> and then it did
<Shoe16> however, lspci still returns nothing
<Shoe16> cpaelzer: http://puu.sh/pTfij/06ae930c2f.jpg
<cpaelzer> Shoe16: lspci will not show soemthing as it doesn't use pci as I pointed out before
<cpaelzer> I don't know if there are tools for vmbus
<Shoe16> cpaelzer: how else could you display graphics without pci though
<Shoe16> let me check
<cpaelzer> you have a graphics adapter, just not on a pci bus
<cpaelzer> Shoe16: https://msdn.microsoft.com/en-us/library/cc768520(v=bts.10).aspx
<Shoe16> cpaelzer: could it have something to do with generation 1 vm vs generation 2 vm?
<Shoe16> im using generation 2 on both the ubuntu desktop and server
<cpaelzer> Shoe16: some older hiper-v used pci
<Shoe16> gui appears fine on ubuntu desktop
<cpaelzer> Shoe16: maybe that generation thing is what decides pci or vmbus
<cpaelzer> Shoe16: but since it is working fine you are good
<Shoe16> cpaelzer: arch wiki however says that arch doesnt work properly with gen2
<cpaelzer> Shoe16: very likely your server install misses some packages that make it working in hiper-v whicih are default in the Desktop install
<cpaelzer> Shoe16: unfortunately I don't know which packages
<cpaelzer> Shoe16: essentially Desktop and Server are not so different - the are made fromt he same apckages, just the selection is different
<Shoe16> cpaelzer: arch wiki says to use 'xf86-video-fbdev'. do you know what package this is on ubuntu?
<Shoe16> i did a quick search with aptitude but i cant make sense of the packages
<cpaelzer> xserver-xorg-video-fbdev
<cpaelzer> Shoe16: they are usually all installed as dependency of xorg
<Shoe16> yeah thats installed cpaelzer
<Shoe16> :/
<Shoe16> cpaelzer: installing vnc now
<cpaelzer> Sorry - maybe someone in #ubuntu-desktop has the experience to track down your startx issu
<Shoe16> cpaelzer: i asked there first
<Shoe16> they directed me here haha
<cpaelzer> well, even if not working we got a bit further
<cpaelzer> \O/
<Shoe16> cpaelzer: i got headless vnc working
<Shoe16> good enough for me
<Shoe16> :D
<rbasak> cpaelzer: how about bug 1595901 and bug 1571295. Neither are urgent.
<ubottu> bug 1595901 in pacemaker (Ubuntu) "Missing dependency on dbus" [High,New] https://launchpad.net/bugs/1595901
<ubottu> bug 1571295 in pptpd (Ubuntu Xenial) "pptpd module config loaded at wrong location" [Medium,Triaged] https://launchpad.net/bugs/1571295
<cpaelzer> rbasak: not urgent but need to be done is just right
<cpaelzer> rbasak: thanks
<cpaelzer> rbasak: I assinged them to me and will have a look next monday if nothing else pops up then
<rbasak> Thanks!
<cpaelzer> rbasak: I won't be available tomorrow, do you care to poll the bug status or do you want to wait til next week?
<cpaelzer> rbasak: I could also just send it to you, but I hate to dump so much at you - it is surely less confusing in a two person session
<rbasak> cpaelzer: can we wait until next week please? I'm still wading through MySQL :-/
<cpaelzer> rbasak: of course we can wait - this is up to you only
<cpaelzer> rbasak: let me know if you need a saving lifeboat or so to esacpe any swamp you are wading
<rbasak> Thanks :)
<rbasak> We are slowly untangling everything. It gets better all the time.
<adac> does someone know how to set the "mouse focus" on montitor via xrandr or another application via command line/bash script?
<adac> I would need to start chromium browser 1 on monitor 1 and chromium browser window 2 on montir 2
<adac> *monitor
<roaksoax_> /win/win 4
<rbasak> adac: try asking in #ubuntu. It's not really a server thing, so you're less likely to find people to help you on that here.
<adac> rbasak, kk. I found a solution that seems to work just fine: http://askubuntu.com/a/616395
<rbasak> nacc: bug 1596056
<ubottu> bug 1596056 in init-system-helpers (Ubuntu Xenial) "output of invoke-rc.d for systemd units un-debuggable on failure" [Wishlist,Triaged] https://launchpad.net/bugs/1596056
<rattking> Hello all is anyone here using FAI to install 16.04? I am having issues creating the nfsroot due to systemd and dracut I think
<temhaa> hello there.
<temhaa> I have problem in kvm actually networking in kvm
<temhaa> I hope you can help  me for my problem
<temhaa> I installed kvm to my ubuntu server. And I created guest machine. I want to access to guest from outside
<compdoc> easy to create a bridge. you have more than 1 nic?
<temhaa> I installed network using bridge but I can access just in host machine.
<compdoc> then not done well
<temhaa> compdoc: actually I generally using one nick named temhaa. But I asked to sysadmin channel using different nick.
<compdoc> no. nic = network card
<temhaa> compdoc: omg sorry. My english is very bad.
<compdoc> nick = temhaa
<temhaa> compdoc: actually I installed ubuntu server to my laptop. And I want to create multiple virtual server to that. I assigned static ip to host machine something like 192.168.1.100 but how can I assign ip to use from host network. Actually I want to access from out of host.
<temhaa> compdoc: Do I use nic more than 1 I dont know.
<temhaa> compdoc: you can think me as inexperienced
<compdoc> can you use pastebin.com, and show the file /etc/network/interfaces
<compdoc> temhaa, you have a desktop installed on ubuntu server?
<sarnold> hopefully useful http://wiki.libvirt.org/page/Networking#Debian.2FUbuntu_Bridging
<temhaa> compdoc: Actually I didnt desktop installation but I installed gnome-shell after
<temhaa> compdoc: http://pastebin.com/ePkMvYJV
<temhaa> compdoc: my ifconfig output: http://pastebin.com/T5PW5nC7
<compdoc> Im surprised that works. not how I do it at all
<compdoc> dont mess with virbr0/virbr1 etc. those are auto-created by kvm. I think this will work, but all my servers have more than one nic so I have no examples:  http://pastebin.com/nrS7Dr4D
<temhaa> compdoc: so How can I configure network interfaces in guest
<compdoc> guests are assigned br1
<temhaa> compdoc: I can assign static ip range 192.168.1.0/24 network and using br1?
<compdoc> you should add --network bridge:br1 to the command line that creates the guest. then in the guest, use dhcp or assign an address
<compdoc> first, see what ifconfig tells you after you change /etc/network/interfaces
<sarnold> (note that reboots are the best way to test changes to that file)
<compdoc> I install ubuntu server then add the mate desktop just so I can use virt-manager and the other amazing tools
<temhaa> compdoc: sarnold I am trying now But I have already exist guest. I will apply them
<phoenix_> hello
<phoenix_> i need to configure postfix to send mail from my server to a gmail user how can i do that ?
<bvi> does anyone know a way to swap escape and capslock keys ?
<bvi> and no, not physically ;-)
<sarnold> bvi: the Xmodmap manpage has an example for that specific use :)
<phoenix_> i need to configure postfix to send mail from my server to a gmail user how can i do that ?
<Sling> phoenix_: what have you tried so far?
<Sling> googling for 'postfix relay to gmail' will give you many good tips :)
<bvi> phoenix_, https://easyengine.io/tutorials/linux/ubuntu-postfix-gmail-smtp/
<phoenix_> bvi, my domain is dahliaco.com
<Sling> have you read the page he linked?
<phoenix_> i need to send email from my server for example info@dahliaco.com to a gmail user
<Sling> if you need spoonfeeding for things like this, you shouldn't be running a mailserver..
<phoenix_> Sling, this link is used to send email from gmail
<phoenix_> i dont mean spoofing
<phoenix_> i need to my customers see emails from my company
<Sling> sorry, cba working trough this language and knowledge barrier :)
<Sling> in gmail you can configure your own domain
<Sling> and send mails from your own domain etc.
<phoenix_> i am using laravel and i set smtp in my laravel but hen i send message i see the message has been sent but it is from my gmail account and not from my domain
<Sling> what
<Sling> so which smtp did you configure there?
<phoenix_> smtp.gmail.com port=1587
<Sling> well of course your mails will come from gmail then
<Sling> you're sending them trough their smtp
<Sling> if you are running postfix, configure that host as your smtp
<phoenix_> could you introduce me a link for that
<Sling> for what
<Sling> replacing smtp.gmail.com and that port for your own smtp host and port?
<phoenix_> yess
<Mr_Pan> francia su rigore
<Sling> there is no link for that
<Mr_Pan> sorry
<Sling> you maintain your own laravel application
<Sling> you configure it :)
<Sling> read up on smtp and postfix if this is all a mystery
<phoenix_> so Sling is https://easyengine.io/tutorials/linux/ubuntu-postfix-gmail-smtp/ all i want ?
<Sling> no
<phoenix_> so what ?
<Sling> 21:48:25 < Sling> read up on smtp and postfix if this is all a mystery
<sarnold> start here http://www.postfix.org/documentation.html
<phoenix_> do you know and dont want to say me ?
<sarnold> If you're going to run an email server on the public internet _you_ have to understand what you're running. That's all there is to it.
<phoenix_> i am configuring postfix and in System mail name:   what should i enter ?
<phoenix_> i entered dahliaco.com
<phoenix_> i am going to soccer see you again guys about half an hour please wait for me here
<temhaa> compdoc: If I use that one: http://pastebin.com/nrS7Dr4D  so I can't connect to internet
<temhaa> compdoc: If I remove br1 part in interfaces file then I can access to internet in host machine but It is not creating bridge interface
<guntbert> phoenix_: please really listen to what sarnold said: when you are intending to manage a public facing smtp server you **must** know what you are doing (and why) - so get your feet wet with an internal one first.
<compdoc> temhaa, you there?
<temhaa> compdoc: yes
<compdoc> http://pastebin.com/gk0R7dA0
<temhaa> compdoc: I tried that one: http://pastebin.com/ic000gyL
<temhaa> compdoc: I think they are same :)
<compdoc> the way you created it was correct, but you shouldnt mess with the virtual nets that are created
<compdoc> br1 can be any name you wish
<temhaa> compdoc: But host machine is taking ip address and it is connecting to internet. But I edited guest machine something like that: http://pastebin.com/dn10UHjA But Guest machine is not taking ip address.
<compdoc> if you use dns-nameservers 8.8.8.8 192.168.1.1, sometimes it will use 8.8.8.8 and sometimes 192.168.1.1, so you will get inconsistant results
<temhaa> compdoc: dns server is not related for this issue?
<compdoc> no, you cannot define br1 in the guest. the guest should see the virtual nic assigned to it
<compdoc> like e1000
<compdoc> or rtl8139 is fine
<temhaa> compdoc: I couldnt understand
<compdoc> the guest cant see the bridge
<compdoc> or shouldnt
<temhaa> compdoc: when I reboot host machine I see output of ifconfig: http://pastebin.com/vQumFSNg
<compdoc> that looks great
<temhaa> compdoc: so How can I edit guest configuration file for network(I should write bridge network but how)
<compdoc> when you create a guest you define an virtual nic (rtl8139), and tell kvm what the rtl8139 connects to. (br1). The guest only sees the virtual nic. kvm handles the rest
<compdoc> you should install a desktop and virt-manager. it visually walks you through all the choices and shows you br1, if its created correctly. it makes a lot more sense that way
<temhaa1> compdoc: I have virt-manager unfortunately I couldnt :(  I guess I am idiot
<compdoc> the guest doesnt need to know the bridge. kvm does
<compdoc> guest <> rtl8139 <> br1 <> lan
<compdoc> teh guest only sees rtl8139
<compdoc> no idea why you wouldnt use dhcp
<temhaa1> compdoc: thank you for your replies.  you have been very helpful.  how can I provide connection between rtl8139 and br1. I am not sure should I provide
<jaguardown> Hi all. I run Ubuntu Server 14.04. When others (outside of my LAN) enter my domain name in their browser it resolves fine and my apache2 webpage is loaded. However, all devices on my LAN is unsuccessful at connecting to the webpage as the connection times out.
<jaguardown> is=are*
<jaguardown> I made sure that the domain name is resolving, dns name servers are correct, flushed dns cache in both browser and computer. Most of my troubleshooting is being done from a Windows10 laptop
<temhaa> compdoc: I recreated guest machine and It seems succesfully. I guess "virsh edit" command  is not working (doesnt affect). Thanks a lot
<compdoc> cool
<jaguardown_> Not sure what happened there
<sarnold> jaguardown_: you didn't miss anything while you were ping timing out
<sarnold> jaguardown_: can the LAN machines route to that IP address?
<sarnold> jaguardown_: are you doing the usual RFC 1918 addresses inside the LAN, NAT to a single IP outside?
<sarnold> jaguardown_: .. not all routers will do 'hairpin' routing to allow the internal side of a NAT to contact internal hosts using the external IP address; for those devices it's usually best to configure DNS to give an internal address to internal hosts
<jaguardown_> Ok
<jaguardown_> Ok LAN ip in browser works.
<jaguardown_> Sorry I am listening to you but I am a bit of a newbie with networking.
<jaguardown_> Most likely the answer to your questions are yes, I have a pretty standard setup
<jaguardown_> Nothing out of the ordinary.
<jaguardown_> I know that doesn't help much, sorry
<jaguardown_> Okay to answer your question about routing more intelligently, no the requests are timing out.
<phoenix_> im back
<jaguardown_> brb updating my irc client
<jaguardown> Sarnold: Thanks for the help, I think you've showed me the problem/what I need to do.
<ikat> Hello all. I have a problem with maas. Can anyone help?
<teward> ikat: start by stating the problem, and wait for someone to help you.  Not stating the problem means we don't know whether we can or cannot help you out.
<teward> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<teward> (that includes giving a general description of the problem)
<ikat> Trying to enlist nodes to my rack-controller. I start the node, it gets an IP from the DHCP and thet TFTP times out
#ubuntu-server 2016-07-08
<masuberu> hi
<masuberu> has Ubuntu a tool or a way to restore the / file permission?
<sarnold> masuberu: if you've changed / to something that then forbids you from running commands, you may not have many options except rebooting into a rescue system
<masuberu> ok
<sarnold> masuberu: maybe you can run programs via ../../bin/chmod
<masuberu> you mean boot from original cd and restore it from there?
<sarnold> yeah that should do it
<sarnold> what di dyou change it to? :) and how? :)
<masuberu> is there an option to fix it on the installation menu on the boot cd?
<masuberu> mate, I did the most stupid thing on earth
<masuberu> I run sudo chmod -R 777 / nvme
<sarnold> ahhhhhhh
<masuberu> instead of sudo run chmod -R /nvme
<sarnold> so you've got a lot more than just the permissions on / to fix
<masuberu> yes
<masuberu> basically everything
<masuberu> what would you recommend?
<sarnold> after a good long cry?
<masuberu> is reinstall my only solution?
<sarnold> that's the best solution, but you might be able to get away with comparing against another system
<sarnold> .. and then manually fixing everything. that doesn't sound like fun though.
<masuberu> I thought ubuntu installation cd could fix it
<masuberu> choosing an option from the installation menu?
<sarnold> afaik debian/ubuntu doesn't have any equivalent of other systems's "expected permissions" tools, and I don't think dpkg has any way to report which permissions are wrong and what they -ought- to be :(
<masuberu> hum ok
<masuberu> now my problem is that I can't ssh into it ...
<sarnold> .. because the permissions are too permissive. oooof.
<masuberu> I go to terminal and I can ping outside
<masuberu> the ip of the machine is same as before so no network issues
<masuberu> does it ring any bell?
<sarnold> yeah, ssh is really picky about allowed permissions on its files
<sarnold> try first chmod 755 / /etc /etc/ssh /home ~ ; chmod 700 ~/.ssh
<masuberu> ok...
<masuberu> hasn't complain
<masuberu> shall I restart the machine?
<sarnold> depends; if you want to just re-install, that's not a bad option. if you want to try to fix it, just keep changing permissions on it until it's fixed.. _then_ reboot
<masuberu> i ended up reinstalling
<masuberu> :___(
<phoenix_> hello
<phoenix_> i have configured postfix
<phoenix_> when i try echo "Test mail from postfix" | mail -s "Test Postfix" you@example.com
<phoenix_> echo "Test mail from postfix" | mail -s "Test Postfix" dahlia2.co2016@gmail.com
<phoenix_> i get this error
<phoenix_> Can't canonicalize "/home/dahlia/Maildir"
<phoenix_> Failed to save message in "/home/dahlia/Maildir/sent" - message not sent
<phoenix_> "/home/dahlia/dead.letter" 6/140
<phoenix_> what should i do ?
<phoenix_> is there someone?
<hateball> !patience | phoenix_
<ubottu> phoenix_: Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or http://ubuntuforums.org or http://askubuntu.com/
<hateball> (I don't know)
<hateball> phoenix_: Permissions, perhaps? Also there is #postfix
<phoenix_> #postfix :Cannot send to channel
<hateball> !register | phoenix_
<phoenix_> hateball, i have a domain name dahliaco.com and it is configured on a server i need to my customers recieve emails from info@dahliaco.com
<ubottu> phoenix_: Information about registering your nickname: https://help.ubuntu.com/community/InternetRelayChat/Registration - Type Â« /nick <nickname> Â» to select your nickname. Registration help available by typing /join #freenode
<hateball> phoenix_: I don't know anything about postfix so there's no need to direct towards me :)
<phoenix_> i dont know how can i do that
<phoenix_> omg
<pirx> when i install 14.04 i am asked about the Location (of the server i presume). anyone have an idea of where this is saved? or is it seen in e.g. the timezone only?
<Xin> hey all whats an easy to install web proxy?
<hateball> Xin: nginx
<hateball> Xin: or what do you mean by a proxy? does it need to cache things and so on?
<hateball> !info squid
<ubottu> squid (source: squid3): Full featured Web Proxy cache (HTTP proxy). In component main, is optional. Version 3.5.12-1ubuntu7.2 (xenial), package size 2283 kB, installed size 8060 kB
<Xin> I dont really care about caching
<Xin> ill give squid a crack though, thats what ive always heard about
<Xin> thanks
<Xin> lordy
<Xin> this config is complex lol
<lamont> pirx: /etc/timezone
<foormea> hi. i'm working on a headless server and i'm about to change its mobo. do i have a way to predict the network interface name with the new mobo? with ethX renamed in enXXXX i'm a bit wary of screwing up my config (and i have no access to console or serial on that headless server)
<patdk-wk> yes
<patdk-wk> or add a udev rule
<foormea> mh, could you explain further how to predict the name, or how to add the udev rule, or point me to some doc? :) sorry i'm a bit clueless right now :/
<ogra_> the location also makes apt pick the closest server for your sources.list
<foormea> patdk-wk, got it: https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/    thanks for the hint!
<pirx> lamont: thanks!
<foormea> back to my question about predictable network interface naming: can i somehow have both the predictable (enpXsY...) AND the former standard (ethX) pointing to the same device?
<foormea> this way i'd be able to configure my eth0 during the motherboard change
<foormea> as it's gonna be tricky to know the "predictable" name for that specific slot on that new mobo :/
<ogra_> you mean the unpredictable names taht everyone knew from the top of his head ? :)
<ogra_> you can drop "predictable names" completely by setting net.ifname=0 on your kernel commandline
<ogra_> that will switch bac to the old behaviour
<Odd_Bloke> *net.ifnames=0
<foormea> well i don't really wanna do that: i don't wanna use an older standard. i'd like to have both ethX and enpXsY for a bit, so that i'll know after mobo change the new iface name
<foormea> if i disable it altogether, i won't know the new name under predictable scheme
<ogra_> ah, thanks for the correction (and sorry)
<foormea> i'm thinking of having a script run at bootup that dumps "ip a" into a file, boot with new mobo
<foormea> reboot with old mobo and see the file
<foormea> modify config accordingly...
<foormea> that's a bit overkill
<foormea> but i have no serial/screen/keyboard AND i have no usb HDD reader
<Odd_Bloke> foormea: No DHCP server?
<foormea> i have a dhcp running on the network yeah
<foormea> bt
<foormea> but
<foormea> if that iface is not told in /etc/network/interfaces to come up... it won't, will it?
<foormea> and the thing is, i need to be EXACT in what i'm doing, or i lose my server until i get a screen/keyboard/etc for it :/
<Odd_Bloke> foormea: Well, you can specify configuration for both eth0 and $new_name and still have the option to switch back to the old mobo, right?
<foormea> any thoughts, anything obvious i haven't thought of (apart from reverting to older ethX naming scheme)?
<Odd_Bloke> https://forums.opensuse.org/showthread.php/493546-How-to-predict-predictable-network-interface-names <-- there's a script there which purports to tell you the predictable name
<foormea> yeeeeeeeeeh
<Odd_Bloke> (Note that I had to change the path of lspci, but it worked for me)
<foormea> ohhhh let me see
<foormea> in that case i'd revert to ethX scheme, change mobo, check the "predictable" name with that script, revert config to predictable
<Odd_Bloke> foormea: Right, because you don't actually have the system booted with the new hardware.
<foormea> yep
<foormea> aright very good, very helpful that link you just gave me
<foormea> anyway the background story is: i'm sort of scavenging hardware
<foormea> and just got a hold of a newer mobo/cpu than what i had
<foormea> argh grrr i hope virtualisation is enabled in that mobo's bios...
<Odd_Bloke> foormea: TBH, you might be best off scavenging a keyboard/monitor and doing this another day. ;)
<foormea> yeah perhaps you're right, but i like a challenged
<foormea> challenge
<foormea> well thanks for the tips, i'll give it a thought and let you know how it went if i end up doing it
<Tegu> I had to move a 16.04 usb installation to another machine and had the same naming issue. fortunately, I could connect the other machine to a monitor and check the name there. but I kinda wished it could be automagic :)
<foormea> oh well i'll go ahead for that solution: revert to older naming scheme, get the new name, revert to newer naming scheme
<foormea> worst case it screw it up and won't be able to use it for a few days -- found a keyboard, but i'll need to find a vga cable which i can find in 3 days
<foormea> so i add net.ifnames=0 to end of line "linux   /boot/vmlinuz-4.4.0-28-generic root=UUID=8c3f5192-2348-45f9-ad7f-83360f82589b ro" in my /boot/grub/grub.cfg ?
<foormea> or... http://askubuntu.com/questions/19486/how-do-i-add-a-kernel-boot-parameter might be better
<Dulcin> Hi does ubuntu have a default mail server enabled? I just uninstalled postfix, i dont want my testserver to send out mails
<Dulcin> I probably installed postfix myself I dont remember, but is there anything else I should worry about?
<Dulcin> I'm on Ubuntu 14.04 by the way
<Xin> I need a romanian or estonian or somesuchhh
<phoenix_> hello
<phoenix_> i am configuring postfix
<phoenix_> when i use  echo "This is the body of the email" | mail -s "This is the subject line" dahlia2.co2016@gmail.com
<phoenix_> i get this error
<phoenix_> Failed to save message in "/home/dahlia/Maildir/sent" - message not sent
<phoenix_> "/home/dahlia/dead.letter" 6/159
<Xin> anyone know a CHEAP vps provider in like, estonia/romania etc regions?
<patdk-wk> lowendbox.com
<yoink> KVM issues with 16.04 - basically I run a bunch of 14.04 virual machines (on a 16.04 host) without issue. However I can't seem to connect/setup 16.04 in KVM. Whether I update a working 14.04 VM to 16.04 or start with 16.04 from scratch, it won't get to the console to login.
<yoink> I'm using libguestfs mostly - so virt-builder and virt-install and managing the vms through Virsh.
<rbasak> yoink: uvtool works on 16.04 to start a 16.04 instance. AFAIK cloud images as published work with 16.04's KVM. So I wonder what virt-builder/virt-install are doing differently?
<yoink> rbasak: I'll check with the #libguestfs folks. Other images work fine... maybe it's time to learn a new toolset! :)
<yoink> Reading up on uvtool now. :)
<rbasak> yoink: well the paths are certainly going to be very different. If there is a bug somewhere, it could be in libvirt for example, or just a change in behaviour that causes something unintended. My question is really more about identifying what that thing is to determine where the bug might be.
<rbasak> I've just verified that uvtool successfully started:
<rbasak> release=xenial arch=amd64 label=daily (20160707)
<yoink> I hear that - I'm just running out of playtime. :)
<rbasak> On a Xenial host (that isn't fully up to date probably, but was installed with Xenial freshly after release)
<caribou> rharper: are you still planning on merging multipath-tools ?
<yoink> rbasak: I have an idea... brb.
<caribou> rbasak: rharper: we've just got a multipath-tools patch accepted by multipath-tools's upstream
<caribou> rbasak: rharper: we'll do the submittodebian legwork but I thought that you might want to keep an eye on this one
<caribou> rbasak: rharper: FYI, it's LP: #1570093
<ubottu> Launchpad bug 1570093 in multipath-tools (Ubuntu) "multipath-tools update introduced syslog messages about partx" [Low,In progress] https://launchpad.net/bugs/1570093
<LaserAllan_> hey there, ive got a question, I have a couple of nfs folders that I want to be mounted at startup, should those commands be written with sudo in the rc.local script?
<mdeslaur> LaserAllan_: no, add the mounts you want to /etc/fstab
<LaserAllan_> mdeslaur: Oh, ok, what is rc.local then for launching applications and so on?, ive probably just missunderstood it all
<LaserAllan_> but thanks
<LaserAllan_> but should the nfs mount commands be added with sudo or is it automatic sudo on those?
<mdeslaur> you don't directly add the commands, look at the file, you just need to add an entry to it
<riz0n> Hello guys, I have an HP DL380 G3 server that I have installed Ubuntu LTS on. No GUI. Is there a way to change the system from loading the ATI Rage drivers to just loading Generic VGA drivers? The ATI drivers are causing my system to crash after so long of running.
<mdeslaur> LaserAllan_: rc.local is run with root privileges, so anything you put in there doesn't need sudo
<riz0n> Righ now, as it stands, when the system boots, eventually the system changes and the size of the letters on the screen get very, very small. I want standard VGA with the big letters. Any help would be appreciated!
<LaserAllan_> mdeslaur: Is it the same with fstab?
<LaserAllan_> Since i need to put the nfs mount commands in there
<mdeslaur> LaserAllan_: the mounts in fstab are mounted as root, yes
<mdeslaur> LaserAllan_: but you don't put commands in that file
<LaserAllan_> mdeslaur: So where do I put them then?
<mdeslaur> LaserAllan_: you put them in /etc/fstab, but not the commands. that file is a list, you just add what you want to the list.
<mdeslaur> see here: http://manpages.ubuntu.com/manpages/xenial/en/man5/fstab.5.html
<LaserAllan_> mdeslaur: Hmm, i have never really done this before so what do I put ther ethen to amek nfs folders mount on startup on my other host?
<mdeslaur> something like "servername:dir /mntpoint nfs rw,hard,intr 0 0"
<mdeslaur> see here: https://help.ubuntu.com/community/SettingUpNFSHowTo
<LaserAllan_> mdeslaur: Thanks
<riz0n> OK guys, I uncommented a line in the Grub config that put it in 640x480 then "update-grub" and it booted into 640x480. Any way to see what video drivers are loading and change them to just standard VGA? Or should it be standard VGA since there is no GUI?
<nacc> !crosspost | riz0n
<ubottu> riz0n: Please don't ask the same question in multiple Ubuntu channels at the same time. Many helpers are in more than one channel and it's not fair to them or the other people seeking support.
<nacc> riz0n: what version of ubuntu?
<riz0n> nacc, 14.04.21
<riz0n> Oops 14.04
<riz0n> whatever the latest rel is
<nacc> riz0n: the latest release is 16.04 :)
<riz0n> Well, the latest 14.04 rel ;)
<riz0n> I want to say it's 14.04.3
<riz0n> I'mts
<teward> 14.04.4 is the latest point release :)
<nacc> riz0n: ok, i think you should check what lspci says for your graphics device as to the driver in-use (and/or lshw)
<riz0n> e that doesn't really matter, I'm on 14.04 LTS
 * teward goes back to lurking
<nacc> riz0n: it does matter, actually (given that you have different kernels, and stacks with each hwe stack, potentially)
<riz0n> and my remote desktop is acting goofy
<riz0n> This system is using the 4.2.0-41 kernel
<riz0n> VGA compatible controller: Advanced Micro Devices, Inc. AMD/ATI Rage XL PCI rev 27
<nacc> lscpi -vvv -s <pci address> of that device
<nacc> riz0n: will tell you the kernel module in use
<riz0n> Thanks so much guys. I know this DL380-G3 server is quite ancient, but it
<riz0n> it's rock solid till the NMI PCI error happens (and I've traced it to the video). I hate to fill it full of buckshot over something simple I can easily fix. Plus I don't have the money to buy a new server yet.
<riz0n> The error is "NMI: PCI system error (SERR) for reason b1 on CPU 0" Dazed and confused, but trying to continue
<patdk-wk> hmm, I dunno I would bother messing with it much
<patdk-wk> serr says the video card is bad
<patdk-wk> throw in a pcie video card to replace it with
<patdk-wk> and move on
<rbasak> nacc: I'm a little confused as to why php7.0-mysql's {mysqlnd,mysqli,pdo_mysql}.so don't link to libmysqlclient at all. Could this be a bug? They did in PHP 5 in Trusty.
<rbasak> Or are they statically linking by accident or something?
<nacc> rbasak: looking
<rbasak> nacc: no urgency. I'll ignore it for now.
<rattking> Hello all, I would like to spawn a custom shell on one tty.. I am not sure how to do this since the switch to systemd. does anyone know where that is configured now? It use to be configured in /etc/init/tty?.conf
<nacc> rattking: afaict, /etc/init/tty?.conf still exist with systemd
<rattking> oh perhaps there is another reason its not working then.. thanks
<rbasak> I don't think they're used though, are they?
<rbasak> AIUI, /lib/systemd/system/getty* are what are used now.
<nacc> unclear :/
<rbasak> And you can override with /etc/systemd/system/
<nacc> ah it does seem to be there now
<nacc> rbasak: another case like our init.d discussion of confusing end-results :)
<rbasak> Indeed.
<rattking> heh
<rbasak> It's a consequence of Debian supporting multiple init systems.
<rattking> I will take a look around in /lib/systemd/system/getty* thanks for the tip
<rattking> got it!
<nacc> rattking: nice, congrats! :)
<jrwren> anyone ever see this kind of systemd message? http://pastebin.ubuntu.com/18798467/  "Failed to foward REleased message"  it just spews to syslog every few seconds.
<Toraxmalu> hi
<Toraxmalu> hase someone experience with xen?
<Toraxmalu> after installing xen-hypervisor-amd64 i was confronted with a boot-loop
<PryMar56> Toraxmalu, is your system EFI?
<Toraxmalu> yepp
<Toraxmalu> it is
<PryMar56> Toraxmalu,  dpkg -l xen-hyper*amd64 | grep -i efi
<Toraxmalu> is there a known issue? I've read, that there are is the advise to switch back to BIOS, but that is simply not possible for my case
<Toraxmalu> -are
<PryMar56> maybe there is an efi boot blob in the *.deb
<PryMar56> xen.efi
<PryMar56> maybe not
<Toraxmalu> err...
<Toraxmalu> and that means?
<PryMar56> Toraxmalu, upstream xen includes source for the xen.efi. Not sure is Xenial packages/builds it
<Toraxmalu> okay - you're talking to a windows-power-user... and i understand, that xenial possible didn't compile that important stuff - do you have a link or something, so i can build that thing by myself?
<Toraxmalu> (howto would be nive - sorry)
<Toraxmalu> PryMar56 - I've found the Issue-List
<Toraxmalu> it is simply not possible with UEFI with ubuntu 16.04
<Toraxmalu> well - thank you for your efforts
<Toraxmalu> and sorry for the distrubence
#ubuntu-server 2016-07-09
<Xin> hii
<hunq8> how do you copy and paste a selection?
<hunq8> basically i have a line of text
<hunq8> and i want to copy and paste it
<hunq8> they have mouse input packages but are those secure?
<bekks> ?
<hunq8> basically i am trying to be able to ssh into my server
<hunq8> i have to do something but i have no idea what i'm doing
<bekks> And whats keeping you from doing so?
<hunq8> well i would like to open port 22 so i can ssh into my server
<hunq8> i'm making a test dev environment and i will be building my first rails app
<bekks> So you have a server, located at some hosting company? Or is it located at home, next to you?
<hunq8> it's at home next to me
<bekks> So just login via ssh.
<hunq8> what if it was remote?
<lucz> my server is giving me this message when I try and rm a file
<lucz> bash: cannot create temp file for here-document: No space left on device
<lucz> I try and type rm a.. *tab* and then it says that ^
<lucz> running df -h doesn't show that it's run out of space
<lucz> nvm I fixed it
<phoenix_> hello
<phoenix_> i have a question and i dony know can someone help me to do that
<phoenix_> i didnt  have enough money to buy a host
<phoenix_> i installed ubuntu server in my laptop
<phoenix_> and i configured my modem and forward my local ip
<phoenix_> <phoenix_> i installed ubuntu server in my laptop
<phoenix_> <phoenix_> and i configured my modem and forward my local ip
<phoenix_> <phoenix_> now when i enter my global ip i can see my apache page
<phoenix_> <phoenix_> i configured my  domain name also
<phoenix_> <phoenix_> now when i enter my domain name i connect to my apache page
<phoenix_> <phoenix_> problem is i want to send emails from my domain to gmail and yahoo accounts
<phoenix_> * Vertel has quit (Ping timeout: 276 seconds)
<phoenix_> <phoenix_> for example from info@mydomain.com to gmail and yahoo accounts
<phoenix_> <phoenix_> i dont know how  can i do that
<steflin2> Bonsoir
<asgharpolo> hello
<asgharpolo> anyone?
<asgharpolo> hi
<asgharpolo> hi
<asgharpolo> hi
<xlogik>  quest
<jak2000> before i do an apt-get upgrade and apt-get update  i can acccess my sites: manzana.noip.me by sample after apt-get upgrade and apt-get update i cant wich need check?
#ubuntu-server 2016-07-10
<LeMike> hello. I am not good enough with servers so I have a question. Is it correct, that HTTP (TCP) always allows SNI? So would it be possible to multiplex the HTTP-Port and divide SSH-Logins by their hostname (due to incoming SNI)?
<tomreyn> LeMike: so... SNI (server name indication) is an extension to the TLS (transport layer security) transport encryption. TLS can be wrapped around any TCP based application protocol, such as HTTP. For it to be useful, all of the application protocol, server and client implementation, need to be modified to be able to communiacte with this TLS extension (SNI). to my knowledge thia has only been done for HTTP so far.
<tomreyn> i.e. you can probably not wrap SSH into TLS + SNI, using the SNI hostname as part of the SSH authentication, unless you also modify the SSH protocol and server and client implementations.
<tomreyn> maybe you should discuss where you're coming from / what your actual goal is.
<patdk-lap2> heh?
<patdk-lap2> didn't think ssh actually used ssl/tls
<tomreyn> it doesn't, except for openvpn functionality, i think
<tomreyn> but i think lemike meant to wrap ssh in https/tls somehow
<LeMike> yee tomreyn . I was hoping for some solution to redirect SSH Logins to their endpoints. I have one "proxy" which should handle the redirects but the SSH protocol gives me nothing usable to distinguish the clients. Except for their ssh-key but this is a thing I should not use.
<patdk-lap2> openvpn!=openssh
<tomreyn> LeMike: use ipv6 or NAT
<LeMike> oh okay. can you please explain this a bit tomreyn ? I am weak at networking and resolving this issue. Just about to learn managing server ;) What has IPv6 and NAT that will help here?
<LeMike> I think I only have one IPv6 to the server
<tomreyn> LeMike: you have just oine server? you were referring to multiple "endpoints", though?
<LeMike> the endpoints are docker container within that server, tomreyn.
<tomreyn> oh, and they all run on the same ip address?
<tomreyn> isnt docker meant to run just one task within a container as non root user? setting up ssh access to those containers makes me think you want to use those as a cheap and insecure virtualization replacement.
<tomreyn> if you plan to do actual virtualization then most providerrs will allocate / route several ipv6 to you for free.
<compdoc> my server has a bunch of ram disks created somehow. how can I find whats using them, or remove them:  Disk /dev/ram1
<XinZhao> compdoc; set your server on fire with petrol
<XinZhao> oops sorry wrong window
<compdoc> can I use regular petro, or do I need premium?
<XinZhao> crude oil would be best
<OerHeks> compdoc, sounds like GPT to me, reading with fdisk
<OerHeks> try parted -l
<jrwren> LeMike: there is no solution for that. You can use different ports than 22 in the host and map them to 22 in the container.
<antonispgs> hey guys
<antonispgs> 2TB, 16GB RAM how much swap and how big of a / directory would you suggest?
<jrwren> zero swap partition (or accept default, because its a hassle to do in installer) and install swapfile later to allow swapping as needed.  everything in /, no other partitions,  unless you tell us what you will be doing. ;]
<antonispgs> intended as a seedbox, there is a control panel that does the original installation, i have the option to remove the /home directory and has 512MB of swap by default. not to be shared
<jrwren> if it is from a VPS reseller who specializes in seedboxes, I'd use their defaults.
<antonispgs> yea makes sense
<antonispgs> thats what i thought, i see the old double the ram rule is no longer suggested
<jrwren> no, I think that has not been true for a LONG time.
<LaserAllan> anyone in here any familiar with postfix and smtp?
<JanC> LaserAllan: there are several people who use it, but you better ask whatever question you have
<LaserAllan> JanC: ok so i ahve setup my own mailserver and I seem to have some issues with my xymon monitoring and fail2ban to send stuff to my new email. not sure what logs to look through
<LaserAllan> JanC: I am not sure where to look, what log files to check, I have checked mail.log and the email in question seems to have been processed but I am not sure what has happened to it after that
<JanC> postfix normally logs to /var/log/mail.log & /var/log/mail.err
<LaserAllan> JanC: Lemme check mail.err
<LaserAllan> the err log has no activity since lik 6-7 hours back
<JanC> if mail.log says that it was processed correctly you should check where it sends it too?
<LaserAllan> it sends it to the correct domain but i cannot see it in thunderbird
<JanC> can you check the logs on the mail server for that other domain?
<LaserAllan> Hmm, do I have to setuip a myssql user for the failbvan mailing?
<LaserAllan> they Ive done it this far is having it mail my MS mail and the just forward it to my other email but its not a good solution
<JanC> MS mail?
<LaserAllan> Microsoft
<JanC> as in live.com/hotmail stuff?
<LaserAllan> Yes
<LaserAllan> but i now want it to you know be like "fail2ban" atmy domain
<JanC> make sure the domain you use in the From: allows sending mail from your server...
<LaserAllan> Well it should since theyre both on the same server, i have tried sending to other emails and its worked so far
<JanC> Microsoft probably requires you to set up SPF and/or DKIM
<LaserAllan> Well the reason I wanna change is so i dont hav eto deal with Microsoft anymore
<LaserAllan> I have my domain emial and i want fail2ban to use that instead
<LaserAllan> ill give you an example of the log i found
<JanC> if you have your own mail server, send it directly to that?
<LaserAllan> thats what Ive done but it doesnt show up in the inbox :)
<LaserAllan> ah
<LaserAllan> just found the error
<LaserAllan> I am stupid sometimes
<LaserAllan> I had written "se" instead of com
<LaserAllan> not weird that it doesnt work
<JanC> LOL
<LaserAllan> :D
<JanC> PEBKAC
<LaserAllan> I have just started to use Thunderbird
<LaserAllan> its really neat to be honest
<JanC> I use Evolution, because Thunderbird lacks/lacked some features
<LaserAllan> Interesting
<JanC> at least back when I last used it  :)
<LaserAllan> Evolution you say?
<LaserAllan> What features?
<JanC> filtering on mailing lists & such (IIRC Thunderbird now supports it somewhat with an addon, but still), bugs in the plain text editor, etc.
<LaserAllan> damn
<LaserAllan> Maybe i should look at Evolution
<JanC> but that was really years ago  :)
<LaserAllan> hmm
<LaserAllan> since my fail2ban is also ran on the same server as the mailserver it should take miliseconds for the mail to arrive
<JanC> at least 8-10 years ago
<LaserAllan> weird
<LaserAllan> damn:P
<JanC> mail clients often only check for mail every 5min or so
<LaserAllan> lemme see if i can do a manual refresh
<JanC> (or every 15min or whatever you set it to)
<JanC> (some IMAP servers & IMAP clients also support a push protocol, but that only works if both support it)
<LaserAllan> hmm
<LaserAllan> It seems like it works now
<LaserAllan> not sure though since when restarting fail2ban i usually get an email with it
<JanC> cool, so problem solved  \o/
<JanC> oh  :)
<LaserAllan> I acutally dont know since ive not gotten the "start" mail its only sent the ips its banned:S
<LaserAllan> hmm
<JanC> ban yourself?  ;)
<JanC> (don't!)
<LaserAllan> I guess i could or just use a vpn ip and fix it that wau
<LaserAllan> "way
<LaserAllan> ok
<LaserAllan> just banned myself with an ip from romania
<LaserAllan> ok
<LaserAllan> fail2ban hasn't sent me anything just yet
<LaserAllan> hmm
<LaserAllan> will see if it happens soon then
<LaserAllan> JanC: Well this is interesting but also abit frustrating it seems to not have sent an email about the ban it should have done
<LaserAllan> the ban is done but the actual email doesn't show up in mail.log
<LaserAllan> JanC: Hmm
<LaserAllan> The log seems to have sent another fail2ban email but its showed up in the inbox for some weird reason
#ubuntu-server 2017-07-03
<teward> this is a stupid question but are we doing a meeting for Server Team on tuesday?  I have to ask because tuesday's a national holiday here in the USA
<hehehe> hi
<hehehe> what is used in open source word
<hehehe> as google analytics alternative
<andol> hehehe: Some people like https://piwik.org/
<hehehe> yes
<hehehe> their channel is dead
<hehehe> :)
<hehehe> irc channel
<hehehe> i saw 1 more company i sense offering for 99 usd an open source analytics
<hehehe> for opencart app
<hehehe> and http://eanalytics.de/product/eanalytics-features.html
<hehehe> andol: have u tried piwik?
<andol> Nope
<hehehe> https://plugins.piwik.org/HeatmapSessionRecording
<hehehe> piwik no good :D
<hehehe> heat map does not cost that much
<hehehe> maybe I am wrong
<lordievader> Good morning
 * smoser smiles
<smoser> You have to download a total of 263 M. This download will take about
<smoser> 33 minutes with a 1Mbit DSL connection and about 10 hours with a 56k
<smoser> modem.
<smoser> (from apt)
<smoser> i have *got* to get a faster modem
<LeMike> Yayyy. I just crushed my server it seems. well almost. It is a VM within proxmox and I enlarged the HDD. since then it runs for ~3 minutes (after reboot) and then I can't ssh into it. Just won't answer on port 22 but sometimes on port 80 with it's web stuff. I truly need help :/
<LeMike> Does a disk get a new uuid when it's resized?
<hehehe> if I make sh file to change some dirs permission
<hehehe> is it safe to use on a server?
<hehehe> provided it owned by root
<nacc> hehehe: what does the ownership have to do with the safety of using a script?
<nacc> hehehe: why are you scripting changing a specific directory's permissions?
<hehehe> less typing
<smoser> LeMike, any hints as to what are going on are on the console.  and recovery is probably done from there too
<LeMike> smoser: I just found out that the swap partition was "extended" so I changed it to swap LFS. It's rebooting and I wait if this was the problem. "Running out of memory" or hanging due to that.
<nacc> hehehe: i mean, are you having to run this many times?
<hehehe> yes
<nacc> hehehe: why are you having to change the permissions on a server multiple times?
<hehehe> lol
<hehehe> cause i upload files via sftp
<hehehe> hmm in fact
<hehehe> i only need chown
<hehehe> u right
<nacc> hehehe: right
<nacc> hehehe: and i think you can probably configure that on the sftp server side
<LeMike> I wonder: Why isn't GID for the dir an option? (chmod 2775 + umask 0002)
<nacc> LeMike: you mean setgid bit? i believe it works fine
<LeMike> yee. that one.
<nacc> LeMike: i'm pretty sure it works ok (note that you can't clear it with the numeric codes per the manpage)
<nacc> LeMike: if you're able to pastebin an example failure (and which version of ubuntu), that might help
<ahasenack> nacc: around?
<ahasenack> nacc: can you see at a quick glance what's wrong here? https://launchpadlibrarian.net/325730535/DpkgTerminalLog.txt (from https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1700740)
<ubottu> Launchpad bug 1700740 in apache2 (Ubuntu) "package apache2 2.4.18-2ubuntu3.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New]
<darinavbt> Hi
<darinavbt> I'm having a problem with a Canonical Landscape-deployed Openstack cloud. I can't attach a volume to an instance. Is someone around who could help me a bit?
<nacc> ahasenack: pong, looking
<ahasenack> nacc: sorry, I commented there a bit
<ahasenack> didn't mean to jump ahead, but I tried installing php7, even tried an upgrade from trusty, and it all worked as expected
<nacc> ahasenack: yeah that's an unexpected issue
<ahasenack> we'll see if we get some feedback
<nacc> ahasenack: note they've made a lot of local modifications to the config, per the apport log
<ahasenack> nacc: oh, but they weren't attached :(
<ahasenack> I almost asked for /etc/apache2/* because indeed they could be pointing at another directory for modules
<darinavbt> I'm having a problem with a Canonical Landscape-deployed Openstack cloud. I can't attach a volume to an instance. Is someone around who could help me a bit?
<rbasak> A bunch of people are out at the moment because of the US public holiday tomorrow.
<darinavbt> Yep. I know. My office only has about half as many people in it today as usual.
<hehehe> hello
<hehehe> :))
<hehehe> who is alove here?
<hehehe> *alive
<hehehe> :D
#ubuntu-server 2017-07-04
<cpaelzer> good morning
<_KaszpiR_> yawn
<cpaelzer> fake yawn
<cpaelzer> good morning when you are awake then _KaszpiR_ :-)
<_KaszpiR_> not a fake yawn
<_KaszpiR_> i was actually yawning
<_KaszpiR_> :D
<lordievader> Good morning
<ahasenack> I wonder if we are missing a mysql apparmor profile update, perhaps in relation to ubuntu release upgrades
<ahasenack> [19378.169972] audit: type=1400 audit(1499083212.677:41): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/7588/status" pid=7588 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
<ahasenack> that system was originally installed as saucy salamander
 * ahasenack checks current apparmor profile
<rbasak> cpaelzer, ahasenack: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1658239
<ubottu> Launchpad bug 1658239 in apparmor (Ubuntu) "base abstraction missing glibc /proc/$pid/ things" [Undecided,New]
<rbasak> We could SRU that if it's causing a problem.
<ahasenack> rbasak: ok, will check, thanks for finding the bug
<wolflarson> hey, is there an open UPS monitoring software that works with most UPSs?
<wolflarson> most of the stuff I find out there by manufactures is Java and I dont really want to run java on my server
<mdeslaur> wolflarson: there's "nut"
<mdeslaur> wolflarson: http://networkupstools.org/
<wolflarson> thanks reading up on it now
<whoiswhere> heya
<whoiswhere> :D
<whoiswhere> for some reason my server cant resolve hostnames when I ping
<whoiswhere> like ping google.com
<whoiswhere> I use ovh
<whoiswhere> it looks like dns is down?
<whoiswhere> or what
<tarpman> whoiswhere: if it was working previously, maybe you want #ovh
<whoiswhere> yes ty
<whoiswhere> tarpman:  hmm anyways it seems it something with a server
<whoiswhere> when I add 8.8.8.8 it still wont resolve
<whoiswhere> 16.04 server - where does it conf dns server ip?
<whoiswhere> or how it uses dns to resolve say ubuntu update servers name
#ubuntu-server 2017-07-05
<whoiswhere> forgot to add nameserver before ip
<whoiswhere> o well :D
<whoiswhere> so quit
<whoiswhere> quite
<whoiswhere> do people here talk only when at work?
<whoiswhere> :)
<cpaelzer> good morning
<lordievader> Good morning
<zetheroo> I am trying to figure out how to make a trigger expression for disk space being less than 10 percent ... but really not having much luck figuring this out
<zetheroo> sorry ... wrong room :P
<lordievader> zetheroo: In Zabbix? Or what?
<zetheroo> yeah :D
<lordievader> Let me check how I did it.
<lordievader> zetheroo: I'm using the pfree: `vfs.fs.size[{#FSNAME}, pfree].last()}<10`
<zetheroo> lordievader: thanks ... I just discovered the prototypes in the default templates
<darinavbt> Hi all. I'm using a Canonical Autopilot-deployed OpenStack and I'm having problems attaching a Cinder/Ceph volume to instances. Could someone help me? This is the last major issue before we put this into testing.
<darinavbt> Or does Canonical have sales engineers or something that I could call?
<nacc> dpb1: --^ would you know?
<nacc> ahasenack: you can use `dep3changelog` to generate a consistent changelog message from the DEP3 headers
<nacc> ahasenack: re: squid3 MR
<nacc> *MP
<nacc> ahasenack: also, it's possible you need to be using continuation lines in the Description: section
<nacc> ahasenack: see the second sample at http://dep.debian.net/deps/dep3/
<dpb1> darinavbt: what errors are you getting?
<darinavbt> dpb1: I get no errors in Horizon itself. It looks like it attaches. But it doesn't.
<darinavbt> I've just started working on this over the past couple of weeks, so I'm still getting used to how it's all set up (e.g. getting into the Juju environment, what services run where, log locations, etc.)
<darinavbt> Let me see if I can get something out of the logs for you.
<darinavbt> In nova-compute.log on the node hosting the instance: " Failed to attach volume at mountpoint: /dev/vdb", then a stack trace, then "TypeError: Argument must be bytes or unicode, got 'NoneType'"
<dpb1> darinavbt: what command line did you use to attach?
<ikonia> darinavbt: so you can't connect to a virtual disk
<darinavbt> I am using Horizon to try to attach it
<darinavbt> No errors in Cinder logs, from what I can tell.
<darinavbt> ikonia: Correct. I have an instance. I have a volume. I go to the instance, choose "Attach volume", Horizon says it's attaching, but it doesn't attach.
<darinavbt> Google and I have been over and over that error and "can't attach volume to instance", etc. I see others having this issue, but no real answers. I'm actually a bit surprised that it didn't work out of the box.
<dpb1> ya... :/  I suspect it's bit rotted a bit.
<darinavbt> I see some "WARNING Deprecated" things in the Keystone log, but that's it.
<darinavbt> This is a fresh installation as of two weeks ago
<darinavbt> MAAS+Autopilot deployed. More than enough hardware according to the requirements. Everything else seems to work so far, except this.
<dpb1> darinavbt: out of curiosity, did you check cinder.conf and if rdb_user was set?
<dpb1> darinavbt: as you have obviously checked, google seems rife with people hitting this, and not with answers
<darinavbt> Have a meeting. Back in a bit. yes, I think I checked that...
<dpb1> darinavbt: https://askubuntu.com/questions/913365/openstack-autopilot-cant-attach-volume-to-an-instance -- is that a good synopsis of your problem?
<nacc> ahasenack: i believe my comments in MP: #326034 applies to all of them for that bug, so I won't repeat the comments everywhere, if taht's ok with you.
<ahasenack> ok
<nacc> ahasenack: re: LP:#1669193, for the artful change, is that dropped by your merge? Can you do it in your merge?
<nacc> ahasenack: rather than me reviewing two different changes
<ahasenack> let me check what that is
<nacc> sorry, LP: #1669193
<ubottu> Launchpad bug 1669193 in bind9 (Ubuntu) "feature request - json stats output" [Undecided,In progress] https://launchpad.net/bugs/1669193
<ahasenack> yeah, I didn't include it, totally forgot about that thing
<ahasenack> that was from the debdiff days
<nacc> ahasenack: ok, if you want to update the bind9 merge, then i can review it as part of the merge
<ahasenack> ok, will do
<nacc> ahasenack: that would be one less step for me as reviewer :)
<ahasenack> definitely
<nacc> ahasenack: i'll update the card
<nacc> ahasenack: i'm also going to unsub sponsors there
<ahasenack> nacc: bind9 changes done
<ahasenack> and lp linked the mp automatically to that bug, nice
<darinavbt> OK. Back
<darinavbt> dpb1: No. I don't remember seeing the libvirt errors
<darinavbt> I'll look again, though (it's been a couple of days since I looked at this).
<darinavbt> No. No errors in the libvirt log for that instance.
<ahasenack> nacc: I can't find your MP comments in the openvpn-auth-ldap one, did you forget to save them perhaps? Were they inline comments?
<dpb1> Daviey_: ok
<dpb1> Daviey_: sry
<dpb1> darinavbt: ok.  can you pastebin the output you are seeing that has the stacktrace in it (nova-compute.log)
<darinavbt> dpb1: https://pastebin.com/XHsZkVxG
<nacc> ahasenack: inline comments, let me look
<nacc> ahasenack: ah sorry, i saved the indiv. comments but not the comemnt in the MP itself, updated just now
<ahasenack> ah, now I see "show diff comments", cheers :)
<nacc> ahasenack: sorry about that! TIL :)
<ahasenack> nacc: going over it quickly, just a comment about this one: "And I believe the Author lines need to be e-mail addresses?"
<ahasenack> nacc: I don't have his email address. It's hidden in his lp page
<nacc> ahasenack: ah i see
<nacc> ahasenack: i'm not sure what we're supposed to do there
<nacc> rbasak: --^ ?
<ahasenack> nacc: this is how he presented the fix: https://bugs.launchpad.net/ubuntu/+source/openvpn-auth-ldap/+bug/1602813/comments/0 (the original bug comment)
<ubottu> Launchpad bug 1602813 in openvpn-auth-ldap (Ubuntu Zesty) "openvpn-auth-ldap causing segfault on network timeout" [Medium,In progress]
<ahasenack> original description, that is
<nacc> ahasenack: i see
<ahasenack> I only got his name because he "signed" that comment with it
<nacc> ahasenack: right
<nacc> ahasenack: which sort of implies that maybe that lp id isn't actually (just) his
<nacc> ahasenack: it's a team id (iiuc)
<ahasenack> it sounds like a group, yes
<ahasenack> nacc: how about this, from his gpg key: "Foxpass Engineering Team <eng@foxpass.com>"
<nacc> ahasenack: that at least seems better :) i'm not sure how much digging is expected
<nacc> ahasenack: as in, to find this information yourself
<ahasenack> but incorrect credit is worse than incomplete credit
<nacc> ahasenack: true
<nacc> ahasenack: i guess the lp link lets them contact the user
<nacc> ahasenack: it just feels like it doesn't fit dep3
<ahasenack> we could also link https://launchpad.net/~foxpass-dev/+contactuser, that's more direct
<ahasenack> or ask
<ahasenack> but it's a 1yo bug
<ahasenack> I can fill in the lp contact form, we can wait until tomorrow
<nacc> ahasenack: ack, i hadn't done that digging yet, was just reviewing what was in front of me :)
<nacc> ahasenack: maybe ask slangasek in #ubuntu-release what he would do
<ahasenack> asking
<dpb1> darinavbt: just to confirm, you have a xenial/ocata deployed cloud, right?
<darinavbt> Xenial, yes
<dpb1> ok
<dpb1> if it's xenial with autopilot, it's ocata, that's enough
<darinavbt> Whatever Autopilot installed for OpenStack is the version. It's not Ocata, is it?
<darinavbt> k
<darinavbt> Xenial, then MAAS 2.1.5, then etc.
<dpb1> darinavbt: I might have a couple more commands for you to run, but let me do some more looking  so I don't send you on a wild goose chase
<darinavbt> No problem.
<darinavbt> This is my main project at the moment, so let me know what to check or what to do.
<pettis> Has anyone else experience the boot messages being output to the shell at the login prompt/early after login? I.e. https://i.imgur.com/bXGQqV3.png .  On 16.04.2, fresh install.
<dpb1> k
<dpb1> pettis: that's normal, afaik.  ubuntu pushes the login prompt before it's finished everything in the boot up sequence.
<sarnold> pettis: I haven't seen it but it's not entirely unexpected; systemd apparently fires up everything it can as soon as it can, and starting the gettys on the terminals may just happen before the other tasks, since they aren't _needed_ to be up before the gettys..
<dpb1> darinavbt: pastebin of a `juju status` would be helpful
<pettis> Ahhh, thank you both, that makes sense, good to know.
<dpb1> darinavbt: also, take a look at this: https://bugs.launchpad.net/charm-nova-compute/+bug/1671422
<ubottu> Launchpad bug 1671422 in OpenStack nova-compute charm "charms: nova/cinder/ceph rbd integration broken on Ocata" [Critical,Fix released]
<dpb1> darinavbt: actually, attaching directly to that bug would be nice.
<ahasenack> won't dep3changelog tell me what's wrong with the dep3 header? Just that it is "invalid"?
<ahasenack> $ dep3changelog debian/patches/openvpn_ldap_timeout_fix-lp1602813.patch
<ahasenack> debian/patches/openvpn_ldap_timeout_fix-lp1602813.patch: Invalid DEP3 header
<nacc> ahasenack: i have some local changes that try to help with those error messages -- it's a pretty easy perl script
<ahasenack> did you forward them upstream? :)
<nacc> ahasenack: that messages means either no description or (no origin or no author)
<nacc> ahasenack: not yet :)
<ahasenack> it was an empty line
<darinavbt> That bug I've seen
<ahasenack> I had an empty line between the end of the (long) description, and the next field
<darinavbt> But I'm not seeing libvirt errors
<nacc> ahasenack: right, i think that's sort of known
<nacc> ahasenack: basically, when `dep3changelog` sees the first all-empty line, it stops parsing
<ahasenack> you can't suggest me to use a tool that is broken like that :)
<nacc> ahasenack: technically it should be allowed to see one or two empty lines
<nacc> ahasenack: well, don't have stray empty lines :)
<nacc> ahasenack: technically they aren't supposed to be there in the headers (iirc)
<ahasenack> I was even told in another patch to use empty lines to make it visually look better
<nacc> ahasenack: which other patch?
<ahasenack> it's in your queue somewhere :)
<ahasenack> a bigger one
<nacc> ahasenack: heh
<darinavbt> So, ubottu and dpb1, if there's a fix for that bug, is there a patch or script to run to fix it in my deployment?
<ahasenack> ok, so no empty lines
<darinavbt> Or instructions, like "copy this key from here to all nova compute nodes" or something?
<nacc> ahasenack: just going off the dep3 spec, empty lines specify the end of headers, and there can be at most two dep3 headers
<ahasenack> ok
<ahasenack> is this syntax correct? "  Closes LP: #1602813."
<ubottu> Launchpad bug 1602813 in openvpn-auth-ldap (Ubuntu Zesty) "openvpn-auth-ldap causing segfault on network timeout" [Medium,In progress] https://launchpad.net/bugs/1602813
<ahasenack> closes + lp
<ahasenack> dep3changelog did that
<nacc> ahasenack: it's allowed, yes
<ahasenack> no ()?
<nacc> ahasenack: the () are not necessary
<ahasenack> it's a mix between debian, launchpad, and something else
<ahasenack> ok
<nacc> ahasenack: iirc, the regx is just looking for LP: # for ubuntu bugs and Closes: # for Debian bugs
<darinavbt> dpb1: "juju status" output from the controller: https://pastebin.com/Rk6pAGFG
<rbasak> nacc, ahasenack: AFAICT, there's no strict spec for the Author field. The normal style makes the most sense when available. If the email isn't known, I think it's fine for it just to be what is known - whether a name or a URL or whatever.
<rbasak> eg. "Author: https://launchpad.net/~someone" would be fine IMHO.
<ahasenack> ok
<nacc> rbasak: ok
<dpb1> darinavbt: on that bug, ask.  there might be, but posting it there will get the right people involved.
<darinavbt> Two bugs were mentioned. You mean this one: https://bugs.launchpad.net/openstack-ansible/+bug/1697782
<ubottu> Launchpad bug 1697782 in openstack-ansible "Mounting of ceph-backed cinder volumes is broken after Ocata upgrade" [Undecided,New]
<dpb1> darinavbt: your paste with juju status output and the log output will be helpful there.
<dpb1> darinavbt: yup, that one
<darinavbt> OK. Plus "how can I fix this?" :P
<dpb1> yup, ask if there is a workaround on the bug
<darinavbt> k
<darinavbt> Done
<dpb1> darinavbt: crap
<dpb1> you asked and I told you the wrong one
<darinavbt> Crap?
<dpb1> this one please
<dpb1> https://bugs.launchpad.net/charm-nova-compute/+bug/1671422
<ubottu> Launchpad bug 1671422 in OpenStack cinder charm "charms: nova/cinder/ceph rbd integration broken on Ocata" [Undecided,New]
<dpb1> same comment is fine.
<dpb1> sorry!
<darinavbt> LOL
<darinavbt> No problem. Done.
<dpb1> thx
<darinavbt> Two-for-one deal ;)
<dpb1> heheh
<dpb1> great, perfect
<darinavbt> Those are the same issue, though, aren't they?
<dpb1> think so.
<darinavbt> Just from different deployment angles.
<dpb1> but different projects.
<dpb1> right
<dpb1> I added that on the 'openstack-ansible' one.
<dpb1> 1671422 is the one that is closer to the deployment style that you are attempting, so should have the right people looking at it
<darinavbt> Yep
<nacc> ahasenack: are you around?
<ahasenack> nacc: briefly, what's up?
<nacc> ahasenack: oh it's ok, i just put some comments in the bind9 merge and though it might be easier to discuss in a HO. but we can do so tmrw too
<nacc> ahasenack: working through the samba merge now
<ahasenack> yes, better, thanks
<hehehe> hey folks
#ubuntu-server 2017-07-06
<cpaelzer> good morning
<lordievader> Good morning
<rbasak> cpaelzer: importing
<cpaelzer> thanks rbasak, will you ping me when complete?
<rbasak> ack
<rbasak> nacc: interesting. Got an error using your branch
<rbasak> 07/06/2017 07:37:08 - ERROR:stderr: pristine-tar: Unknown subcommand "verify"
<rbasak> 07/06/2017 07:37:08 - WARNING:Tarball at %s has already been imported to Debian
<rbasak> with different contents
<rbasak> I guess that doesn't exist on Xenial?
<rbasak> Though my mistake - I thought I was on master.
 * rbasak retries from master
<rbasak> cpaelzer: done
<cpaelzer> thank you rbasak
<zioproto> coreycb: I was just reviewing my TODO list, I found that this merge request needs some love: https://code.launchpad.net/~zioproto/ubuntu/+source/python-cinderclient/+git/python-cinderclient/+merge/326291
<zioproto> or whoever has time to have a look :)
<zioproto> we are carrying this patch in production
<zioproto> without it you will not be able to delete a heat stack, where a cinder volume was already deleted manually
<zioproto> it is a clean cherry-pick from Ocata
<coreycb> zioproto: i think yakkety is EOL
<coreycb> zioproto: do we need that on xenial?
<zioproto> yes for xenial
<zioproto> coreycb: yes for xenial
<coreycb> zioproto: ok
<coreycb> zioproto: that shouldn't be applicable to xenial since xenial is at webob 1.5.1
<coreycb> zioproto: newton is still supported though so we need it there
<zioproto> coreycb: I have python-webob 1.6.1-1~cloud0
<zioproto> installed from
<zioproto> http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/newton/main amd64 Packages
<zioproto> makes sense ?
<coreycb> zioproto: yes that makes sense for xenial with the newton cloud archive
<zioproto> so the python-cinderclient patch for the newton cloud archive makes sense, right ?
<zioproto> I meant the patch to be merged into the newton cloud archive, not in the upstream xenial. I think xenial has only mitaka packages
<coreycb> zioproto: i'm going to upload this to xenial and the newton cloud archive.  xenial client against newton server would need this.
<zioproto> coreycb: ok, is there any other push/commit action required on my side ?
<coreycb> zioproto: nope, but if you wouldn't mind verifying the fixes once they're in proposed and tagging the bug accordingly, that'd be helpful
<zioproto> OK ! sure I will do that
<coreycb> zioproto: thanks :)
<caribou> nacc: FYI regarding LP: #1658733, I have a fix ready that I'm about to push to Debian, so I took back ownership of the bug
<ubottu> Launchpad bug 1658733 in makedumpfile (Ubuntu) "Ubuntu 16.04.2KVM:kdump fails to mount root file system on multipath root device" [Undecided,In progress] https://launchpad.net/bugs/1658733
<nacc> caribou: thanks!
<caribou> nacc: I thought I had lost the fix when I returned my server but as it happens, I had it in git
<nacc> caribou: nice
<coreycb> jamespage: beisner: hello, python-cinderclient - 1:1.9.0-0ubuntu1~cloud2 is ready to promote to newton-proposed when you have a moment.
<jamespage> coreycb: gotcha
<coreycb> jamespage: thanks
<beisner_> coreycb - did you push cinder in uca already?  lmk if not i can
<coreycb> beisner_: thanks, i think james got it already.
<beisner_> ok cool
<nacc> rbasak: fyi, got good feedback from guido on gbp, i see how to use it 'correctly' now, i'm adjusting my branch with some follow-on commits
<rbasak> Sounds good!
<Epx998> Is there a command to determine a driver version for a module?
<ChmEarl> modinfo nvidia
<ChmEarl> Epx998, modinfo radeon
<Epx998> yeah just found that
<Epx998> having problems with the ixgbe driver
<Epx998> latest from intel works, but thats not whats being shipped with any kernels ive checked so far
<Epx998> ixgbe on this kernel (3.13.0-66) is 3.15 latest from into is 5.13 - quite out of date
<ChmEarl> Epx998, check the BTS for ixgbe bugs. Might want to use the backport (bpo) kernel for your platform. Is it trusty?
<Epx998> ChmEarl: .. no im forced to use 12
<Epx998> but we are converting slowly to 14
<ChmEarl> Epx998, must admit I'm thinking in Debian terms for this
<Epx998> ChmEarl: I think I have a WAR, our netboot is using 3.13.0-32, I am going to build the 5.1.3 ixgbe driver for that kernel and see if I can rebuild the initrd.gz with it.
<Epx998> hmm
<hehehe> helo
<Epx998> yup
<hehehe> is there any sane reason to leave firewall rule all outgoing allowed on?
<hehehe> I dont see why would it be required
<Epx998> then you should remove it
<hehehe> corret
<hehehe> I require 80 443 ssh and mail port
<hehehe> thats it
<hehehe> if it wise to change default ssh port? or no need? cause people can port scan anyway for open ports
<Epx998> then deny all traffic and only allow those ports explicitly
<qman__> changing ports does a whole lot of nothing, in terms of security
<qman__> it's a minor annoyance
<hehehe> qman yep
<qman__> same goes for disabling ICMP echo replies
<Epx998> when I was a DOD contractor, we always used non-standard ssh ports - just cause
<Epx998> better to be caught with a non-standard port than with 22 being used - that way IT cannot blame you :D
<hehehe> fck that logic :D
<Epx998> also couldnt reach the box regardless unless you had a secure vpn tunnel to it directly
<Epx998> im not with the IT BU, we get audited on crap like ssh ports and all that. buh.
<hehehe> there is some russian site that offers free site audit :) I tried it - it scans for phpmyadmin
<hehehe> thats it
<hehehe> but claims to check a lot
<hehehe> well unless it checks without leaving traces in access log but how
<hehehe> https://rescan.pro/
<hehehe> so ok I need - incoming ssh - and both incoming and outgoing 80 and 443 right?
<hehehe> for webserver
<hehehe> or just incoming 80 and 443?
<qman__> just incoming
<qman__> outgoing, you need to allow established connections
<qman__> (if you don't have an outbound accept policy, anyway)
<hehehe> I may need it temporarily to update ubuntu right?
<qman__> yes, you will need outgoing 80 and 443 to patch using apt
<hehehe> I plan to set default outgoing to blocked
<hehehe> allow ubuntu rep IP
<qman__> and would also need to allow incoming established connections
<hehehe> yes I added 22 80 and 443 in incoming
<hehehe> incoming is a bit confusing since they are downloading data so seems but yes they are coming
<hehehe> *incoming
<hehehe> ufw status command dont show if all outgoing are allowed or not?
<hehehe> so far it displays rules I made
<hehehe> also does it make sense to chroot jail nginx?
<hehehe> or not
<hehehe> I run webserver where all files are owned by root and group can only read files :D
<hehehe> and php is under www-data which is www-data group member
<hehehe> some trick with | to auto add all servers from sources list to allowed? :D
<hehehe> saves typing
<hehehe> qman__: its important for auto security updates
<hehehe> :d
<Epx998> any decent how-to's on creating a .deb from scratch?
<hehehe> https://askubuntu.com/questions/1345/what-is-the-simplest-debian-packaging-guide
<hehehe> ufw allow from xxxxx to any port 993
<hehehe> what does any stands for?
<hehehe> from external ip to any server ip?
<hehehe> on port 993
<hehehe> also ubuntu servers that host repositories
<hehehe> do they change their ip addrresses?
<tarpman> Epx998: https://www.debian.org/doc/manuals/maint-guide/
<tarpman> Epx998: and https://www.debian.org/doc/devel-manuals generally
<hehehe> from to is same as in anywhere?
<hehehe> and from anywhere to xxx is same as out anywhere?
<Epx998> thats beyond me, creating a deb
<tarpman> Epx998: believe in yourself
<hehehe> I concur
<hehehe> I can do it too
<hehehe> it just time and action
<sarnold> maybe steal the gnu hello package and start there? there might be simpler packages .. but I can't off-hand think of one
<hehehe> time*action=result
<hehehe> sarnold:  heya
<hehehe> sarnold:  heya
<sarnold> good afternoon hehehe :)
<hehehe> sarnold: https://pastebin.com/tR2FgmgD
<hehehe> looks right? :D
<hehehe> allow in http and https and mail out
<hehehe> and mail in
<hehehe> plus yes I added 22 for ssh
<sarnold> hehehe: you'll probably want to allow tcp and udp 53 in and out
<hehehe> what for?
<hehehe> dns
<hehehe> I need dns out to update ubuntu
<hehehe> but why in?
<sarnold> just to make sure you get dns replies, heh
<hehehe> what do u mean?
<hehehe> usually if I sent say curl or wget I need dns out
<hehehe> if I dont use ip
<hehehe> but in ?
<sarnold> I don't know linux firewalling real well. I don't know if you need to go out of your way to say "dns outgoing requests and the responses"
<hehehe> they are required
<hehehe> :)
<hehehe> else how will it resolve domain name?
<hehehe> and it seems ufw allows both tcp and udp
<hehehe> will check soon in iptables
<hehehe> yep it foes
<jdstrand> ufw will do different things under different circumstances. if you are using an app rule (allow Bind9), it will use the protocols defined in it, if you use the simple syntax (allow 53) it will allow both tcp and udp. you can specify the protocol in the simple syntax (allow 53/udp)
<jdstrand> you can also reference services in /etc/services, and it'll use the protocols there (allow smtp)
<jdstrand> then there is the fuller syntax which has the 'proto' option. it operates like the simple syntax and will allow both tcp and udp if unspecified
<jdstrand> (all this is in man ufw)
<sarnold> jdstrand: does ufw go to some effort to enable conntrack replies if you e.g. allow dns out does it conntrack dns replies in too?
<jdstrand> sarnold: ufw uses connection tracking, yes. ufw by default does not do egress filtering (configurable)
<jdstrand> you typically don't need to do outbound rules unless you enable egress filtering with 'ufw default deny outgoing'
<sarnold> jdstrand: I think hehehe's ruleset did have that
<jdstrand> 'ufw status verbose' would say for sure
<jdstrand> so yeah, if you enable egree filtering, you need the out rules
<jdstrand> ufw allow out 53
<jdstrand> egress*
<jdstrand> connection tracking will be in effect there too
<sarnold> cool :) definitely uncomplicated :)
<jdstrand> it tries to be :)
<Epx998> how amazing would it be if netboot also shipped with an all inclusive initrd.gz /sigh
<hehehe> i did ufw man an all this stuff werent there :D
<hehehe> also digital ocean tutorial dont mention ot
<hehehe> it
<hehehe> also http://rdstash.blogspot.com.ee/2013/09/allow-host-with-dynamic-ip-through.html
<hehehe> updates domains ip in iptable
<hehehe> jdstrand: what does egree means?
<sarnold> typo for 'egress'
<hehehe> ok :)
<hehehe> sarnold:  I added rule for 53 update all yet to work :)
<hehehe> also nice $ sudo ufw rule comment 'my cool comment here'
<hehehe> if only girls on dating sites knew linux
<hehehe> :)
<Epx998> is there a trick to adding a compiled driver to a netboot initrd.gz?
<sarnold> Epx998: guessing here, could you use update-initrd once you've got /etc/modules populated correctly, and then copy the generated initrd back to the pxe tftp machine?
<Epx998> hmm
<hehehe> folks -  sudo ufw reject 22 comment 'No Hacking Allowed'
<hehehe> :)
<hehehe> ufw can serve commens when connection is rejected
<Epx998> sarnold: when I tried that method before, preseed and other things did not work - havent used update initrd tho, ill give that a try
<sarnold> hehehe: probably those comments are simply placed into the generated ruleset without any influence on network packets at all
<sarnold> Epx998: ohhh :(
<hehehe> they will see them
<Epx998> sarnold: normally I expand the initrd.gz, add the udeb i need, then i re-create it.  I havent tried with the systems initrd
<hehehe> The deny syntax simply ignores traffic. If you want let the sender know when traffic is being denied, rather than simply ignoring it, use reject syntax:
<hehehe> do this guys change IP sometimes?
<hehehe> https://pastebin.com/wZWBev69
<hehehe> my plan is to add them each with 80 and 443 out
<hehehe> or can I set update all to use only https?
<hehehe> to null any potential mitm
<hehehe> also is this right?
<hehehe>     â "origin=Debian,codename=${distro_codename},label=Debian-Security";_____
<hehehe> variables for security auto update
<hehehe> :)
<hehehe> does not seems like it since it said debian or...
<hehehe>     sudo dpkg-reconfigure -plow unattended-upgrades
<Epx998> ya'll still talking about firewalls?
<hehehe> yes
<hehehe> last bits
<hehehe> Exec: any ideas?
<hehehe> thing is once its all working
<hehehe> even if there is any malicious code
<hehehe> it can do nothing
<hehehe> it wont even be able to connect out :D
<tarpman> hehehe: http for ubuntu mirrors is fine because the sources are all signed and validated with GPG
<hehehe> tarpman: and how does ubuntu verifies it?
<hehehe> it verifies signature while applying updates?
<tarpman> hehehe: man 8 apt-secure
<hehehe> ty
<hehehe> tarpman:  will those strings catch ubuntu security updates?
<hehehe>     â "origin=Debian,codename=${distro_codename},label=Debian-Security";_____
<hehehe> just want to make sure, since some tutorials arent always right
<tarpman> hehehe: ubuntu repositories do not use "origin=Debian"
<hehehe> https://www.howtogeek.com/204796/how-to-enable-automatic-security-updates-on-ubuntu-server/
<tarpman> hehehe: the ubuntu-server installer normally sets up a sane unattended-upgrades config for you. maybe dpkg-reconfigure unattended-upgrades would help. not sure, please read its postinst and see
<tarpman> hehehe: please do not trust random blogposts on the internet.
<hehehe> yes
<hehehe> well I run command you suggested
<hehehe> and its same
<hehehe>   â Please specify a value for the unattended-upgrades Origins-Pattern.                                         â
<hehehe> and then debian blabla
<tarpman> hm
<tarpman> I distinctly remember a part in the installer where it asks which (if any) upgrades install automatically
<tarpman> maybe installer magic
<tarpman> hehehe: https://help.ubuntu.com/community/AutomaticSecurityUpdates
#ubuntu-server 2017-07-07
<hehehe> hmm
<hehehe> also Err http://mirror.pw trusty/main amd64 Packages
<hehehe>   400  Bad Request
<hehehe> that does not seems like any legitimate mirror site
<hehehe> and i see thats while 16.04 box is poodle safe 14.04 is not https://access.redhat.com/articles/1232123
<hehehe> https://access.redhat.com/security/cve/CVE-2014-3566
<hehehe> but I did not had any redhat stuff
<hehehe> lets encrypt certbot maybe?
<hehehe> https://www.youtube.com/watch?v=ghJ6yAtnyg8
<hehehe> ok done
<cpaelzer> good morning
<lordievader> Good morning
<hehehe> heya
<hehehe> lordievader:  will it work to tar dir and all thats in it?
<hehehe> tar cvpzf put_your_name_here.tar.gz .
<hehehe> including . files
<hehehe> hey pekkari
<pekkari> hello
<lordievader> hehehe: yes, tar can compress entire directories.
<ahasenack> rbasak: around?
<ahasenack> cpaelzer: you?
<rbasak> ahasenack: o/
<ahasenack> rbasak: hey, workflow question :)
<rbasak> Sure!
<ahasenack> rbasak: http://pastebin.ubuntu.com/25038821/ lines 7 (adds the patch) and 5 (removes it)
<ahasenack> rbasak: in this case, the upstream fix was different than the patch, so I don't get a conflict during the merge
<ahasenack> rbasak: how would I "cancel these out"? Where would I put the "empty commit"?
<ahasenack> I just drop bc595c3 during rebase, and e4cf75b becomes the empty commit about the drop?
<ahasenack> that's git log, btw, not git rebase (the pastebin)
<ahasenack> so read it from bottom to top
<ahasenack> I can push the branch if you prefer
<rbasak> ahasenack: I would drop both commits during a rebase and make a note elsewhere that you've dropped it, for noting in the changelog when you prepare it later.
<rbasak> ahasenack: oh, hang on
<rbasak> ahasenack: which step are you on exactly?
<ahasenack> rbasak: I rebased on new/debian
<ahasenack> that's the bit that drops the patch
<ahasenack> I'm just before merge-finish
<rbasak> ahasenack: so the commit in line 5 is the inverse of the commit in line 7?
<ahasenack> yes
<rbasak> I think you've gone too far ahead.
<rbasak> I'd expect those to not appear at all when viewing the logical tag.
<ahasenack> I only detected that this patch is unecessary after getting the new package version
<rbasak> Drop them while preparing the logical.
<rbasak> Because logically they aren't there.
<ahasenack> well, I didn't know that at that time
<ahasenack> during logical I still didn't have the new samba version
<ahasenack> at the samba version where the logical tag is added, that patch is necessary
<rbasak> Oh
<ahasenack> it's a case of "fix applied upstream, but in a different way"
<rbasak> So logically it was there for that previous version, and the dropping of the patch didn't exist?
<ahasenack> right
<rbasak> OK, sorry.
<ahasenack> the dropping came as a consequence of updating the package to a new upstream version
<rbasak> So rebasing onto new/debian was successful, and still included that patch, but that causes the patch to no longer apply?
<ahasenack> but upstream took another approach to the fix
<ahasenack> no, the patch applies
<rbasak> But the patch is now wrong?
<ahasenack> but given that upstream fixes in a very different way, the patch is incorrect now
<ahasenack> yes
<rbasak> I see.
<ahasenack> I'm full of corner cases :)
<ahasenack> this is all about how it appears in d/changelog :/
<ahasenack> so much work for that
<ahasenack> the way it is now, merge finish adds the patch in "remaining changes" and under "* Drop:"
<rbasak> I think the commits you have are correct then, and no need to change them.
<rbasak> And you'll need to fix up the changelog by hand. I'm not sure tooling can ever be capable of understanding this kind of thing. Too many edge cases.
<ahasenack> nish watches the commits vs changelog lines like a hawk :)
<rbasak> As for how to do the changelog, I think it's subjective and I'd accept anything that explains it unambiguously, accurately and without misleading.
<rbasak> I would probably not mention it in any standard section, but add a separate bullet explaining exactly what happened.
<ahasenack> I'd would just remove it from "remaining changes" in d/changelog and leave the "Drop" entry with the explanation
<rbasak> That's fine too
<ahasenack> this is how it shows up under * Drop:
<ahasenack>         - d/p/winbind_trusted_domains.patch: the correct fix was committed
<ahasenack>           to upstream in https://github.com/samba-team/samba/commit/e084c423
<ahasenack>           [ the correct fix was committed to upstream in
<ahasenack>             https://github.com/samba-team/samba/commit/e084c423 ]
<ahasenack> which I just see is duplicated
<rbasak> I suppose it is straightforwardly a drop!
<rbasak> (in the end)
<ahasenack> I'd restore the original message that adds the patch,
<ahasenack> and leave the [ explanation ]
<rbasak> I think that's fine
<ahasenack> ok, thx
<jdstrand> hehehe: hey, went offline. re egree> typo. meant 'egress' (ingress filtering is incoming, egress is outgoing)
<jdstrand> hehehe: oh, I see s arnold already responded :)
<Epx998> Day 2 of trying to get my netboot initrd.gz created with everything i need
<pmatulis> does an SSH login decrypt home directories (encryption option available during ISO install)? providing, of course, you've implemented a workaround for SSH login for encrypted home!
<dpb1> what? :)
<nacc> pmatulis: i think not by default, it needs some tweaking
<nacc> pmatulis: see "Troubleshooting" at https://help.ubuntu.com/community/SSH/OpenSSH/Keys
<nacc> pmatulis: basically, setup your keys to be outside the home dir
<nacc> pmatulis: if so, then (i believe) pam will unlock your home dir
<pmatulis> nacc, ok thanks
<nacc> the i believe being for pam being the mediator of that decrypt, i'm not 100% on if it is
<pmatulis> right, me either, hence my question
<Epx998> Is there a way to change the default kernel installed from netboot?
<nacc> Epx998: installed or used to netboot?
<Epx998> nacc: I changed the kernel used in in netboot, but I am seeing whats installed is different, older.
<nacc> Epx998: you'd need to presumably do it manually -- unless you mean you're using a newer ubuntu kernel?
<Epx998> nacc: maybe the mirror its installing from is old
<nacc> Epx998: could be
<Epx998> nacc: I was hoping that whatever kernel I used in my netboot would be installed to the server, but I was wrong there.
<nacc> Epx998: no, they are unrelated
<nacc> Epx998: you would need to preseed that, if you want it
<Epx998> nacc: that is what we were doing, was hoping to eliminate that step.  Do you know if the latest ubuntu mirrors used the latest kernel thats available for the distro?  or is a set kernel used regardless?
<nacc> Epx998: well, they should be current, but you would also need to make sure you're telling your install to update from the mirror (there's a distinction between grabbing the iso files over the network when netbooting and performing upgrades after install)
<Epx998> hmm
<Epx998> nacc: you mean just an apt-get upgrade in late commands or something?  I do not see anything updates looking in the d-i options.
<nacc> Epx998: i'm not 100% right now (and working on some other stuff)), but iirc, there is a prompt in the interactive install like 'download updates during install?'
<Epx998> nacc: not shown in the preseed d-i options, I am not setting it and its not asking.  Ill test against an updated mirror and see what that gets me
<nacc> Epx998: i mean, it should be pretty easy to preseed (as a late-command) something like `sudo apt update; sudo apt full-upgrade; sudo apt autoremove`
<nacc> Epx998: i thought the updates was preseedable, but maybe it's not (or maybe it's only a prompt on the desktop iso)
<Epx998> ha while downloading installer components, I get the message "no kernel modules found because installer is using a kernel version different from whats available in the archive" sheesh
<nacc> Epx998: yeah, that can happen with using a custom kernel
<Epx998> nacc: I just used 3.13.0-66 on the installer, guess i can try older.
<Epx998> guess I have to do this with 3.2.0-23-generic
<nacc> Epx998: 12.04?
<nacc> -66 seem like it's neither 12.04.5 or 14.04.1
<Epx998> sadly.. by end of summer we'll finally be on 14
<Epx998> I am using 3.13.0-66 on the installer
<tarpman> Epx998: there are installers with HWE kernels included, aren't there? you shouldn't need to roll your own
<Epx998> tarpman: not sure, I am just trying to match the installer with what I end up with
<tarpman> Epx998: ubuntu-12.04.5-server-amd64.iso is running 3.13.0-32-generic
<Epx998> tarpman: we have some new servers with intels x550 10gb cards, that need an more uptodate ixgbe driver, was hoping to build it into the netboot first and see the installer would transfer it over (if the start/finished) kernels matched.
<coreycb> cpaelzer: fyi https://launchpadlibrarian.net/327345908/libvirt_2.5.0-3ubuntu10_2.5.0-3ubuntu11.diff.gz
<tarpman> Epx998: oh, yeah. nacc's right, there's a preseed to tell it whether to install the original kernel or a HWE one. let me see if I can find that
<tarpman> Epx998: or do you mean something even newer than -32?
<Epx998> tarpman: I am using something newer, but I can use any version really
<Epx998> I was trying to 0-66 since that was seemingl the latest, aside from the jump to 117
<Epx998> tarpman: end goal is to get my compiled 5.1.3 ixgbe driver into the installer and os kernel modules, so far the driver seems to compile fine regardless - so any kernel can be used, though we run 0-44 or later on our build servers
<Epx998> I see the installer deploying 3.2.0-92, so this mirror must be old that its using.  i dont know who maintains it, to get it updated either.
<tarpman> Epx998: did you try a HWE netboot image i.e. http://archive.ubuntu.com/ubuntu/dists/precise-updates/main/installer-amd64/current/images/trusty-netboot/ ? I *think* that ought to both boot and install the trusty HWE kernel
<Epx998> let me check
<tarpman> note that's /trusty-netboot/ not /netboot/
<Epx998> I see its in the precise-updates, so its a trusty netboot that deploys precise?
<tarpman> it's a precise netboot running the trusty kernel
<tarpman> or rather the lts-trusty kernel.
<Epx998> oh nice
<Epx998> ill test it out, afk for lunch
<sarnold> mm lunch
<tarpman> I think that ought to work. the preseed in there is
<tarpman> # If we're booting using the backported Trusty kernel, install it too.
<tarpman> d-i	base-installer/kernel/altmeta	string lts-trusty
<tarpman> which is the incantation I was trying to remember
<tarpman> been a few years since I had to think about netboot stuff :)
<Epx998> ok let me check this out\
<Epx998> ah ok the 3.13.0-32-generic kernel
<Epx998> oh hey - this has an updated version of the ixgbe driver
<Epx998> 5.0.5 this might fix all my issues
<Epx998> its also installing the 3.13.0-66 kernel
<Epx998> hmm the final deploy has an older ixgbe driver, while it appeared netboot has a newer
<Epx998> datascenter visit to test further
<tarpman> that doesn't make any sense
<Epx998> guess i was wrong, ixgbe is still the old 3.15
<Epx998> this driver that ubuntu is shipping is from 2013
<sarnold> quite the surprise that a disitrubtion from 2014 is shipping a driver from 2013 :)
 * sarnold runs
<sarnold> seriously though, no luck with the trusty HWE installers? :(
<hehehe> helllo sarnold
<sarnold> afternoon hehehe
<hehehe> is there any sense in auditing changes in files?
<hehehe> wont attacker disable it and delete logs?
<hehehe> @tracing attack to see how it was done
<hehehe> to fix holes
<sarnold> hehehe: most sites ship audit logs and syslog and so forth off to a log server
<hehehe> yes
<hehehe> however if say someone gets in
<hehehe> all you see is ip connection hmm
<hehehe> on a certain port
<hehehe> ok I am wrong
<hehehe> if there is some exploit - before attacker gets root he would need to modify some files right?
<sarnold> sometimes
<hehehe> but then logs have to be shipped every 3 seconds
<sarnold> continuously, not batched
<hehehe> else if logs are shipped say once per hour attacker can delete them
<hehehe> you mean every update is send as it happen?
<hehehe> *sent
<sarnold> yes
<hehehe> ok that makes sense
<hehehe> sarnold: what you mean by sometines
<hehehe> sometimes
<sarnold> not all exploits require modifyign files
<hehehe> ok 1 would be guessing root passd
<hehehe> passwd
<hehehe> what else?
<hehehe> root passwd guessing can be traced via syslog
<hehehe> I can send you some blackberries by post :D
<hehehe> I have some some here
<hehehe> they are way nicer than bluberries
<hehehe> and what if I use https://subgraph.com/sgos/ and install nginx  on it - making it a server
<Epx998> sarnold: its using a old version of the ixgbe driver.
<hehehe> folks question is - can all exploits be analysed and understood via audit logs?
<hehehe> and yes how to set them up in a such way :D
<sarnold> Epx998: which one, the original trusty kernels or even the HWE kernels?
<hehehe> i might make fake crypto coins exchange
<sarnold> Epx998-: which one, the original trusty kernels or even the HWE kernels?
<hehehe> as honeypot :D
<Epx998-> sarnold: I used the netboot installer that I was pointed to
<Epx998-> sarnold: maybe I missed something that was said?
<sarnold> Epx998-: I had just hoped that e.g. 14.04.5 installer would have an updated-enough driver for you; you'd stand a chance anyway..
<hehehe> sarnold: u dont now?
<hehehe> know :D
<Epx998-> sarnold: yeah it was running 3.15 which is the same as the older precise kernels
<Epx998-> I thought I had seen a 5.0.5 version, but during the install I loaded the ixgbe driver and it was the old one
<sarnold> hehehe: no, I don't know, I only have one 10gb nic in the house, so finding the best drivers for it isn't exactly a priority. :)
<Epx998> a bit frustrting - id think adding in a self compiled driver to netboot wouldnt be as undocumented as it is
<Epx998> im kind of curious as to if 16 has an updated driver
<hehehe> sarnold: what drivers!
<hehehe> :D
<hehehe> sarnold: I asked about setting audit logs in a way that detects all exploits
<hehehe> 100% :D
<sarnold> hehehe: oh I thought you asked about Epx998's problem
<hehehe> nooo :D
<Epx998> :D
<sarnold> Epx998: does this help? it's from a random xenial kernel, not necessarily an installer kernel.. http://paste.ubuntu.com/25041712/
<hehehe> whats the hardware details?
<hehehe> sarnold: so do u know or you dont? :D
<hehehe> and where are da rest of the people? in the bar? :)
<sarnold> hehehe: it's impossible to write tight-enough audit rules to find all exploits
<hehehe> sarnold: can you explain logic behind this statement?
<Epx998> xenial ships with 4.x, latest from intel is 5.x
<hehehe> to me it seems possible - we need to break all exploits in classes
<hehehe> then its easier to analyse
<sarnold> hehehe: it's a hunch based on the turing halting problem
<hehehe> hunch...
<hehehe> I prefer 100% logic
<hehehe> to gain root access - people need to login to the server - so there will be login record with some ip - them something will happen
<hehehe> time stamps can match stuff
<sarnold> your view of 'root access' is too limited :)
<hehehe> well go ahead and contribute
<hehehe> instead of saying its impossible
<hehehe> 100% hack proof server is reality I think
<hehehe> but having said that btc-e.com got hacked many times but mostly minor hacks
<hehehe> at very least I do have ideas - replicate database often
<Epx998> I can hack proof any server
<Epx998> <unplugs power>
<hehehe> u are such sceptical people
<hehehe> both of u :D
<Poster> I would say you are irrationally optimistic
<hehehe> well it can only be determined in a course of detailed howto discussion
<hehehe> else its guesssing
<hehehe> for example ubuntu 16.04 + html page
<hehehe> hack than is tricky
<hehehe> nginx did not have any zero days yet
<hehehe> so nginx can be added
<hehehe> maria db I am not sure if they did had zerodays exploits
<Poster> you're going under the assumption that all vulnerabilties are widely known, which is not always true
<hehehe> I know they are not known widely
<hehehe> and some folks wont disclose them
<hehehe> I did ask some hackers around too :)
<Poster> how is it you expect to protect yourself from a vulnerabilty that you nor the software vendor is aware of?
<hehehe> one insisted he can hack into almost any site
<hehehe> Poster: pay company IT guys to check code
<hehehe> security audit in house
<Poster> yeah that gets done by many, but that team cannot find nor imagine everything
<sarnold> defenders need to be perfect every time
<sarnold> attackers just need to get lucky once
<hehehe> like me
<hehehe> well perfect logic :D
<hehehe> and then they cant get lucky ever
<dpb1> solution: 1) become and attacker 2) ??  3) profit!
<Poster> I think your logic is flawed with perceptions of infallible programmers and/or code auditors
<hehehe> well crypto currency exchanges need to have hot wallets
<hehehe> coinbase and bitrexx and btc e hot wallets werent breached
<hehehe> they would be amongst top wanted targets
<Poster> you can certainly run with it, but assuming you are capable of perfection is not a good mindset if you are protecting anything important
<hehehe> no need to assume, have to have a logical tested solution
<Poster> you're assuming you can think of everything
<hehehe> that may be fact
<hehehe> i dont know yet
<hehehe> but as I said no  one hacked coinbase
<hehehe> how are they doing it?
<Poster> probably many layers of security, monitoring and dilligence about keeping services updated
<Poster> intrustion detection/prevention
<hehehe> i would say monitoring probably
<hehehe> and intrusion monitoring live
<Poster> there's no magic switch you flip
<sarnold> monitoring may be enough to let you write a really nice post-mortem when you apologize to your users
<hehehe> sarnold: coinbase is not hacked
<hehehe> :P
<Poster> I don't see how that means they only monitor
<hehehe> unlike swiss cheese sony
<sarnold> nor would I be bold enough to ever make that claim about any service anywhere ever
<nacc> yeah, what are you basing that off of, hehehe ?
<nacc> a good hack is undetected still, possibly
<hehehe> hot wallets - blockchain cant be altered
<Poster> and for all we know they have breakins constantly but their layers of protection and monitoring stops them before they get too far
<hehehe> if hot wallet is accessed - blockchain will show it
<hehehe> and they cant alter blockchain easily :D
<hehehe> or - if any site can be hacked - maybe do min security and thats it?
<hehehe> also for example in ecommerce setup - payment gateway can allow auth only transcations
<Poster> it's just a matter of finding a weakness somewhere, it could be server code, it could be dynamic code on a website, it could be a service unknowingly left open, it could be a default password somewhere
<Poster> If you aspire to be in information security professionally, your current attitude will probably not let you be hired
<hehehe> then u have to login to payment gateway site with factor 2 and manually approve charge :D
<hehehe> lol hired?
<hehehe> i simply want to secure boxes - 0 to do with been hired
<Poster> assuming 2 factor authentication will keep someone out is also not a good assumption
<hehehe> it cant be breached
<hehehe> if you use old - not smart phone
<hehehe> :)
<hehehe> unless they use fake mobile mast
<Poster> you're assuming that there is no vulnerability in the authentication system AND no other vulnerable service on the authentication system
<Poster> or some other way in
<Poster> I hope you bring your head out of the clouds
<nacc> "cant be breached" is such bravado and has been proven false in the field so many times
<Poster> best of luck
<hehehe> Poster: ok fair enough
<hehehe> but in coding and i dont know much about coding yet - they should be absolute logic?
<hehehe> like print hello world
<hehehe> that cant be hacked
<hehehe> idea is to have code that follows absolute logic
<nacc> if you mean the resulting binary
<nacc> and it's written in C
<nacc> and someone has already rooted your system, they can do all sorts of fun stuff
<hehehe> maybe write code  in assembler then
<hehehe> all of it
<nacc> hehehe: ok, i think you're (again?) trolling a bit
<hehehe> dude I am sure there is code that is 100% logical
<hehehe> and 100% safe
<hehehe> not all and not in all scenarioes
<hehehe> scenarios
<nacc> hehehe: you seem to think security is either already solved or easy; and I don't know why you think that
<hehehe> well why do u think otherwise?
<nacc> hehehe: because neither is true in the real world
<hehehe> for example pgp 100% secure
<hehehe> so already 1 valid example
<nacc> good thing there weren't any security updates to gnupg (hint there were)
<hehehe> or https://null-byte.wonderhowto.com/forum/website-is-never-100-secure-0158383/
<hehehe> :)
<hehehe> well
<hehehe> they should be smarter
<hehehe> so write ideal code
<hehehe> *to
<nacc> hehehe: alright, you are 100% a troll, i'm done.
<hehehe> nah
<hehehe> u just dont get it
<hehehe> like people did not get tesla inventions
<hehehe> in math its absolute
<hehehe> absolute logic is possible mathematically
<hehehe> plus dont u feel interested in such stuff?
<hehehe> many people simply code to get paid - hence bugs
<hehehe> or to get some fame, recognition
<dpb1> you need to start here http://www.infosectoday.com/Articles/Intro_to_Cryptography/Introduction_Encryption_Algorithms.htm, or here https://gpgtools.tenderapp.com/kb/how-to/introduction-to-cryptography
<Epx998> getting very frustrated with this damn driver
<hehehe> for example - if there is 1 version of ubuntuserver
<hehehe> and all volunteers 100% work on discovering bugs
<hehehe> and its not like even top hackers can come up with 0 days exploits often
<hehehe> they may use it and lose it
<hehehe> if they use more than 5 or 6 they may have nothing left :D
<hehehe> collective IQ is power
<hehehe> but many coders want to write new code instead of securing existing one
<hehehe> also AI beat some top chess players - it can also be tasked to analyse all potential holes
<dpb1> you are off in fantasy land now.  hope it's nice there! :)
<patdk-lap> that isn't even the issue
<patdk-lap> the issue is the coders write new code cause they don't know how to secure the code
<patdk-lap> so you get even more insecure code
<patdk-lap> like most things on the web, verify your input data, how many times do we keep having injection vaunerabilities?
<patdk-lap> kindof the same things with buffer overflows and stuff
<Epx998> I think I got it working
<sarnold> yeah?
<Epx998> yeah maybe need to test with netboot on the 10gb card, but i saw the module with the 5.1.3 version of the driver at the kernel netboot post
<Epx998> hmm i can change the interface at d-i
<hehehe> folks
<hehehe> https://diablohorn.com/2017/05/21/quantum-insert-bypassing-ip-restrictions/
<hehehe> :)
#ubuntu-server 2017-07-08
<dais> hi
<lordievader> Good morning
<LSUTiger> I am running the bash shell with Win10 which is Ubuntu.  I am using it as a server for a dev project.  I would like to set up a host name so that I can go to app.domain.dev to test my project instead of localhost:8000.  I added an entry in hosts below '127.0.0.1 localhost' as '127.0.0.1:9=8000 app.flow.dev localhost'. This doesn't seem to work.  Could someone please point me to a resource or give some advice?
<LSUTiger> that should have been 127.0.0.1:8000
<tarpman> LSUTiger: you're confused about multiple things, I'm afraid
<tarpman> LSUTiger: for starters, mapping 'app.flow.dev' to 'localhost' is something you would do on the client (windows) not the server (ubuntu) and therefore off-topic here (but I'll note that windows has its own hosts file)
<tarpman> LSUTiger: mapping port 8000 to port 80 has nothing to do with hosts, or a hosts file, at all. that would be something you'd have to do in the hypervisor; again, a WSL question and off-topic here
<CarlenWhite> Does Fail 2 Ban need two entires for the same service? Because it might've been hamfisted in some time ago but I'm not sure if that was required for some reason.
<ewook> CarlenWhite: generally no.
<CarlenWhite> Thought so. Not sure how it happened but duplicates are removed.
<ewook> got service + service-ddos enabled in jail?
<CarlenWhite> I think the router running DD-WRT has DDOS protection enabled but I'll give it a check.
<CarlenWhite> Nope it doesn't have that as an option. I'll see if I can enable it in the server.
<ewook> odd
<CarlenWhite> Come to it, curious if it would make more sense to enable it on the router than the server since the router is the closest internet facing device.
<CarlenWhite> Aside from the modem that has a busybox shell.
<ewook> will the router be able to intercept it?
<ewook> ah. well.. *_*
<CarlenWhite> Gave a quick check in the config and the only thing I spy is a SSHD-DDOS
<ewook> thats the one. got sshd as well = 2 entries.
<CarlenWhite> https://pastebin.com/mFGuk36T from to https://pastebin.com/BpBgYf2z
<CarlenWhite_Err> Derp
<CarlenWhite_Err> I bounce from my server and I just rebooted it.
#ubuntu-server 2017-07-09
<null_r3f> Can anyone help me understand what software creates the âdisplayâ in the â-display :0â parameter for x11vnc? After changing to the Nvidia proprietary driver my x11vnc server is failing to start at boot. Error references being unable to open âdisplay :0"
<LSUTiger> @tarpman Thank you
<LSUTiger> I thought since the server was running on Ubuntu, the routing would be up to Ubuntu no matter the client
<LSUTiger> I really must be lost
<cpaelzer> coreycb: I already have it with that in the coming merge to artful
<cpaelzer> coreycb: but thanks for the link - I see you added the snapshots
#ubuntu-server 2018-07-02
<lordievader> Good morning
<punkgeek> is there anyway to solve this problem? https://paste.ubuntu.com/p/XKBpjmcHMS/
<lordievader> You might want to check the mysql/mariadb error log to see what the actual error is.
<punkgeek> now i have this error
<punkgeek> https://paste.ubuntu.com/p/fmjmZkG2D5/
<data_> Hi. I'm looking for a tool to get a server up and running repeatably. E.g. I have a clean LTS ubuntu server, which I want to hav A, B and C packages installed, X and Y users created, SSH keys installed, etc etc etc. Are tools like Ansible/Chef/Puppet what I'm looking for? They look very complicated - I'm looking for something very simple. Is my current approach of a bash script the best solution? Thanks for any help.
<blackflow> data_: Start with Ansible. doesn't require any client/server setup, only ssh.
<data_> Ansible seemed really complicated
<blackflow> simpler than writing a bash script which woul dhave to do all the logistics of checking whether files exist, packages are installed etc...
<lordievader> Other automation tool you can look at is Puppet.
<blackflow> which is way more complicated.
<data_> Any tool for editing ansible yml files you could recommend?
<blackflow> any text editor
<data_> I guess I'm looking for something with auto-complete, discoverable modules and all that
<blackflow> like, how complex do you think your set up will grow that you need all that?
<data_> well, not that complex, to be honest - and if this was just a local home server i wouldnt give it a second thought: php (composer), python (pip), postgres, apache, some users, some databases. basically ~20 lines of a bash script
<data_> but it feels "dirty" to do it that way - "there must be a better way!"
<data_> im thinking ansible would be more resistant to things going haywire in the middle of the script and doing lots of weird stuff
<blackflow> well if it's just bootstrapping (imperative, no state), then I suppose a shell script is better.
<blackflow> data_: and the key to that is writing idempotent rules
<blackflow> and those require state checking so something like Ansible is really the best thing to do.
<data_> right, because you tell ansible what you want the end result to be, not what to do (i.e. creating databases)
<blackflow> more or less, yeah.
<blackflow> primarily it is like that yes. you describe a state. but you also describe handlers that trigger when state changes and those are, for example, places where idempotency can break if you're not careful.
<data_> blackflow: here's a an example script of what i'm talking about: https://gist.github.com/iivmok/2c6224fa33a4c4ac51207fa601017514
<blackflow> data_: well if that works for you.... and I'm totally not gonna say anything about running that php -r thing and fetching files to exec, as root :)
<data_> that's from composers installation guide, and it does check the hash of the downloaded script, so i think it should be safe from MITM
<lordievader> The download of the script can't be MITM'ed?
<blackflow> data_: you'll also need   set -e    in that script so it exits when a command fails. see, logistic requirements start to pile up if you want it done properly. just use Ansible ;)
<data_> lordievader: if understand that line right, it removes the composer-install file if it fails a hash check
<lordievader> data_: No, you are saying that because the script checks the hash of a downloaded file you should be fine against MITMs. But what if the script has been tempered with while you where downloading through a MITM attack? (I know very theoretical).
<blackflow> btw why are you using php for things like unlink....
<blackflow> this it TheDailyWTF material :)
<data_> blackflow: as I said, that's from the composer installation docs - theres a link in the comment there
<data_> here https://getcomposer.org/download/
<blackflow> that's so much full of fail.....
<data_> should've used the script from here: https://getcomposer.org/doc/faqs/how-to-install-composer-programmatically.md
<data_> but that's beside the point
<data_> blackflow: eh. your perl is my python is their php. i mean sure, rm would be more portable, but i don't remember a builtin md5 tool in *nix
<blackflow> well, not blindly running stuff found online is one of the steps toward proper server maintenance :)   Have to be harh. Unfortunately we live in the age of IT pwnage, massive data breaches, infosec-pocalypse :)
<blackflow> *harsh
<blackflow> md5sum
<blackflow> also sha384 sum, if you really want that one.
<blackflow> but anyway... what I would do there, with Ansible, is prepare all such files in the config repo itself, not download ad-hoc on the machines.
<data_> blackflow: why blindly? it does check for the hash, and i mean, it has to start somewhere. if its not in the distros ppa, its all as unsafe
<blackflow> beside better security, you also make sure that all the machines are running exactly the same setup procedure.
<data_> any npm/pypa/packagist package could be compromised
<blackflow> technically so can distro repos
<blackflow> but really, that's why you downlaod those files yourself, chekc them, test them, and upload to the server for use. with Ansible, that's very easy to do.
<RoyK> blackflow: md5 has been cracked years ago
<blackflow> RoyK: that's why we use sha, yes.
<blackflow> (256 or better)
<RoyK> sh512 is good - and faster than 256 on 64bit machines
<blackflow> though I have yet to see a viable misuse of md5 for checksum validation. that's quite different from crypto where all the collisions make md5 very bad choice for, say, password hashing.
<DirtyCajun> my nfsd is running 16 threads on a 16 thread system and i am sitting at a 18 load often. Should i increase the threads or decrease the threads to remedy?
<compdoc> 18% cpu use, or aht?
<compdoc> what
<DirtyCajun> nono. 18 load on a 16 core server
<DirtyCajun> so about 120% load
<compdoc> whew
<DirtyCajun> but low cpu/ram utilization. its all nfsd waiting to do stuff
<DirtyCajun> pretty low iowait too
<dlloyd> where is the time spent if iowait is low?
<DirtyCajun> its all nfs threads waiting
<DirtyCajun> ps -e v shows the stat for all the threads as D
<DirtyCajun> and thats uninterruptable sleep. man page says (usually IO) but io_wait is low like i said before
<dlloyd> then there doesn't seem to really be an issue? loadavg is a composite metric that doesn't necessarily correlate to an 'overloaded' system
<DirtyCajun> you dont see an issue with a loadavg metric above the threadcount of your system?
<DirtyCajun> ive never heard that opinion in my 20 years in the industry (not saying that agressively just saying)(
<blackflow> DirtyCajun: btw is it 16 thread or 16 core system?
<dlloyd> it entirely depends on the workload. unless there are metrics indicating either processing delays or latency in handling requests, i would say that its not actionable. without knowing more about the precise state of the threads, i would say if you want to reduce the load average, reduce the count of threads. no idea what impact that will have on the performance
<DirtyCajun> 2 4core 8thread systems
<DirtyCajun> s/systems/system
<blackflow> 2 x 4 core HT cpus, right?
<DirtyCajun> dlloyd, i would agree with you and that was my initial thought, but everything online seems to say to increase which is why i hopped on here in the first place haha
<DirtyCajun> blackflow, yes
<dlloyd> state D is counted against 'running' in load average calculation, but isn't necessarily consuming actual cpu time
<dlloyd> right, i was saying if you want to game load average down vs handling more throughput/connections
<RoyK> DirtyCajun: how much of the load is I/O wait?
<RoyK> DirtyCajun: sar/systat or top or whatever will tell - I guess it's most of it
<DirtyCajun> So after upping the threads to 64, it looks like the load has gone down to 10ish out of 16
<DirtyCajun> i do see that context switches are really high (ctx_sw). LIke 100K of them
<steve3245> Anyone running critical production web-facing servers....do you use ufw  or manually set rules with iptables directly?  other?
<steve3245> **for establishing host firewall rules
<_KaszpiR_> steve3245 firewalld
<steve3245> _KaszpiR_, from fedora-land?
<_KaszpiR_> or plain iptables or ferm
<steve3245> _KaszpiR_, do you administer ubuntu and fedora-derived servers?
<_KaszpiR_> both
<_KaszpiR_> (well it's centos, not fedora but close)
<steve3245> (a second question i'm looking into now is if i can develop a unified approach to firewalling centos/debian/ubuntu machines)
<steve3245> right
<steve3245> i like just using plain IPtables on centos
<whislock> firewalld.
<steve3245> but i didn't know if that is a kind of lame hack for ubuntu best practices
<_KaszpiR_> at first I was not happy with firewalld till I just beat the shit out of it and started to like it
<whislock> Honestly, unless you're extremely good at firewalls, you shouldn't be mucking with iptables directly.
<_KaszpiR_> there are some pretty decent things in it
<whislock> I know a lot of people will disagree with me, but I've seen a lot of large security holes left open or created because people wanted to directly manipulate iptables.
<steve3245> I'm no expert but what i like about plain IPtables is i just basically set default DENY on incoming, and then add very restrictive incoming allow rules
<_KaszpiR_> do you hhave WAF (web app firewall wich actually filters out and validates requests before they reach application)?
<steve3245> not at this time
<steve3245> possibly in the future but we are kind of a small shop
<_KaszpiR_> then don't spend too much time on firewall
<steve3245> most of this stuff is just LAMP type servers etc
<_KaszpiR_> most attacks are just on app layer itself
<_KaszpiR_> such as exploiting app vunerabilities
<steve3245> i hear you - we got owned recently due to web devs not keeping drupal updated
<steve3245> ~10 compromised sites
<_KaszpiR_> where's your firewall now? :D
<steve3245> haha
<_KaszpiR_> ssure it's good practice to fliter unwanted stuff as close to the source as possible
<steve3245> Yes I think they were all "drupalgeddon" attacks....it looks like all it took was someone stuffing some bogus strings into a URL and they had write permissions to the webroot dir  sigh
<steve3245> I will look into that
<steve3245> is that some kind of hardware appliance you run?
<_KaszpiR_> I'd rather focus on processing logs and adding something like fail2ban on too many errors for given app
<steve3245> yes i'm definitely hoping to get fail2ban going on these soon
<steve3245> i inhereted a fair amount of kind of not so well kept servers
<steve3245> and just trying to tidy them up a bit
<steve3245> do you know if fail2ban directly depends on my using any particular firewall?
<steve3245> (related to my earlier question about ufw/iptables/firewalld)
<_KaszpiR_> otherwise just making very strict rules for web servers of what is acceptable by the app (this may be tricky but usually boils down to what kind of requests are allowed, what vars are allowed with what kind of type, for example page can be number only) - usually iuts just a lines and lines of regexp rules ;)
<_KaszpiR_> fail2ban can run with different stuff, by default it talks with iptables by creating dedicated rules which it manages
<whislock> Consider snort/suricata.
<steve3245> yes i'm looking into running snort also to keep eyes on network stuff
<steve3245> what is flying around the network
<steve3245> do you need realy fast hardware to run that?
<whislock> No.
<_KaszpiR_> nope
<steve3245> it sounded like it needed a dedicated bare metal fast CPU host
<whislock> But it's not just network stuff. IDS can alert/IPS can mitigate some app exploits.
<steve3245> oh awesome
<whislock> Depends on the engine, the rules its fed, etc.
<steve3245> yeah i'd love that....it sounded like it could inspect packets and notice "bad" signatures flying around and alert in real time?
<steve3245> like "hey this tcp header looks like you might have some ransomware stuff in the network"?
<whislock> It's more interested in the content than in TCP.
<steve3245> great - are you using snort now in production
<whislock> "This request coming into your web server looks like a SQL injection attack" kind of idea.
<steve3245> oh awesome
<steve3245> yes after this recent drupal incident i'm hoping to be a little more proactive in the future
<steve3245> and not depending on the web devs to keep drupal updated
<_KaszpiR_> 'nah that the devs that made a typo' ;D
<steve3245> hey i'd rather have false alerts than not know :]
<whislock> Snort is the most widely deployed IDS/IPS engine in the world.
<whislock> It's maintained by Talos - Cisco's threat intelligence arm.
<whislock> https://www.talosintelligence.com/snort
<whislock> I was using it for my house, before my employer transitioned me to Palo Alto firewalls.
<steve3245> thanks I will check it out
<steve3245> appreciate the input whislock and _KaszpiR_
<_KaszpiR_> there is one more thing you may consider
<whislock> Zoom.
<_KaszpiR_> https://en.wikipedia.org/wiki/Open_Source_Tripwire
<_KaszpiR_> for validating files on host, so that you can detect if file signatures change
 * trippeh_ trips
<trippeh_> clear
<trippeh_> nm, I'm not tripwire on this IRC network it turns out
<oerheks> info suckless-tools
#ubuntu-server 2018-07-03
<lordievader> Good morning
<OlofL> Hello how do I run an ntp server properly ?
<OlofL> https://paste.ubuntu.com/p/BQdCbWDHj6/ time seem to sync down to my server. but noone else can query me. tcpdump and I see requests coming in. firewall is off
<OlofL> https://paste.ubuntu.com/p/32zHCpxshG/ systemctl status ntpd its running
<blackflow> OlofL: ntp.conf is deliberately blocking queries from outside due to vulnerabilities inherent in the protocols. Check that. I don't know more because I never ran a stratum like that, only clients.
<blackflow> OlofL: also timedatectl is relevant when systemd-timesyncd is in use, which shuts off when you install another ntp service like you did.
<ahasenack> rbasak: hi, around?
<rbasak> o/
<ahasenack> rbasak: hi, about samba and libldb. ldb is stuck in migration for quite some time http://people.canonical.com/~ubuntu-archive/proposed-migration/update_excuses.html#ldb
<ahasenack> the reason is it needs a samba rebuild
<ahasenack> rbasak: I'm not uploading my samba 4.8 merge because of that possible regression in samba upstream (https://bugzilla.samba.org/show_bug.cgi?id=13486)
<ubottu> bugzilla.samba.org bug 13486 in File services "CIFS guest connection can't read back file it just created in mode 0600" [Normal,New]
<ahasenack> rbasak: libldb is a sync from debian, it's in the migration queue probably because of an auto-sync
<ahasenack> it's a library, used by others (like sssd)
<ahasenack> if we want to get that into cosmig (by we, I mean ubuntu), we should unblock it soon
<ahasenack> one way would be to just upload a no-change samba pkg, the one in cosmic currently
<ahasenack> I don't know how long it will take to upstream comment on that bug, so far only debian has
<ahasenack> I pinged #ubuntu-devel yesterday, no response
<rbasak> ahasenack: I think a no change rebuild of samba is reasonable to unblock ldb, regardless of the status of an upcoming merge.
<ahasenack> right
<rbasak> ahasenack: separately I trust your judgement on whether a merge is appropriate now or you want to wait for the upstream regression to be fixed.
<ahasenack> I would like to have upstream at least comment
<ahasenack> "yes, it's a bug" or "no, you are holding it wrong"
<ahasenack> rbasak: how should I proceed with a no change rebuild? Add a changelog entry with a "build1" suffix and request sponsorship?
<ahasenack> or is there a script for that
<rbasak> dch has a switch for it that should help
<ahasenack> do we need an mp for that?
<ahasenack> (I can't upload samba, if that hasn't become clear yet ;)
<rbasak> It'd be a debdiff or an MP. I don't mind which since it'll only be a change to debian/changelog so the resulting commit willl be basically the same whether we use an upload tag or not.
<ahasenack> from 4.7.6+dfsg~ubuntu-0ubuntu2 to 4.7.6+dfsg~ubuntu-0ubuntu2build1, does that look correct? dch --rebuild didn't add build1 but instead bumped 0ubuntu2 to 0ubuntu3
<rbasak> Bumping 0ubuntu2 to 0ubuntu3 is correct
<rbasak> We only add build1 when in sync with Debian
<ahasenack> ah, ok
<ahasenack> rbasak: switching topics, I was looking at an exim4 merge, that normally christian handles
<ahasenack> rbasak: our only delta is a patch to add the distribution name ("Ubuntu") to the smtp banner
<ahasenack> rbasak: I didn't find evidence of that having ever been submitted to debian
<ahasenack> rbasak: and the patch is as such that it will work with debian as well, just adding "Debian" to the banner
<ahasenack> rbasak: do you know of some history behind this? Would debian oppose to such a change (advertise that the service is running on a debian box)?
<ahasenack> "220 sid-exim4 ESMTP Exim 4.91 Debian Tue, 03 Jul 2018 13:03:03 +0000"
<rbasak> I believe it's down to individual Debian maintainers. I think Debian took a similar change to squid3 from us, for example.
<ahasenack> ok, I'll try to send it to them
<ahasenack> Yolanda made that one, back in 2013
<ahasenack> rbasak: and launchpad's diff got nuts again
<ahasenack> https://code.launchpad.net/~ahasenack/ubuntu/+source/samba/+git/samba/+merge/348888
<rbasak> ack
<supercool> Hello guys!
<supercool> Could someone help me to run the apt-get update command please?
<blackflow> !ask | supercool
<ubottu> supercool: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<compdoc> whats the problem?
<supercool> When I run it it seems a old app has a invalid signature or something. I just want to restart it from scratch
<ahasenack> rbasak: in a dep3 header, can Forwarded be used to indicate the patch has been forwarded to debian as well, or just to upstream?
<compdoc> if you have 16.04 or newer, use apt, not apt-get
<compdoc> disable that repo then
<supercool> how do I disable a repo?
<ahasenack> supercool: better to show the error. It might just be an outdated mirror
<supercool> It is not a official ubuntu mirror, it is related to a app I did install
<supercool> I did already remove the sources.list fine
<supercool> file*
<ahasenack> you removed sources.list?
<ahasenack> not sources.list.d/<someotherfile>?
<ahasenack> or just a line from sources.list?
<compdoc> just needed to edit it
<rbasak> ahasenack: I don't think dep3 has considered that case for derivatives, so "undefined" maybe? I think it makes sense to use the header multiple times, once for each place it has been forwarded, including Debian (for us).
<ahasenack> rbasak: yeah, I would like to record somewhere that I forwarded the patch to debian
<supercool> Alright. Let me see it this file is listed.
<rbasak> ahasenack: essentially I'm unilaterally extending dep3 using the existing pattern in the spec set for Author.
<rbasak> ahasenack: another established way is to file the bug in Debian and then include "Closes: #XXX" in your changelog entry. You can do both.
<ahasenack> rbasak: I'll stick with the salsa mp, let's see how it works out
<ahasenack> I think the intent is clear
<ahasenack> and I rather deal with salsa's interface than bugs.debian.org ;)
<supercool> ahasenack: where do I locate sources.list.d ? The dir I removed was /var/lib/apt/lists
<ahasenack> supercool: it's just a subdirectory of /etc/apt
<supercool> Checking
<ahasenack> supercool: to add a new repository, one can add a line to /etc/apt/sources.list, or a new file inside /etc/apt/sources.list.d/
<ahasenack> add-apt-repository, for example, adds a file to /etc/apt/sources.list.d/ instead of a new line to /etc/apt/sources.list
<supercool> And to remove it perhaps one can remove a line from /etc/apt/sources.list,
<supercool> I think I get it ahasenack. There was some files into /etc/apt/source.list.d
<supercool> Thank you a lot!
<ahasenack> cool
<coreycb> jamespage: i'm working on some keepalived backports for LP: 1744062
<ubottu> Launchpad bug 1744062 in neutron (Ubuntu Bionic) "L3 HA: multiple agents are active at the same time" [High,Triaged] https://launchpad.net/bugs/1744062
<coreycb> jamespage: are you ok with backporting keepalived to ocata and pike cloud archives? to fix this in xenial would be non-trivial.
<jamespage> coreycb: what does the version bump look like?
<coreycb> jamespage: xenial is 1.2.19 and ocata/pike would be 1.3.2
<ahasenack> rbasak: do we need to wait a bit more? https://pastebin.ubuntu.com/p/qbryPBpXCv/
<ahasenack> I bet that output is left as is just to serve as a test for core-dev applicants :)
<rbasak> ahasenack: :)
<rbasak> ahasenack: looks like it migrated now?
<ahasenack> let me check
<ahasenack> rbasak: indeed. Odd, I didn't get the bugs ahhh, ok, the bugs being closed were tied to my 4.8 merge
<ahasenack> rbasak: cool, it did migrate, thanks
<eriswans> From #ubuntu: Where should I have been watching to find out in advance about the change to automatically install the ssm agent snap in the Xenial AMIs owned by Canonical, when earlier Canonical-owned Xenial AMIs did not?
<nacc> dpb1: Odd_Bloke --^ ?
<ahasenack> does he mean snapd, or an actual snap called ssm?
<eriswans> the amazon-ssm-agent snap
<ahasenack> no idea what that is
<nacc> ahasenack:  a specific snap --^
<eriswans> I only found out about it being installed (with no change to my cloud-init data) because of a monitoring freakout on newly-created instances panicking about there being no space or inodes free in the snap filesystem.
<nacc> :cough: that's a buggy monitor :)
<sarnold> useful thuogh :)
<eriswans> ami-759bc50a (ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20180627) automatically installed it; previous versions did not
<Odd_Bloke> eriswans: o/
<nacc> Odd_Bloke: thanks :)
<ahasenack> https://snapcraft.io/amazon-ssm-agent
<eriswans> This wouldn't have been problematic if it was something introduced in 18.04, but it's a very surprisng change to see made to canonical-provided amis of an lts release.
<Odd_Bloke> Adding amazon-ssm-agent was a change to the image requested by Amazon; it enables a number of their solutions to work seamlessly on top of Ubuntu.  We worked with them to ensure that it is inert unless there is specific metadata that indicates it should do something (which would only be present if you were using one of the services that require it).
<Odd_Bloke> eriswans: Sorry that it ended up causing that monitoring problem for you; other than that sort of fallout, it's a fairly minor addition to the image, so I'm not sure that we really communicated it out.
<Odd_Bloke> We should do a better job of that in the future.
<eriswans> It's not just monitoring, it silently broke a pattern for immutable-for-security-reasons instances (cloud-init turns off sshd and disables cloud-init from ever running user data again)
<sdeziel> snap's ro loopback mounts being 100% used also tripped our monitoring ;)
<eriswans> It's a good change, but IMO disastrous to add to an LTS release after that release
<sdeziel> the fix was simply to ignore squashfs mounts
<eriswans> Yeah, I've already fixed our monitoring, but this is still a dizzying, trust-destroying experience to learn that it's not safe to automatically grab the latest canonical-provided ami for an lts.
<Odd_Bloke> In cloud environments, we have to find a position between the immutable LTS release and keeping up with the cloud platform so people can continue using Ubuntu on top of it effectively.
<eriswans> My expectation is, well was, that a new ami in an lts will never be sufficiently different than grabbing the original ami for an lts and having the user data do an automatic dist-upgrade.
<Odd_Bloke> And, as I mentioned, we worked with Amazon to ensure that the installed daemon will be inert unless specifically required by services that users have opted-in to.
<eriswans> The security impact is that it provides a way around what was previously a reasonable way to ensure that once launched an instance wont' accept arbitrary administrative commands even from someone with access to the aws account.
<Odd_Bloke> The dist-upgrade thing almost always holds true; this was an exceptional case because of the new platform requirement.
<eriswans> It's not unlike sshd going from off by default to on by default mid-lts
<Odd_Bloke> They are different categories of risk IMO, but I do accept your point.
<eriswans> Is there at least a flag i can add to the user data to prevent it from being installed (stopping after starting isn't good enough), or is the snap baked into the ami?
<_KaszpiR_> make your own custom ami without it?
<Odd_Bloke> The snap is preseeded, which means it's put in to place on first boot.
<Odd_Bloke> So I don't think a `snap remove amazon-ssm-agent` would be sufficient, as it would have to be installed (and started) for that to possibly work.
<Odd_Bloke> Let me try a couple of things.
<eriswans> Is it correct that the snap being pre-seeded would mean that it'll start whenever systemd starts the snap stuff up? (Sorry, I'm not familiar with snaps.) With that in turn implying that unless the snap services are somehow default-disabled and turned on by/*after* cloudinit, there'd always be a race?
<Odd_Bloke> Yep, when snapd starts up, it will install the snaps that are preseeded in the image.
<eriswans> Thanks for the clarification.
<Odd_Bloke> user-data explicitly runs _after_ seeding is complete, so that preseeded applications are available to user-data.
<Odd_Bloke> (Not particularly necessary in the amazon-ssm-agent case, but for snaps that install a CLI tool it's handy to actually be able to use them. :)
<Ubu-1604> hello :)
<compdoc> yur old
<Ubu-1604> compdoc: well true ... I still use 5 1/4 floppy disks :)
<Odd_Bloke> eriswans: http://paste.ubuntu.com/p/dCCprfCqBp/ removes the seed configuration, so amazon-ssm-agent will never be installed.
<sarnold> handy, thanks
<_KaszpiR_> rm -f  rahter
<powersj> there was a command that would draw an topology of your system, can't recall it
<powersj> hwloc-ls does a picture, but I thought i recalled an ascii one as well
<sarnold> lstopo
<Odd_Bloke> _KaszpiR_: Right.
<eriswans> @Odd_Bloke thanks for that
<powersj> sarnold: thanks that is it, but I guess it is the same as hwloc-ls
<sarnold> powersj: oh :)
<sarnold> powersj: I was using lstopo --of console and lstopo --of ascii the other day..
<sarnold> ascii is surprising
<powersj> hah wow
<Odd_Bloke> eriswans: Happy I could help!
<_KaszpiR_> whoa so many years in linux and haven't seen that command
<npgm> I'm looking for a text/cli based network management tool that knows about linux network namespaces. 18.04's netplan has no notion of network namespaces. I need a configuration that will allow me to define the namespaces and the associated interfaces and have this persist on restart.
<npgm> is my only option to write raw ip commands in a bash script or something?
<sdeziel> npgm: I'd look into "lxc network"
<npgm> will look - but to be clear I'm not using any containers
<sdeziel> npgm: yeah, it's not a perfect match to what you need but you can use lxc defined network without using lxc containers
<npgm> got it
<sdeziel> hmm, not sure that will fit the bill though because the created networks are in the host context, sorry
<npgm> so I am running a binary with `ip netns exec` under a certain namespace. At that point how far off is this from just being an lxc container?
<npgm> I guess my issue is I know the exact ip configuration that I want, I just want to be able to write it down in a file that will be loaded on startup, so not terribly interested in writing some container file for this.
<sarnold> npgm: please file a bug report against the netplan/nplan package, describing what you want, I have to imagine that we'd like to cover it in the future
<sarnold> npgm: but you'll probably have best success most quickly just doing it by hand.
<npgm> sarnold: how do you suggest doing that? i.e. whats the best way to manage raw `ip` commands?
<sarnold> npgm: you could probably still install and use ifupdown and use /etc/network/interfaces
<npgm> sarnold: oh, does that support namespaces?
<sarnold> not that I know of, but it provides a place fo ryou to put all the ip commands that you want..
<npgm> I see, I'll look into that. Thank you
<sdeziel> some scriptability should be possible with netplan: https://netplan.io/faq#use-pre-up-post-up-etc-hook-scripts
#ubuntu-server 2018-07-04
<jamespage> coreycb: hey - have you seen anything like this - https://launchpadlibrarian.net/377079438/buildlog_ubuntu-cosmic-amd64.horizon_3%3A14.0.0~b2-0ubuntu2~ubuntu18.10.1~ppa201807040545_BUILDING.txt.gz
<jamespage> for the life of me I can't see why those py3 package install failures are happening
<jamespage> coreycb: hmm that's a py3.7issue
<jamespage> coreycb: reference - https://github.com/pypa/pipenv/issues/956
<jamespage> that impacts
<jamespage> https://www.irccloud.com/pastebin/wpe16Y9V/
<jamespage> hurrah
<lordievader> Good morning
<manticorpus> Hello, I want your advice about one serie of operations :
<manticorpus> 1. I create one tar file (with medium size files like ~50mo)
<manticorpus> 2. A rsync process come and download the tar
<manticorpus> 3. The rsync process remove the file
<manticorpus> I want to be sure the tar is completly write before the step 2 is done. Any advice ?
<manticorpus> Justice: You need to do special rules for that, generally I follow this guide : https://www.thomas-krenn.com/en/wiki/Two_Default_Gateways_on_One_System
<lordievader> Create a script who does those steps sequentially?
<manticorpus> The rsync process is not in my control, it's a client of my server
<manticorpus> My best guess is that mv is atomic. So I create my tar in another directory and do a mv action
<blackflow> manticorpus: yes, that's usually how such atomic ops are done. don't even have to be another dir, could be the same with a different name. eg.    .tmp_somename.tar   that you rename to   somename.tar     keep in mind, if you create it somewhere else, that you're still on teh same filesystem, otherwise mv will take much longer because it has to copy, not just rename.
<manticorpus> blackflow: Thank you, as the rsync take all the dir I will do in another dir. Thanks you for your feedback
<blackflow> manticorpus: just make sure it's on the same filesystem, or at least know what the consequences are if it's not.
<coreycb> jamespage: i hadn't seen those issues yet but i think py3.7 just came out. i can dig into that tomorrow.
<manticorpus> blackflow: It's thank you
<Gargoyle> OK. I've run out of Google Foo. I'm lost in a proxy terminology maze of transparent, forward, reverse, anonymous, ssl_bump, intercept... and on and on.
<Gargoyle> What I am trying to do is enable certain https requests from servers in a autoscale cluster to go out via a proxy server so that the receiving end gets the request from 1 or 2 fixed IP addresses and not all the random ephemeral ones that the autoscaling servers will have.
<Gargoyle> I'm not looking to intercept and decrypt, MITM style - I just want the destination to get the proxy server IPs.
<blackflow> Gargoyle: maybe with a tcp proxy? irrc nginx can do that too
<blackflow> *iirc
<sdeziel> Gargoyle: haproxy can do that too
<Gargoyle> I think that's what I'm going to have to do. I hit a bit of a wall with nginx and streams, so I've tried squid but that seems to focus around intercepting.
<blackflow> Gargoyle: what kind of wall? What was the problem with nginx?
<sdeziel> Gargoyle: haproxy can be easily configured to terminate TCP or TLS or HTTP(S) and then hit a list of backends using TCP or TLS or HTTP(S)
<Gargoyle> blackflow: Most likley me going code-blind. going to retry.
<Gargoyle> sdeziel: Not looking to terminate the ssl - just the opposite.
<sdeziel> Gargoyle: then operate in TCP mode and it will be load balanced between healthy backend
<sdeziel> s/backend/backends/
<sdeziel> Gargoyle: haproxy is nice because it supports doing fancy health checks on the backends. IIRC, the same requires NGINX Plus
<Gargoyle> not doing reverse proxying. doing forward proxying - don't know what the destination is.
<Gargoyle> So it will be requests to external apis like google, etc.
<Gargoyle> back to nginx... vagrant destroy, vagrant up for about the 50th time already today! :P
<blackflow> consider also some iptables routing magick on the "proxy node"
<blackflow> s/routing/NAT/
<Gargoyle> How would that work, blackflow. I originally came up with a NAT solution which required updating routing tables for the destination IP addresses so that traffic went out via the NAT box. Hit a hurdle with one of the 3rd parties not having fixed IP addresses.
<sdeziel> Gargoyle: oh, sorry, I missed the forward part
<Gargoyle> sdeziel: No worries - it's a bit of a oddball problem!
<ahasenack> morning
<blackflow> Gargoyle: depends on your network layout, whether you have some wan/lan boundary through a router, or if you just have to solve it at the dns level, designating a "proxy node"'s IP for all outbound domains, then it should be relatively straightforward to NAT, on that node, between LAN subnet and   ! LAN subnet
<Gargoyle> OK. So I think nginx is working now... X-)
<blackflow> :)
<Gargoyle> I had missed the "resolver" directive...
<Gargoyle> https://gist.github.com/gargoyle/851b8628099307581485e181cd5898c0
<Gargoyle> TIL: nginx only does dns lookups on start/restart/reload
<blackflow> huh, TIL ssl_preread
<Gargoyle> Unless you have "resolver"
<Gargoyle> Yeah... grabs the host from the SNI header.
<blackflow> yah
<blackflow> but eh.... 8.8.8.8?   eeeew. :)
<Gargoyle> he he. It's easy to remember though. :D
<Gargoyle> 1.1.1.1 ?
<sdeziel> Gargoyle: beware that nginx's DNS resolver is vulnerable to DNS poisoning so you may want to use a closer resolver
<blackflow> Gargoyle: I was hinting at "run your own caching resolver " :)
<Gargoyle> Good to know, thanks.
<blackflow> Bind9 works for me nicely, though Unbound is not bad either. Supposedly less vulnerable, but I suspect it's just a consequence of it being used less (and attempted against less)
<RoyK> blackflow: and 8.8.4.4
<blackflow> RoyK: hmm?
<Ubu-1604> question : I was wondering about the SIZE of my 'snap' directories that have been made, this notepad program I am using seems to have made 3 snaps now (60 Meg each), and I was wondering can I delete these .. they all show to be 100% full.
<Ubu-1604> guess I'll just try the unmount and remove the older snaps :)
<Gargoyle> So I've pinged server.xyz and got 1.2.3.4 - great. But now I have added 4.5.6.7 server.xyz to /etc/hosts but I am still pinging the old IP address. systemd-resolver --flush-caches doesn't seem to do anything (18.04) any ideas?
<Ubu-1604> Gargoyle: could try disconnect / reconnect to the net ... or even a full reboot .. at least in windowz the dns cache is loaded and the real only way to reload is is a reboot (works best) or try disconnect/reconnect.
<Ubu-1604> Gargoyle: or stop/start the dns service .. just a thought.
<Gargoyle> But this is linux!
<Gargoyle> There is no separate service - i think it's all systemd
<Ubu-1604> Gargoyle: ya I know .. I was njust trying to impress upon you that this dns cache is sometimes hard to FORCE to reload itself.
<blackflow> one more reason to ditch it.
<Ubu-1604> sorry I asked my snap question in the wrong channel ;)
<mystic> i installed wine but it wont run
<ahasenack> rbasak: for tomorrow likely, could you please check if the importer is still running? I'm seeing sssd is behind debian:
<ahasenack> https://code.launchpad.net/~usd-import-team/ubuntu/+source/sssd/+git/sssd/+ref/debian/sid is 1.16.1-1
<ahasenack> but rmadison shows 1.16.2-1 to be in debian's testing and unstable
<ahasenack> http://reqorts.qa.ubuntu.com/reports/ubuntu-server/merges.html agrees that sssd 1.16.2-1 has been uploaded on jun 27th
<ahasenack> rbasak: I also don't see ubuntu/devel updated with our recent samba upload, that no-change rebuild one
#ubuntu-server 2018-07-05
<lordievader> Good morning
<jamespage> coreycb: working through the py37/async syntax failures
<jamespage> most upstreams have commits at least so generally picking those
<coreycb> jamespage: great, thanks
<ahasenack> rbasak: hi, good morning, did you see my ping about the git-ubuntu importer being apparently stuck?
<rbasak> Yes
<rbasak> The experimental deployment environment had died.
<rbasak> I intend on restoring it this afternoon
<ahasenack> ok
<ahasenack> rbasak: I have a salsa merge request to add dep8 tests to the krb5 package. This package is currently a sync in ubuntu
<ahasenack> rbasak: no response from salsa yet
<ahasenack> rbasak: should I keep waiting, or is it worth it to add a delta because of dep8?
<ahasenack> rbasak: https://salsa.debian.org/debian/krb5/merge_requests/2
<rbasak> ahasenack: good job with the tests. I think it's fine to add a delta. Though does the slapd-gssapi test perhaps belong in the openldap side source package?
<ahasenack> rbasak: it's testing mostly gssapi, not ldap
<ahasenack> since the only call I'm making is ldapwhoami
<ahasenack> I'm not even seting up an ldap "database"
<rbasak> Sure it's testing mostly gssapi, but really isn't it openldap's gssapi implmentation that's being tested here? Anyway, it's clearly subjective :)
<ahasenack> no, it's also testing cyrus-sasl
<ahasenack> kerberos is used also for services, not just people
<ahasenack> so any service I pick could have this argument
<ahasenack> it's testing both
<ahasenack> but I'm sticking to authentication when talking to this other service, that's where I think the separation lies
<ahasenack> if I had been exercising slapd acls with this authentication and authorization, then it would belong in the slapd package, for example
<ahasenack> for slapd dep8 tests I have other ideas, much more ldap cnetric
<ahasenack> centric*
<rbasak> I appreciate it's sort of "in the middle" so which end is very much opinion. Let's see if the Debian maintainer accepts it :)
<ahasenack> rbasak: there is one argument in your favor, though. If there is a related bug in the slapd package, the krb5 dep8 tests will fail
<ahasenack> rbasak: but so will apache2 tests if openssl has a bug, for example
<ahasenack> if, say, slapd gets a bug like the current mariadb one, where it's not running after installation, the krb5 dep8 tests could fail because of that
<mattk> Is the ntp package missing from the 18.04 server ISO on purpose? I have some Packer builds that don't reach out to the Internet, and they're failing b/c that package is missing from the install media.
<mattk> It's easy enough to fix on my end, but wondering if it'll be back in the 18.04.1 server ISO.
<mattk> I based my build off of this preseed.cfg, and it's works for 14.04 and 16.04:
<mattk> https://github.com/boxcutter/ubuntu/blob/master/http/preseed.cfg
<rbasak> mattk: on purpose. ntp has been demoted to universe in 18.04 in favour of chrony.
<rbasak> mattk: https://wiki.ubuntu.com/BionicBeaver/ReleaseNotes#Chrony
<mattk> ahhh, good to know. And thanks for the pointer! rtfm ;)
<coreycb> jamespage: comparing neutron-lbaas and neutron-fwaas. why do you have python(3)-neutron-fwaas -> neutron-fwaas-common and neutron-lbaas-common -> python(3)-neutron-lbaas? i thought the plan was to do the former but maybe i'm missing something.
<paulbarker> Hi, I'm trying to bring up a bridge without any external interfaces (for containers to use) on Ubuntu 18.04, I have the following in /etc/netplan/01-netcfg.yaml: https://pastebin.com/0S9hqZ95
<paulbarker> After running `netplan generate && netplan apply` and looking at the ouput of `ip addr` I have a new lxdbr0 interface but it's not fully up: https://pastebin.com/mGXQZ2Pm
<paulbarker> I've done some googling but can't find much info on how to set up an "isolated", "private" or "internal" bridge (those are the terms I've searched for as that's what I'd call it)
<paulbarker> Anyone got any ideas?
<cyphermox> paulbarker: you can't bring an bridge with no member interfaces up right now with netplan, some config is missing from the generated systemd config
<cyphermox> (I'm working on fixing this)
<cyphermox> I think dja wrote down exactly what you need to do to make it work, if I can find the blog post again
<paulbarker> Ok. I'm only trying to set this up in netplan manually due to problems with lxd's managed interfaces
<cyphermox> right
<compdoc> I use bridges for kvm guests, and i found in 18.04, kvm wont see bridges created in netplan
<compdoc> paulbarker ^
<paulbarker> Even with "ipv4.firewall", "ipv4.nat", "ipv6.firewall" and "ipv6.nat" set to false in my lxd network config it's still injecting iptables rules
<cyphermox> it's top of my list for stuff in netplan, I'm getting to that today
<cyphermox> compdoc: you mean libvirt? we fixed this recently
<paulbarker> My actual end goal is using lxd + nftables instead of lxd + iptables
<compdoc> but if you create the interfaces in netplan, and the bridges in /etc/network/insterfaces, kvm will see them and use them
<compdoc> *interfaces
<cyphermox> compdoc: yes, but this is unrelated to what we're talking about here
<cyphermox> (and we fixed it, at least in bionic)
<paulbarker> compdoc: From what I've seen other people post online, lxd should be able to see those interfaces if netplan brings them up correctly
<compdoc> try it. create the bridge the old way
<paulbarker> cyphermox: I'll be a happy guinea pig to test any fix for this when you have one out
<compdoc> i figure kvm will catch up to netplan eventually
<paulbarker> compdoc: What's the "old way"? Purge netplan and move back to ifupdown?
<cyphermox> paulbarker: what compdoc is suggesting (using ifupdown) will work for now (though not for the same reason as it does anything for libvirt/kvm)
<cyphermox> you don't need to purge netplan for that
<paulbarker> I did that when Ubuntu 18.04 came up but figured it was time to move to the new stuff
<cyphermox> but there's another way too, you can add an extra file to /etc/systemd/network
<paulbarker> Manually messing with systemd-networkd configuration is not something I ever want to do
<paulbarker> Happy to learn one new config language (netplan) but not 2
<blackflow> jackie_chan_meme.jpg
<cyphermox> paulbarker: you should be able to copy /run/systemd/network/00-netplan-lxdbr0.network to /etc/systemd/network/00-netplan-lxdbr0.network, and add to it "ConfigureWithoutCarrier=true" under the [Network]  block.
<cyphermox> paulbarker: that's your alternative, if you don't want to use ifupdown instead for now
<paulbarker> cyphermox: Do I then remove it from the netplan config for now?
<cyphermox> or you'll have to wait until I put up the fix on my ppa or upload it to the archive
<cyphermox> don't need to, but you can if you wish
<paulbarker> I'd rather not throw everything out and move back to ifupdown when I've got almost everything working now with netplan
<paulbarker> So will give that a go for now
<cyphermox> it's not throwing everything out
<cyphermox> on a new install of 18.04, you don't have ifupdown, but you don't need to remove netplan to use it
<cyphermox> both can coexist fine if you don't try to configure the same device in both :)
<cyphermox> OTOH, what I suggested for systemd-networkd is essentially the fix that will be implemented in netplan's generator, just it will be written in the file under /run (which doesn't help you here, if you don't want to write it yourself every time you reboot)
<paulbarker> Living in a world of multiple admins here, having both a netplan config and a network interfaces file on the same server is just inviting others to accidentally break it
<blackflow> indeedy. less conflicting layers the better.
<paulbarker> I'll do the systemd-networkd config fix for now as it's easy to then back that out when you've got a fix out
<blackflow> since netplan is only creating networkd config and not itself doing any networking API, you can do both netplan and throw in a separate .network file for the bridge
<cyphermox> paulbarker: I'm a bit surprised you didn't just let lxd handle things, it usually does the bridges just fine itself
<paulbarker> cyphermox: Even with "ipv4.firewall", "ipv4.nat", "ipv6.firewall" and "ipv6.nat" set to false in my lxd network config it's still injecting iptables rules
<paulbarker> That causes the iptable_nat kernel module to be loaded which prevents me from using nftables (as the modules conflict)
<cyphermox> ok
<blackflow> are nftables even ready for prime time yet?
<cyphermox> paulbarker: then, please also file a bug for lxd so stgraber can potentially fix this
<paulbarker> cyphermox: Already done. Also happy to help testing a fix for that
<cyphermox> I'm reasonably sure if you set ipv4.firewall=fasle and whatnot, you shouldn't still get stuff injected in iptables :)
<cyphermox> paulbarker: ok
<paulbarker> https://github.com/lxc/lxd/issues/4739
<cyphermox> paulbarker: great
<paulbarker> It's still injecting the rule for automatic checksum generation
<paulbarker> blackflow: As long as you're running a recent kernel, nftables should be pretty stable now
<blackflow> neat, I might start toying with then.
<paulbarker> I'm currently loving the ability to split my rules file using "Include" directives but still get atomic switchover to a new ruleset
<paulbarker> Never found how to do something like that with iptables
<blackflow> paulbarker: different files you use for iptables-restore? with the flush directive available, the replacement should be atomic, no?
<paulbarker> Yea you can do atomic replacement with iptables-restore but not with the rules split into multiple files
<paulbarker> I'm using ansible to push configurations to a bunch of servers and have never got on well with the ansible iptables module.
<sdeziel> paulbarker: I use something along those lines: cat /etc/iptables/*.snippets | iptables-restore
<paulbarker> sdezial: Yea, I could put together a script to do that and then write a systemd unit file for it I suppose
<paulbarker> But with nftables that's built-in and I can use the existing nftables service
<paulbarker> I have `include "/etc/nftables.d/*.conf` in my /etc/nftables.conf file and it works really well
<blackflow> paulbarker: check out iptables-persistent and netfilter-persistent packages (the former being a plugin for netfilter), it already comes with a service.
<paulbarker> blackflow: Don't need either and iptables-persistent just calls iptables-restore which doesn't support includes
<blackflow> why do you need includes if you use ansible? just combine one file from multiple files
<paulbarker> The fragments are split across different roles. Yes I can mash it all together using templates in ansible but that's more of a mess
<paulbarker> As usual there's 20 ways to solve the problem depending on personal taste
<blackflow> no, you can have one role or action run at the end that takes all the files other roles placed into /etc/my-iptables-fragments.d/, creates a single file out of them and has a change handler that feeds it to iptables-restore if they're changed ;)
<paulbarker> blackflow: That would work. But I still want to play with the new shiny nftables :p
<blackflow> oh, sure :) I just mean it's more than possible to achieve that with iptables, if you want.
<jamespage> coreycb: most pkgs with agents ave the dep common -> py
<jamespage> not py->common
<jamespage> we should switcharoo
<coreycb> jamespage: ok so everything should switch to py->common, even pkgs with agents.
#ubuntu-server 2018-07-06
<rbasak> ahasenack: git-ubuntu imports are caught up now, excepting the imports that still error (eg. most Python related things).
<rbasak> Fixing those is next for me I think.
<lordievader> Good morning
<Syco> Hi, I'm having an issue with the latest ubuntu server 18.04. I created a few vm in virtualbox and then cloned them with different mac address. Inside the vm I can see (with ip a or ifconfig) that the mac address changed accordingly. But they still get the same ip from the dhcp server. All the methods I new don't work anymore. Any help understanding this new system? Thanks
<ahasenack> rbasak: ok
<ahasenack> Syco: if you cloned, it's likely the dhcp client is requesting the same ip from the server, regardless of the mac address
<ahasenack> Syco: the client stores a cache of the ip it was using
<ahasenack> Syco: that being said, the server shouldn't hand out that ip to multiple computers, regardless of what they ask for
<ahasenack> it's just an initial hint the dhcp client uses: "hey, I'd like an IP, I was using this one before, could I get it again?" of sort
<l4m8d4> Hello, is it possible in server 18.04 to use netplan to automatically assign a network interface to another namespace?
<ahasenack> l4m8d4: I don't know, but can you try asking in #netplan?
 * ageoffire go to way`s
<baldpope> is there a pre-compiled tickless kernel?
<sdeziel> baldpope: not sure about tickless but have you checked "grep HZ /boot/config-$(uname -r)" ?
<baldpope> CONFIG_NO_HZ=y ; so with that I should be able to pass kernel command line option in?
<sdeziel> baldpope: I don't know, I always assumed that nothing special needed to be done for this to take effect
<baldpope> thanks sdeziel - maybe kernel is already set and I just need to add some cli options to boo
<sdeziel> baldpope: OK, if you find a boot args that's needed, I'd be curious to know which
<blackflow> baldpope: afaik all modern kernels are tickless by default
<baldpope> blackflow: is that true? I didn't know that
<blackflow> lemme find the kernel docs on that
<blackflow> I think it's this: https://www.kernel.org/doc/Documentation/timers/NO_HZ.txt
<baldpope> https://pastebin.com/4ePfFByb
<blackflow> right, so check that doc what exactly is happening here, due to NO_HZ and NO_HZ_IDLE being enabled
<coreycb> jamespage: i'm going to do the py3.7 update for python-oslo.db, unless you have that in progress?
<jamespage> coreycb: nope
<jamespage> I've uploaded thethree I did yesterday a
<jamespage> m
<coreycb> jamespage: ok oslo.db is uploaded
<jamespage> coreycb: I nearly have horizon done...
<jamespage> so close...
<coreycb> jamespage: yay :)
<Ubu-1604> i'm trying to upgrade this irc client .. sorry for the quit/connect .. almost done...
<Ubu-1604> all done :)
<Serverbeginner> Hi all. Do you know what's with Ubuntu Server's admin GUI, Landscape's install ? apt install landscape-server-quickstart is not found in the repository so the instructions told on Ubuntu and Landscape specific official sites don't seem to work for 18.04
<Serverbeginner> update, repo-s are all ok, no errors.
<Serverbeginner> Except I had to use in "sudo add-apt-repository ppa:landscape/17.03" 18.03 instead, because for 17.03 there's a repo error message (an ip not found or similar..)
<Serverbeginner> So the website of Ubuntu and Landscape might need some refresh and/or actualization, maybe updating the command to 18.03 OR making a note below with read that Landscape isn't available for 18.04 LTS yet ..
<Serverbeginner> *red
<genii> Serverbeginner: According to https://help.landscape.canonical.com/?action=show&redirect=LDS not available for 18.04 yet
<Serverbeginner> Sh_it, as a newcomer to Ubuntu Server none of the sites told me this nice fact _BEFORE_ downloading and installing 18.04. Anyway, thanks. Time to reinstall then. :/
 * tomreyn didnt even know this domain name exists
#ubuntu-server 2018-07-07
<precise> Hey guys, anyone in here heavily into Landscape? I'm spinning it up in my homelab now and am wondering how you guys like it? What are some cool ways you've used it that may not be exactly documented processes? Anything I should know? Weak points?
<tomreyn> precise: is this "precise" as in "ubuntu precise (12.04)"? if so, this is EOL.
 * tomreyn can't comment on landscape, though
<precise> tomreyn: hush you lol
<sarnold> that must be rough to find out you've hit EOL, on irc no less..
<precise> But yes, made this nick when troubleshooting a precise install :P
<precise> lol
<sarnold> can I offer you an egg in these trying times?
<precise> Do you have any tinfoil?
 * sarnold tears off a bit of his hat to share
<precise> I haven't upgraded from precise because the NSA infiltrated Canonical after that version
 * precise puts on his little hat
<precise> So anyways, Landscape, yey or neigh?
<sarnold> I used a personal key on a system with canonical hosting for a little while, but it didn't feel particularly useful with just two or three machines
<sarnold> maas looked pretty cool on this video https://www.youtube.com/watch?v=RnBu7t2wD4U
<sarnold> but I have to admit I've not tried it myself
<precise> Yeah, I'm doing the 10 machine limit, but my homelab is almost all Ubuntu
<precise> Xenial and Bionic mainly
<precise> I'm sick and damn tired of managing each server, setting ssh configs, etc etc.
<precise> I'm rolling out Ansible or another similar tool soon too
<precise> Automate all da things
 * precise killed the channel
<precise> F
<sarnold> it's late on a friday..
<precise> sarnold: But but... people who use IRC don't go out.....
<precise> At least that's what I tell myself, and why I'm on IRC so much..
<sarnold> too true :)
<precise> FFS, I've got a bouncer, I should just be an eternal shutin
<sarnold> but they *do* walk away from their machines to catch up on the latest ST:TNG and whatnot..
<precise> >latest
<precise> wat
<sarnold> or columbo, take your pick :)
<precise> heh
#ubuntu-server 2018-07-08
<raidghost> Trying to install Ubuntu server 18.04 LTS on my computer
<raidghost> Everything seems to go smoooth until install is finnish and been fixing grub and says its time to reboot.
<raidghost> What shows up when booting up after install is finnish is:
<raidghost> GNU GRUB Version 2.02
<raidghost> Minimal BASH-like line editing is supported.
<raidghost> For the first word, TAB lists possible command completions.
<raidghost> Anywhere else TAB lists possible device or file completions
<raidghost> Running system on 2x500GB SSD in raid 1 (where the /boot/efi partition) is not part of the raid.
<raidghost> Fat 32 partition set to 200mb
<Guest84> Guys anyone know how could I build myself ip to country and city database to be not dependeent from external services?
<tomreyn> Guest84: is this an ubuntu server support question? if so, please restate, since i'm not sure what you mean.
<Guest84> tomreyn I hope I could ask here..
<tomreyn> it's not clear what you are asking, though, not to me anyways.
<blackflow> Guest84: there's geoip
<blackflow> !info geoip-database
<ubottu> geoip-database (source: geoip-database): IP lookup command line tools that use the GeoIP library (country database). In component main, is standard. Version 20180315-1 (bionic), package size 2041 kB, installed size 6834 kB
<blackflow> Guest84: but I wouldn't advise you to do that. IPv4 subnets are exchanged, sold, and pretty much without geolocation until assigned to a server
<tomreyn> doh, i didnt read the question properly, sorry.
<Guest84> blackflow this package its depenedent from external database provider
<Guest84> I was wondering if I could biuld it myself and if yes how
<blackflow> Guest84: they all are. you build it by looking up geoip data and storing it locally. but that will get stale soon because, like I said, they change a lot
<tomreyn> the ip -> country assignment for ipv4 + ipv6 you could probably get from the regional internet registries, https://www.apnic.net/about-apnic/whois_search/about/what-is-in-whois/which-whois/ - but down to city scale would require cooperating with ISPs.
<Guest84> tomreyn thanks, this is what I meant
<tomreyn> Guest84: it's a huge effort, though, and (as said before) data will get stale quickly, so you'd need to have a continuous update process.
<blackflow> but whois is an external database........
<tomreyn> there's a reason why there's effectively only one or two commercial providers of such data world-wide.
<Guest84> looks like all has only web service funcionality without possibility to download database
<Guest84> blackflow i was thinking about third party providers
<Guest84> anyway thanks for help guys
<Guest84> have a good day
